Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 30, Issue 3

Full Contents Now Available!

Industry Hot News

Industry Hot News (438)

The Problem with Emails

Emails. How many do you get each day? How often do you check them? When I say “check,” I mean read. The average time spent reading an email is 11.1 seconds and only five seconds for a text. With instant communications available via texting, instant messaging and social media, email is rapidly losing its charm, particularly amongst millennials.Email still has its place in the work environment for non-urgent messages and regular communications with vendors, customers or other businesses, but is it really the most effective way to notify employees of an urgent situation? Likely not.

There are several problems with emails, such as the sheer number of them we receive each day, (an average of 88, per one study), sending and receiving isn’t always instantaneous, and there is no guarantee the receiver will take the time to open and read it. If there is a network outage, you may never get your message across as it sits in your outbox indefinitely.

When it comes to emergencies, emails simply do not convey a sense of urgency. People assume they can get to an email whenever they get the chance, and only 30 percent of them ever get read. Few emails garner the same level of attention as a text alert or similar form of communication.

...

https://www.alertmedia.com/why-you-cant-just-send-an-email/

Friday, 20 October 2017 14:42

WHY YOU CAN’T JUST SEND AN EMAIL

While MSPs do not need a reminder to practice good cybersecurity habits, we cannot always say the same for end users. That being said, National Cybersecurity Awareness Month is a great opportunity to ensure your customers are up-to-date on the latest best practices with a cybersecurity training program.

The nature of your business will dictate the specific cybersecurity training schedule you choose. However, a good start is to ensure new employees receive training as part of onboarding and all employees receive training on a regular basis. It’s important to have a formalized plan in place to keep security front of mind and keep employees informed about new threats.

Unfortunately, there’s no single product that will solve all of your cybersecurity problems. In today’s world, it takes many technologies and processes to provide comprehensive risk and security management. Total data protection requires a multi-pronged approach:

...

http://mspmentor.net/blog/how-prepare-your-customers-national-cybersecurity-awareness-month

(TNS) - Dr. Scott Witt kept close behind the ambulance carrying the newborns. On his motorcycle, he drove over and ducked under downed power lines. He swerved around embers blowing onto the highway.

Sutter Santa Rosa Regional Hospital, where Witt oversees the neonatal intensive care unit, was being evacuated Oct. 9 because of wildfires that would become the deadliest in California history.

But Witt couldn’t call the doctors who would be caring for the babies because there was no power. The physicians at the other hospital also had no way of accessing Witt’s medical records online to know what treatment was needed.

“I knew if I didn’t leave then, there would be no way I could take care of the babies,” he said.

As the blaze grew feet away, Witt tailed the ambulance through smoke and debris.

The Northern California wildfires created what some described as an unprecedented health care crisis that has served as a wake-up call in the region. Not only were two major hospitals evacuated hours into the disaster, but the chaos continued for days after.

...

http://www.govtech.com/em/disaster/Wildfires-Stressed-the-Wine-Countrys-Health-Care-System-Creating-a-Crisis-and-a-Warning-for-Future.html

It has been nearly three years since an Amazon Web Services senior executive said “Cloud is the new normal”.  Since that time, the momentum behind cloud migrations has become unstoppable as enterprises look to take advantage of the agility, scalability and cost benefits of the cloud.  

In its 2017 State of the Hybrid Cloud report, Microsoft found that 63 percent of large and midsized enterprises have already implemented a hybrid cloud environment, consisting of on-premise and public cloud infrastructures.  Cisco’s latest Global Cloud Index predicted that 92 percent of enterprise workloads will be processed in public and private cloud data centers, and just 8 percent in physical data centers, by 2020.  

So the future is cloudy, with enterprises adopting hybrid cloud strategies using services from a mix of providers.  But irrespective of the cloud services they use, or the sector in which they operate, all enterprises share common goals:  they want their business applications to deliver a quality user experience under all conditions; they want those applications to be secure and resilient; and they want them to run as efficiently as possible.

...

http://www.datacenterknowledge.com/industry-perspectives/testing-1-2-3-three-reasons-why-cloud-testing-matters

Compliance with the Health Insurance Portability and Accountability Act--or HIPAA--often keeps healthcare professionals up at night. Indeed, there is a great deal of misunderstanding and confusion on the topic.

HIPAA requires healthcare organizations to comply with specific security, privacy and breach notification rules for the storage and transmission of protected health information (PHI), including electronic data. Healthcare professionals should have a solid knowledge of HIPAA requirements. But healthcare providers who establish their own smaller practices need to understand the regulatory framework. This is important when it comes to transmitting sensitive information via email.

Many healthcare organizations are concerned about a governing body initiating a HIPAA audit. However, there are many ways that practices can come under scrutiny for email-related HIPAA compliance violations. For example, an audit can originate from a patient or an orthodontist reporting an unencrypted email, or an email server might be hacked.

...

http://mspmentor.net/blog/hipaa-compliance-101-understanding-email-security-healthcare-industry

Recommended four consecutive years by NSS Labs

HONG KONG, CHINA – The need for strong and reliable threat defense is critical to everyday operations and becomes more important as high profile attacks continue to increase. Trend Micro Incorporated (TYO: 4704) (TSE: 4704), a global leader in cybersecurity solutions, attained a perfect breach detection rating of 100 percent in the NSS Lab's Breach Detection System report. This marks the fourth consecutive year that NSS Labs has recommended Trend Micro.

A critical way to compare solution vendors is by their detection rate of evasions, an area in which five of the seven companies tested by NSS struggled. Trend Micro posted a 100 percent evasion detection rating, establishing the company in the top of the breach detection quadrant. NSS Labs results prove that Trend Micro reliably equips customers with the protection needed to keep critical data safe, and detect threats moving inbound, outbound or laterally across the network.

"The data speaks for itself, we are very proud that our customers benefit from the protection and peace of mind that come from using our solutions," said Steve Quane, executive vice president of network defense and hybrid cloud security, Trend Micro. "We remain focused on leading the industry in threat prevention, evasion protection and remediation."

CEO of NSS Labs, Inc., Vikram Phatak said, "Trend Micro's Deep Discovery achieved a 100% security effectiveness rating with the fastest time to detect attacks amongst all tested products," said Vikram Phatak, CEO of NSS Labs. "There is no question that Deep Discovery should be on the short list for everyone considering a Breach Detection solution."

With its layered security approach, Trend Micro, and specifically Deep Discovery Inspector™, has continually improved effectiveness and significantly lowered total cost of ownership. Over the last few years, costs dropped from $240 per protected Mbps to under $40 per protected Mbps on average.

The ultimate recipe for integrated advanced threat prevention calls for two essential ingredients, Deep Discovery coupled with the TippingPoint Next-Generation Intrusion Protection System. Together these protect critical data, applications, and infrastructure from known, unknown, and undisclosed attacks stemming from endpoints to data centers and networks.

To access the NSS Labs Breach Detection System report, click here.

About Trend Micro
Trend Micro Incorporated, a global leader in cyber security solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. All our products work together to seamlessly share threat intelligence and provide a connected threat defense with centralized visibility and control, enabling better, faster protection. With more than 5,000 employees in over 50 countries and the world's most advanced global threat intelligence, Trend Micro enables users to enjoy their digital lives safely. For more information, visit www.trendmicro.com.hk.

It’s a fact of business life that customers, markets, and industry commentators only see your brand, and not the suppliers who provide the materials, components, or products behind it.

Naturally, that’s what many enterprises want, so that they can build their brand image and reap the benefits of more revenues and bigger margins.

The flip side is that if a material, component, or brand is bad or if a vendor exposes your confidential business information, then people still only see your brand.

They then consider your enterprise alone to be the culprit, putting your business continuity in danger. Companies can check up on their vendors to make sure they have preventative procedures in place.

...

http://www.opscentre.com/far-back-go-business-continuity/

Don’t worry, this isn’t another one of those articles that says, “multi-cloud is coming!” We all know multi-cloud is already here, right? In fact, in its “2017 State of the Cloud” report, Rightscale found that approximately 85 percent of organizations have a multi-cloud strategy. Further, companies in the cloud are utilizing, on average, 1.8 public clouds and 2.3 private clouds.

We also know the reasons why companies have been moving to the multi-cloud model. Making use of many cloud platforms helps you avoid vendor lock-in and choose the right cloud for each app and it’s data.

One thing many companies can’t quite explain, however, is why their multi-cloud projects aren’t staying within budget. One of the major reasons to move to the cloud is the cost savings it promises, so this problem is particularly frustrating for IT departments – and budget makers.

...

http://www.datacenterknowledge.com/industry-perspectives/how-keep-your-multi-cloud-projects-budget-now-and-future

In today’s high-pressure and limited-resource environment, it’s easy for a BCM practitioner to be overrun with just managing the program and addressing external influences. Audit requests and questionnaires can pull you in all directions and before you know it, you’ve had to push back everything you planned to do that day, week or even month.

How do you address this state of things? How do you prioritize your task list?

We’ve put together a 6-step process for taking control of, organizing, and simplifying your BCM program workflow; effectively streamlining your BCM program without creating any gaps.

...

https://www.mha-it.com/2017/10/streamlining-bcm-program/

(TNS) - The morning after Hurricane Harvey struck Victoria, Texas, Councilman Jeff Bauknight started getting calls from residents. But there was a problem.

"A lot of citizens were calling," said Bauknight. "And I had no idea - I absolutely had no idea of what to tell them."

Like some Victoria residents, Bauknight was having trouble getting information after electricity and the internet crashed. After the storm, the city largely relied on Facebook to push out updates, but that became a problem for residents who didn't use social media.

...

http://www.govtech.com/em/disaster/City-Discusses-How-to-Improve-After-Harvey.html

Accumulation risk, where a single event triggers losses under multiple policies in one or more lines of insurance, is emerging in new and unforeseen ways in today’s interconnected world, says a post at Swiss Re Open Minds blog.

From Ruta Mikiskaite, casualty treaty underwriter, and Catriona Barker, claims expert UK&International Claims at Swiss Re:

“Accumulation scenarios have always been familiar in property insurance but for casualty lines of business, they have been perhaps less of an issue. However, large losses in recent years show how traditional physical perils should not be underestimated for their casualty clash potential.”

For example, Kilmore East-Kinglake bushfire, the most severe of a series of deadly wildfires in the Australian state of Victoria on Black Saturday, 7 February 2009, led to a settlement of A$500 million—the biggest class action settlement in Australian legal history.

...

http://www.iii.org/insuranceindustryblog/?p=5510

It's no secret that passwords can be stolen.

In order to maximize the security of your passwords, however, you should understand how password attacks actually occur.

Before we begin, we should note that stealing or "cracking" passwords is not the only way that attackers can gain unauthorized access to sensitive data.

...

http://mspmentor.net/security/understanding-how-passwords-are-stolen-phishing-spoofing-and-beyond

(TNS) - With the annual Great ShakeOut earthquake drill coming on Thursday, now’s a good time to ask yourself: “How’s that whole emergency preparedness thing going?”

Are you feeling twinges of guilt because you still haven’t stashed away any food, water or spare batteries? Maybe you were patting yourself on the back for your family’s three-day supply of provisions and gear — until last year’s Cascadia Rising drill made it clear that folks in Western Washington may have to survive on their own for up to two weeks after a megaquake and tsunami.

From hurricanes in Houston and Puerto Rico to deadly earthquakes in Mexico, recent disasters show how long it can take for assistance to arrive and for power, water and transportation to be restored. Victims are left to fend for themselves and help each other in the chaotic aftermath.

...

http://www.govtech.com/em/disaster/-Are-You-Ready-for-the-Big-One-Look-at-What-These-Folks-Have-Done----on-Their-Own----to-Prepare.html

Digitalization in economy and society is rapidly increasing the demand for computing power. As more data centers and server cities are necessary, operators are also challenged to cope with increased energy costs. Part 1 of this two-part series,addresses the need to offset rising costs of power consumption with a green perspective for the efficient data centers of tomorrow.

In recent years, the number of enterprises using cloud computing has steadily increased. More and more devices and sensors are connected to the internet, with their control, measurement and tuning processes digitally coordinated. According to an estimate by Gartner, about 4.9 billion connected devices exist today. Cisco experts  predict 50 billion connected devices by 2020, suggesting that the number will quadruple within the next few years. Consumers will especially use these networked devices in the "smart home" segment. For example, an empty refrigerator can automatically create a new shopping list or request the re-ordering of popular food directly in the store. Networked devices also play an increasingly important role in industry and business in order to better plan production and manufacturing processes, as well as to make them more cost- and time-efficient.

The increasing digitalization of the economy and society leads to a very high demand for computing and storage capacities. The current requirements for data protection and security demand further computing power. New technologies such as Industry 4.0, Machine Learning or Augmented Reality do not only mark the next stage of technologized life, but represent a growing need for a reliable and efficient IT infrastructure. Germany has established itself as the largest data center market in Europe and the third largest in the world, thanks to the expansion and construction of data centers. Many large data centers are concentrated mainly in the Frankfurt am Main area. One of them is e-shelter, the fifth largest data center in the world with nearly 700,00 square feet of total space. Globally, most of the large data centers are found within the U.S., in states including Illinois, Utah, Nevada, Virginia, and Iowa. 

...

http://www.datacenterknowledge.com/industry-perspectives/data-center-costs-driving-force-energy-efficiency-part-1

Think about the challenge interpreters at the United Nations undertake. First, they need to understand the concepts being communicated. Next, they translate the concepts for people who speak different languages — without coloring the information with their own perspectives. These interpreters use an “internal resource” that maps terms and concepts. In the business technology world, when we formalize or automate such a resource, we create a conceptual reference model.

Because the terms and concepts in conceptual reference models represent the “stuff of the business,” not the stuff of IT, they make sense to business stakeholders. In his recent Executive Update, Connecting Inside and Outside the Enterprise, Cutter Consortium Senior Consultant Cory Casanave makes the case that the conceptual reference model, which defines the terms and concepts used by the enterprise and the communities in which it operates, provides the foundation needed for any “connection” architecture, capability, or project. Writes Casanave:

...

http://blog.cutter.com/2017/10/17/why-bother-with-a-conceptual-reference-model/

Working on cars can be quite the challenge. If you’ve got a project car that you’re hoping to get up and running, you probably want to control every aspect of what goes into it. From the engine to the tail lights, you’re willing to tackle every project head-on without any external help.

Until you get stuck on a problem that you’re not equipped to handle.

When you hit a brick wall, you can keep trying to fix the issue by yourself – which can be extremely frustrating. Or, you have the option to take your car to a master mechanic that can easily fix the issue for you.

It’s not unlike running your company. When you need IT support, what’s your best option for support? Most businesses have two distinct choices; either hire an in-house IT support employee (the DIY fix), or partner with a managed service provider (the master mechanic).

Though both options have their own pros and cons, one comes out on top for growing organizations that want to stay ahead of the curve.

...

https://continuitycenters.com/managed-services-vs-house-comes-top/

To continue providing us with the products and services that we expect, businesses will handle increasingly large amounts of data. The security of this information is a major concern to consumers and companies alike fuelled by a number of high-profile cyberattacks.

The havoc caused by such attacks runs from celebrities embarrassed by careless photos, to the loss of medical records, to ransom threats amounting to millions that have hit even the most powerful corporations.

Where such data contains personal, financial or medical information, companies have both a moral and legal obligation to keep it safe from cybercriminals. That’s where International Standards like the ISO/IEC 27000 family come in, helping organizations manage the security of assets such as financial information, intellectual property, employee details or information entrusted to them by third parties.

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS).It’s an International Standard to which an organization can be certified, although certification is optional.

...

https://www.iso.org/news/ref2232.html

People – “Can’t live with them, can’t live without them” might be the motto for many enterprises and their chief information security officers (CISOs).

Even in the most automated of companies, human beings are still necessary to handle emergencies, think creatively, and exercise judgment.

On the other hand, when it comes to IT security, people are often their own worst enemies and by association the worst enemies of their companies too.

Here are a few bad habits that you might usefully encourage IT colleagues and other employees to change.

...

http://www.opscentre.com/bad-habits-worst-security-risk/

Tuesday, 17 October 2017 16:24

Bad Habits Are the Worst IT Security Risk

One of the most important things to understand about working and operating in a healthcare environment is that emergencies are not a question of “if” – they’re a question of “when.” Events that impact patient care, employee safety and overall operations can happen suddenly and without warning. The key to continuing operations involves the ability of doctors, nurses, staff and leadership to respond to these events as quickly and as accurately as possible.

Part of success in this regard comes down to effective crisis communication – something that the Centers for Medicare and Medicaid is already emphasizing. It considers communication to be so pivotal, in fact, that it is one of the four main pillars of the CMS’ new Conditions for Participation for Emergency Planning, which MUST be in place for many types of healthcare organizations by November of 2017.

But just the ability to communicate in an emergency is not enough on its own – you need a system in place that will guarantee that the right message gets to the right people at exactly the right time, no exceptions. When it comes to accomplishing this mission-critical goal, more and more of today’s leading healthcare providers are turning to critical emergency alerting services.

...

https://www.onsolve.com/blog/todays-leading-healthcare-providers-depend-critical-emergency-alerting-services/

You’ve convinced management to do a BIA, and now it’s time to jump in. But, wait! A proper business impact analysis requires some preparation. You don’t jump into a body of water without looking at it first and changing into swim trunks or at least taking everything out of your pockets. Otherwise, you might hit a rock or damage the phone in your pocket. The same logic applies to a BIA. Preparing for a BIA is critical to its success. 

Here, we’ll outline the prep work required to conduct a solid BIA; one that is worth your while and creates tangible results. In the following, we assume a basic understanding of the concept and components of the BIA

...

https://www.mha-it.com/2017/10/preparing-for-a-bia/

Closeup view of an eighty year old senior woman's hands as she sorts her prescription medicine.

If you read our blog on a regular basis you can probably recite the mantra “Make a kit. Have a plan. Be informed.” in your sleep. You are probably familiar with the important items you should keep in your emergency kit – water, food, a flashlight, and a battery-powered radio. What you may not think about is personalizing your kit for your unique medical needs or the needs of your family. Particularly, including prescription medications and other medical supplies in your emergency kit and plans.

As a pharmacist whose job is focused on emergency preparedness and response, I want to give you 10 pointers about how to prepare your medications for an emergency so you can decrease the risk of a life-threatening situation.infographic illustrating an emergency kit.

  1. Make a list. Keep a list of all your medications and the dosages in your emergency kit. Make sure you have the phone numbers for your doctors and pharmacies.
  2. Have your card. Keep your health insurance or prescription drug card with you at all times so your pharmacy benefits provider or health insurance plan can help you replace any medication that was lost or damaged in a disaster.
  3. Keep a record. Make copies of your current prescriptions and keep them in your emergency kit and/or go bag. You can also scan and email yourself copies, or save them in the cloud. If you can’t reach your regular doctor or your usual pharmacy is not open, this written proof of your prescriptions make it much easier for another doctor to write you a refill.
  4. Start a stockpile. During and after a disaster you may not be able to get your prescriptions refilled. Make sure you have at least 7 – 10 days of your medications and other medical supplies. Refill your prescription as soon as you are able so you can set aside a few extra days’ worth in your emergency kit to get you through a disaster.
  5. Storage matters. Keep your medications in labeled, child-proof containers in a secure place that does not experience extreme temperature changes or humidity. Don’t forget to also include nonprescription medications you might need, including pain relievers, cold or allergy medications, and antacids.
  6. Rotate the date. Don’t let the medications in your emergency supply kit expire. Check the dates at least twice every year.
  7. Prioritize critical medicines. Certain medications are more important to your health and safety than others. Prioritize your medications, and make sure you plan to have the critical medications available during an emergency.
  8. Communicate a plan. Talk to your doctor about what you should do in case you run out of a medication during an emergency. If you have a child who takes a prescription medication, talk to their daycare provider or school about a plan in case of an emergency.
  9. Plan ahead. Make sure you know the shelf life and optimal storage temperature for your prescriptions, because some medications and supplies cannot be safely stored for long periods of time at room temperature. If you take a medication that needs to be refrigerated or requires electronic equipment plan ahead for temporary storage and administration in an emergency situation.
  10. Check before using. Before using the medication in your emergency kit, check to make sure the look or smell hasn’t changed. If you are unsure about its safety, contact a pharmacist or healthcare provider before using.

Resources

Trust in business is at an all-time low. Trust in governments is rock bottom as well. At the same time, huge challenges remain to create sustainable societies. What to do? A new project to develop a standard for organizational governance could help, and has just been given the green light.

We don’t need to go far back in history to see how bad governance can ruin lives and tarnish industries. Enron and Lehman Brothers are just some of the names that spring to mind, contributing to an increasing expectation from society for the heads of businesses to be accountable for their organizations. While laws and regulations are necessary foundations, truly good governance that takes organizations to new levels of performance over the long term goes far beyond the law to instil trust and effectiveness.

In this context, ISO’s committee of experts that specializes in governance (ISO/TC 309) has just been given the green light to develop an ISO international guidance standard that will help organizations establish good governance practices, going beyond the avoidance of risk and contributing to their long-term value overall.

...

https://www.iso.org/news/ref2229.html

For Cybercriminals, it’s a Match Made in Heaven

This is an age in which ransomware has made the barrier to entry for would-be cybercriminals lower than ever. And, with the proliferation of IoT devices, for attackers, there’s ample opportunity to compromise smart devices. And the convergence of these two threats has certainly attracted the interest of cybercriminals.

Ransomware and IoT are colliding – and the impact has created the perfect storm for cybercriminals.

At a high level, ransomware encrypts its victims’ data or blocks their access to a computer system or network until a sum of money is paid. With lower execution costs, high returns and minimal risk of discovery (compared to other forms of malware), ransomware has quickly become a preferred method of attack for cybercriminals. And it’s now easier than ever for virtually anyone – even individuals with minimal security knowledge – to extort money from companies and individuals through do-it-yourself ransomware toolkits or via the services of a Ransomware-as-a-Service (RaaS) provider.

When it comes to the popularity of ransomware as an attack vector, the numbers don’t lie. An August 2016 report from Osterman Research found that, during the course of the previous 12 months, nearly 50 percent of the companies surveyed were the victim of a ransomware attack. And Kaspersky’s Q1 Lab Malware Report revealed a 250 percent rise in mobile ransomware during the first few months of 2017. The business model of ransomware has proven highly lucrative, and there’s no sign that the malware will go away anytime soon.

...

http://www.corporatecomplianceinsights.com/ransomware-marries-iot/

Tuesday, 17 October 2017 16:17

When Ransomware Marries IoT

With the end of September’s National Preparedness Month, incident response professionals may get questions from colleagues about how their organization responds to natural disasters or other major disruptions.

Communications is an especially important element of disaster response. Small businesses may find calling trees sufficient, but larger enterprises and government agencies often depend on advanced communications and information technology.

Organizations have three options for deploying incident response communications infrastructure:

...

https://www.onsolve.com/blog/managed-saas-vs-traditional-saas-choose-best-option-organization/

For Cybercriminals, it’s a Match Made in Heaven

This is an age in which ransomware has made the barrier to entry for would-be cybercriminals lower than ever. And, with the proliferation of IoT devices, for attackers, there’s ample opportunity to compromise smart devices. And the convergence of these two threats has certainly attracted the interest of cybercriminals.

Ransomware and IoT are colliding – and the impact has created the perfect storm for cybercriminals.

At a high level, ransomware encrypts its victims’ data or blocks their access to a computer system or network until a sum of money is paid. With lower execution costs, high returns and minimal risk of discovery (compared to other forms of malware), ransomware has quickly become a preferred method of attack for cybercriminals. And it’s now easier than ever for virtually anyone – even individuals with minimal security knowledge – to extort money from companies and individuals through do-it-yourself ransomware toolkits or via the services of a Ransomware-as-a-Service (RaaS) provider.

When it comes to the popularity of ransomware as an attack vector, the numbers don’t lie. An August 2016 report from Osterman Research found that, during the course of the previous 12 months, nearly 50 percent of the companies surveyed were the victim of a ransomware attack. And Kaspersky’s Q1 Lab Malware Report revealed a 250 percent rise in mobile ransomware during the first few months of 2017. The business model of ransomware has proven highly lucrative, and there’s no sign that the malware will go away anytime soon.

...

http://www.corporatecomplianceinsights.com/ransomware-marries-iot/

Monday, 16 October 2017 14:57

When Ransomware Marries IoT

Emergencies Aren’t Biased

Small companies can fall victim to a dangerous mindset of thinking they are too small to take formal precautions against crises. They believe that fancy emergency notification systems are relegated to the companies with thousands of employees scattered around the globe. While the magnitude of the emergency may scale with the size of the company, even the smallest mom and pop company needs a plan and a system to communicate when an unexpected event occurs.

The truth is, emergencies can happen anywhere, anytime, to anyone. All we have to do is look at the crazy hurricane season we will thankfully see coming to an end in the coming weeks. Hurricanes Harvey, Irma, Maria and Nate paid no attention to whether or not the buildings they destroyed were owned by a large or small company. They didn’t care if four employees were displaced or 4,000. It was of no concern as to which streets would be impassable and how long the power would be out.

...

https://www.alertmedia.com/no-youre-not-too-small-for-a-notification-system/

Blockchain technology related topics are gaining a lot of attention lately, most of the attention is focused on cryptocurrency such as Bitcoin.  Some predict it as the new internet revolution which could lead to new technological innovations in economics and social transformations.

Blockchain is running on a peer-to-peer network, with many distributed nodes and supporting independent computer servers globally.  Part of it is implemented without any centralized authority and has a built-in fraud protection and consensus mechanism, such as the concept of Proof-of-Work, where peer computers in nodes approve every requirement for the generation of a new set of transactions or block to be added to the database a.k.a. “Block Chain”.

It also has a built-in check and balance to ensure a set of colluding computers can’t game the system.  Blockchain also brings in an element of transparency, which reduces fraud as the entire chain is visible and auditable.

...

http://www.bcinthecloud.com/2017/10/blockchain-for-business-continuity-and-disaster-recovery/

(TNS) - The heavy winds that downed power lines Sunday night at the start of the deadly wildfires raging across Northern California were far from “hurricane strength,” as PG&E has claimed, according to a review of weather station readings.

On Tuesday, the Bay Area News Group reported that Sonoma County emergency dispatchers sent fire crews to at least 10 reports of downed power lines and exploding transformers as the North Bay fires were starting around 9:22 p.m. In response, PG&E said that “hurricane strength winds in excess of 75 mph in some cases” had damaged their equipment, but they said it was too early to speculate what started the fires.

However, wind speeds were only about half that level, as the lines started to come down, the weather station records show. At a weather station in north Santa Rosa where the Tubbs Fire started, the wind gusts at 9:29 p.m. peaked at 30 mph. An hour later, they were 41 mph.

...

http://www.govtech.com/em/disaster/California-Fires-PGE-Power-Lines-Fell-in-Winds-That-Werent-Hurricane-Strength.html

The Need for Aligned Assurance

Today’s changing risk landscape has put increased pressure on assurance functions to simplify their requirements and to provide the board, senior management and other key stakeholders with a complete risk and assurance picture. To do so requires coordinating on the risk universe, risk terminology and ratings. Malcolm Murray and Rafael Go discuss how, in light of this mandate to the board and companywide remit, internal audit is best placed to kick-start and champion these aligned assurance efforts.

In recent years, both the size and scope of the risk landscape has changed dramatically. These changes are driven by the reality that organizations are becoming larger, more complex and more geographically dispersed. Add that to the number of third parties (now including fourth and fifth parties) rapidly proliferating and the increase in digitization efforts that are requiring more robust protection from cyberattacks and data breaches. And, along with all of this, companies are under increased competitive pressure from more digitized competitors.

Despite an increased focus on these new challenges, assurance functions are faced with stagnant resources, having to provide more comprehensive assurance with less. Most organizations’ assurance functions tend to work independently, which adversely affects operations and strategy by lengthening decision-making, slowing down corporate clock speed and increasing the procedural burden. According to research from CEB, now Gartner, 43 percent of compliance executives report that internal partners sometimes avoid the compliance process and 77 percent of business leaders have indicated becoming more risk averse. This leads to a 48 percent reduction in potential top-line growth from foregone corporate opportunities and new projects.

Having separate groups report independently to the board and senior management also means they get an incomplete or, at worst, contradictory picture of the risk landscape. In order to provide comprehensive risk guidance to the business, assurance functions must increase their efforts at aligning their work.

...

http://www.corporatecomplianceinsights.com/audits-increasingly-critical-role-in-grc/

Friday, 13 October 2017 16:22

Audit’s Increasingly Critical Role In GRC

https://ems-solutionsinc.com/blog/caring-for-children-in-a-disaster/

 

By REGINA PHELPS

Disasters affect children differently than they do adults. Learn more about the unique needs of children during and after disasters. Just with all of the disasters in the United States alone, this issue is especially critical to help young ones cope.  The CDC has several great recommendations for the care of children at time of disaster.

Another organization, the Shenandoah Valley Project Impact, the Central Shenandoah Valley’s regional disaster preparedness and mitigation program developed a great set of children’s books both in English and Spanish to help families and their kids cope. You can download them here.

Disaster_Activity_Book_for_Kids_English

Disaster_Activity_Book_for_Kids_Spanish

  • Children’s bodies are different from adults’ bodies.
    • They are more likely to get sick or severely injured.
      • They breathe in more air per pound of body weight than adults do.
      • They have thinner skin, and more of it per pound of body weight (higher surface-to-mass ratio).
      • Fluid loss (e.g. dehydration, blood loss) can have a bigger effect on children because they have less fluid in their bodies.
    • They are more likely to lose too much body heat.
    • They spend more time outside and on the ground. They also put their hands in their mouths more often than adults do.
  • Children need help from adults in an emergency.
    • They don’t fully understand how to keep themselves safe.
      • Older children and adolescents may take their cues from others.
      • Young children may freeze, cry, or scream.
    • They may not be able to explain what hurts or bothers them.
    • They are more likely to get the care they need when they have parents or other caregivers around.
    • Laws require an adult to make medical decisions for a child.
    • There is limited information on the ways some illnesses and medicines affect children. Sometimes adults will have to make decisions with the information they have.
  • Mental stress from a disaster can be harder on children.
    • They feel less of a sense of control.
    • They understand less about the situation.
    • They have fewer experiences bouncing back from hard situations.

https://www.cdc.gov/childrenindisasters/index.html

(TNS) - The catastrophic fires that have ravaged Wine Country this week may be unprecedented in their toll, but they’re only the latest in a wave of infernos that have blasted through the hills and valleys north of San Francisco in recent years. And the trend is likely to worsen.

As temperatures climb across the West and as a sprawling Bay Area expands development into increasingly rural reaches, Northern California is becoming more akin to Southern California, where warm weather and people staking trophy homes along far-flung cliffs and canyons have set the stage for chronic burning, fire experts say.

“I can’t imagine how there isn’t going to be more of this in the future,” said Hugh Safford, an ecologist for the U.S. Forest Service’s Pacific Southwest Region. “It’s shocking what’s happened, but it really isn’t necessarily all that surprising.”

...

http://www.govtech.com/em/disaster/Deadly-Fires-Show-How-Northern-State-is-Becoming-More-Like-Fire-Prone-South.html

(TNS) - The Memphis Police Department is working to build up a short-staffed police force, and in the meantime, the department's director of emergency communications hopes that a new dispatch system will help police answer calls more quickly.

The new dispatch system, Intergraph Mobile for Public Safety, is being installed on laptop computers in police cars.

The system uses global positioning system technology to show dispatchers and police officers exactly where squad cars are located and what kind of calls they're handling.

...

http://www.govtech.com/em/safety/New-GPS-Based-Dispatch-System-Should-Speed-Memphis-Police-Response-Times-Department-Says.html

Sometimes in business continuity we end up with such a fierce focus on actions inside the enterprise that we neglect actions directed towards the outside world, and specifically towards our customers.

In the logistics sector for example, among third-party logistics service providers (3PLs), business continuity has not always been a strong point. However, the smarter ones (often the larger ones) have developed a tactic that helps them ride out the rollercoaster conditions of the economy and different natural, political, social, technological, and regulatory upsets.

By getting and staying close to their large customers, 3PLs can gain important visibility into business trends. Some 3PLs take things even further and in concertation with the customer embed part of their personnel into the customer’s organisation.

...

http://www.opscentre.com/business-continuity-staying-close-customer/

You’ve convinced management to do a business impact analysis (BIA), and now it’s time to jump in. But, wait! A proper business impact analysis requires some preparation. You don’t jump into the water without looking at it first and changing into swim trunks or at least taking everything out of your pockets. Otherwise, you might hit a rock or damage the phone in your pocket. The same logic applies to a BIA.

Here, we’ll outline the prep work required to conduct a solid BIA; one that is worth your while and creates tangible results. In the following, we assume an understanding of what a BIA is and the components of the BIA.

...

https://www.mha-it.com/2017/10/preparing-for-a-bia/

You won’t likely be duped into sending money to an overseas bank account anytime soon. But phishing scams and malware-laced communications are constantly evolving. As we’ve seen with NotPetya this year, cyberattacks are becoming more sophisticated, and yet they can still find their way into systems through phishing emails—right under our noses, with our permission. They may pose as a new business lead, a security update, or a request from your bank. They may even come with a very convincing email.

These sneak attacks have some telltale signs, however. Shortened URLs, unfamiliar senders and urgent demands to CLICK NOW are just a few. Make sure your employees look out for these, conduct regular educational sessions to keep your team aware of the latest attacks, and let them know how one click could jeopardize your entire network.

Perpetrators cast a wide net, and they will get a few bites, even from those who know better. While being the target of a cyberattack is nearly inevitable—and your DR plan should account for this—exercising caution and training employees can head off many incidents before they become disasters.

Hack attack

This year’s hurricane season is like nothing in recent memory. With the country still reeling from Harvey, Irma, and Maria, everyone held their breath as Hurricane Nate headed toward states along the Gulf Coast this weekend. Those of us at IWCO Direct and Mail-Gard were especially anxious as a number of our colleagues and clients were making their way to New Orleans for the DMA’s &THEN Conference. Thankfully, Nate lost steam before hitting the mainland, but our team at Mail-Gard was prepared to help clients manage the print-to-mail operations of their critical communications at the drop of a hat if necessary. Today we wanted to briefly share how we prepare for a disaster declaration in advance of severe storms and natural disasters.

We start by doing our best to become meteorologists. We have a system in place to closely monitor weather patterns in regions where our clients are located in order to determine which ones may be in the path of a severe storm. We contact those clients well in advance to ensure they have our emergency declaration hotline information readily available. We also make sure our team is fully prepared to spring into action by alerting them to which clients may need to make a disaster declaration, so they can review those specific client requirements in advance. We also analyze our testing schedule to “clear the decks” so that we can devote our full energy to impacted clients.

...

https://www.iwco.com/blog/2017/10/11/mail-gard-disaster-declaration-hurricanes/

So you’re the DR guy and you have: setup different replication layers and technologies between datacenters, redundant telecom links, off-site backup solutions, VPN connections over the internet, several layers or power redundancy on some of your facilities; you name it. You have even made your homework and have successfully audited all of these solutions, policies and processes.  

Everything is great... Is it? 

Here are just some surprises:

...

https://www.linkedin.com/pulse/disaster-recovery-challenges-puerto-rico-hurricane-marias-berrios/

(TNS) - As the number of people confirmed dead in Northern California fires rose to 15, officials warned Tuesday that the toll could rise as multiple fires scorched upward of 100,000 acres.

Sonoma County alone has received about 200 reports of missing people since Sunday night, and sherriff’s officials have located 45 of those people, said Sonoma County spokeswoman Maggie Fleming.

The majority of the fatalities are from Sonoma County, where huge swaths of the city of Santa Rosa were leveled in flames from the Tubbs fire. Nine people have died in Sonoma County as of 11 a.m. Tuesday, Fleming said. Two people have died in Napa County, three in Mendocino County and one in Yuba County, Cal Fire officials said.

...

http://www.govtech.com/em/disaster/Death-Toll-Climbs-to-15-Missing-Person-Reports-Soar-as-Northern-California-Fires-Continue-to-Rage.html

More than a dozen fires have burned more than 1,500 structures in Northern California, with more than a dozen dead as of Tuesday afternoon.

CNN lays down the facts:

  • More than 119,000 acres burned, much of it in wine country – Napa and Sonoma counties.
  • Fires surged behind hurricane force winds (79 mph gusts) – about the same speed as Hurricane Nate at its landfall a few days ago.
  • Nearly 35,000 are without power.
  • No rain is forecast for the next seven days.

Cat modeling firm RMS notes that the fires, taken together, are already the fifth most destructive in state history, as measured in the number of homes destroyed.

The Insurance Information Institute has background information on wildfires here.

...

http://www.iii.org/insuranceindustryblog/?p=5488

Wednesday, 11 October 2017 14:54

CALIFORNIA WILDFIRES: WHAT’S NEXT?

Dos:

  • Do file a claim with your insurance company.
  • Do register for FEMA disaster assistance. The quickest way to apply is online at DisasterAsistance.gov or through the FEMA mobile app. You may also apply by phone at 800-621-3362 (voice, 711, VRS or 800-462-7585 TTY).  Because of high demand, lines may be busy.  Please be patient and try calling in the morning or evening when call volume may be lower.
  • Do return a completed application for a low-interest disaster loan if you have been referred to the U.S. Small Business Administration (SBA). Returning the application
    is necessary for FEMA to consider you for certain grants.  Applicants may apply
    online using the Electronic Loan Application (ELA) via SBA’s secure website at https://disasterloan.sba.gov/el.  Additional information on the disaster loan program
    may be obtained by calling SBA’s Customer Service Center at 800-659-2955
    (800-877-8339 for the deaf and hard-of-hearing) or by sending an email to This email address is being protected from spambots. You need JavaScript enabled to view it..
  • Do know that FEMA grants may help pay for a temporary place to stay, make essential repairs or replace certain damaged contents.
  • Do inspect for structural damage before entering your home.
  • Do throw away wet contents such as bedding, carpeting and furniture. These items may be a health hazard due to mold.
  • Do take photographs of hurricane damage. FEMA or the insurance company may
    want to see these.
  • Do keep recovery-related receipts. FEMA or the insurance company may want to
    see these.
  • Do remember that FEMA grants do not need to be repaid, are not taxed and do not affect other government benefits.
  • Do go to a Disaster Recovery Center if you have questions about your FEMA assistance, a letter from FEMA, or your SBA home or business loan application.   Locate the nearest center with the FEMA mobile app or at FEMA.gov/DRC.

    Don’ts:

  • Don’t submit more than one registration per household.
  • Don’t wait for visits from FEMA or insurance adjusters before cleaning up flood damage and starting repairs.
  • Don’t wait for an insurance settlement to register with FEMA.
  • Don’t wait for an insurance settlement to apply for an SBA low interest disaster loan.
  • Don’t worry that federal disaster assistance is taking money away from someone else. FEMA provides assistance to all eligible applicants.
  • Don’t assume only homeowners can apply for help. Renters may qualify for assistance too.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

(TNS) - Long before Florida entered the deadliest hurricane season in a decade, auditors at the state’s Division of Emergency Management warned what the state was ill-prepared for a major disaster.

An annual audit completed in December 2016 by the agency’s inspector general detailed a lengthy list of deficiencies needed to prepare and respond to a hurricane. Among them:

–– Food and water supplies at the distribution center in Orlando were inadequate.

–– Contracts with companies that would supply cots to shelters had expired.

–– The agreements many trucking companies had signed with the state’s emergency management agency to distribute supplies had lapsed.

–– The agency was using “a spreadsheet created in the 1980s to help predict the amount of supplies and equipment that may be needed after a storm makes landfall,” as the state’s giant storage facility remained half empty.

...

http://www.govtech.com/em/disaster/Floridas-Hurricane-Response-System-was-Ill-Prepared-for-Disaster-Audit-Warned.html

What are companies doing to protect employees against harassment? This question has added weight after the October 8 firing of Harvey Weinstein by the board of Weinstein Co. following reports of sexual harassment complaints against him. Earlier firings at Fox News and Uber have also brought the issue into focus.

From MarketWatch: “Companies are increasingly buying insurance, including employment practices insurance to cover costs associated with employment lawsuits,” said David Yamada, a professor of law and the director of the New Workplace Institute at Suffolk University.”

Some insurers are also providing training materials for companies to teach their employees about sexual harassment in hope of avoiding it, Yamada added.

...

http://www.iii.org/insuranceindustryblog/?p=5484

Wednesday, 11 October 2017 14:50

HOW TO PROTECT EMPLOYEES AGAINST HARASSMENT

By Pete Benoit, Enterprise Solutions Architect, iland

For veterans of the IT services industry, DR has always been a popular topic of conversation with potential clients. Those that have been around long enough will certainly remember how many of those conversations progressed.

Typically, it went something like this.

Potential Client: We’ve determined that our current IT infrastructure DR plan puts our business at risk and we are interviewing service providers to assess potential solutions.

IT Services Vendor: What are your infrastructure RPO and RTO targets?

Potential Client: Our CIO wants us to maintain a RPO/RTO of 4 hours or less.

It wasn’t that long ago that everyone in this conversation would have understood that the quote from the service provider was going to be well beyond what the client intended to spend as part of the overall IT budget. This was typical for both small and large environments. Inevitably, the parties would work backwards by decreasing the expected deliverables for the solution until an acceptable price point could be reached. Sometimes the solution met so few of the organization’s requirements, that the conversation would be abandoned with no action.

Was the CIO delusional for requesting such aggressive (for the time) SLAs? Of course not. The importance of the data and the underlying applications and infrastructure was self-evident. The reality was that, not only were the options to meet those goals extremely expensive, there was very little guarantee that it would work as planned when it came down to crunch time.

The reason for the expense was that each production resource had to be duplicated, to a certain extent, at the remote site. This infrastructure would need to be purchased or leased, co-located, upgraded and required experienced technicians to maintain. All of this in hope that it would never have to be used in a live situation.

Fast forward to the present and with the evolution of virtualized workloads, resource pools, metered billing and any to any replication technology, those RPO/RTO targets are now achievable and at a fraction of the cost. The underlying services billing model that makes this a reality consists of a reserved billing storage component for data replication and burstable billing compute resources that can be deployed on demand and be billed per hour of use.

Reserved storage provides a target storage repository sized to handle all replicated workloads plus potential growth dependent on changes in the production environment. Reserved storage is billed on a per GB per month basis. The storage reservation quantity can be increased at any time to mirror changes in the production environment.

Burst compute refers to on-demand CPU and RAM which are necessary to operate the virtual workloads during production failover or testing. Because replication is accomplished without live workloads, the burst compute resources are available on demand and no charges are incurred until the workloads are powered on. CPU is metered on average GHz of CPU used per hour. RAM is metered as average gigabytes (GB) consumed per hour. These burst compute charges are tallied and billed monthly. When testing or failback is complete, the resources are returned and the burst charges are no longer accrued.

While cost is still top of mind for IT Directors and CIOs, the conversations around solutions for IT's data protection and DR needs are drastically different. Reserved storage plus burst compute pricing for DRaaS allows IT organizations to execute a robust disaster recovery plan without having to pay for live compute resources waiting for use. The major obstacles to a credible DR solution, even for small businesses, have been mitigated by technology advances and wide spread adoption of said advances.

Once the question of cost has been addressed, the discussion moves to more important issues. How do end users connect to the DR environment once failover is complete? Does the recovery site adhere to the same security standards as my production environment? How is failback accomplished? These are just a few of many important questions not related to cost.

In conclusion, the reserved plus burst model allows customers to apply the advantages of two pricing models where it makes the most sense thereby protecting critical data without the burden of barely used, monthly infrastructure costs at the service provider location. A comprehensive solution will also provide assisted initial setup, volume discounts for storage, simplified day-to-day operations via a self-service console, straightforward network configuration, the option for customer initiated failover, as well as detailed billing, monitoring and compliance reporting.

Benoit PetePete Benoit is an Enterprise Solutions Architect at iland, currently based out of Dallas with over 20 years of experience in the IT Services industry including time with hardware vendors, VARs and IaaS providers. His career began in the US Air Force as a Communication-Computer Systems Operator before joining the private sector and moving to Texas in 1996. Pete has a wide range of industry experience as a technician, support engineer and solutions engineer and excels at customer service. A proud graduate of the University of Louisiana at Lafayette, Pete is a husband and father of two and enjoys golf and spending time with family and friends.

https://ems-solutionsinc.com/blog/sonoma-county-firestorm-complete-devastation/

By REGINA PHELPS

The Sonoma County Firestorm has laid waste to landmarks, homes, businesses and schools, burning uncontrolled into Monday night with 11 dead and 100 people reported missing.

A raging firestorm born in the dark of night by dry, violent winds roared down from the rural hills bordering Napa and Sonoma counties early Monday and cut a devastating swath into Santa Rosa from its eastern outskirts, killing at least seven city residents and destroying more than 1,500 structures.

Tens of thousands of people were forced to flee their homes hours before sunrise, when the ruin wrought by flames in several terrifying hours became apparent over a rural and urban landscape spanning more than 50 square miles. In Sonoma County alone, officials said 100 people were reported missing.

For thousands of firefighters and residents trying to protect homes, the fire driven by gusts up to 68 mph was an amorphous, unstoppable force, rampaging through Mark West Springs, Larkfield and Wikiup, and Fountaingrove, where it claimed hundreds of upscale Santa Rosa houses tucked into forested hillsides.

From there it raced on, scorching landmark businesses and school campuses and threatening two hospitals, where hundreds of patients were evacuated. Throwing sparks ahead of its main front, the fire then jumped Highway 101 into a heavily populated corner of northwest Santa Rosa.

And then on top over everything, two small earthquakes hit the area yesterday.  A minor earthquake shook Sonoma County outside Santa Rosa on Monday evening as the Tubbs Fire and other blazes continued to burn the North Coast. The magnitude 2.9 quake struck about 8:16 p.m. and was centered about 3.7 miles west of Kentwood, according to the U.S. Geological Survey. Emergency dispatchers were not aware of any significant damage.

The local paper is doing great news coverage: The Press Democrat  Check out their stories and images:  http://www.pressdemocrat.com/

ORLANDO, Fla. – Homeowners and renters who suffered damage as a result of Hurricane Irma have until Nov. 9 to register with the Federal Emergency Management Agency (FEMA) for possible federal disaster assistance.

The 30-day registration timeframe is fast approaching for survivors to apply for disaster assistance from FEMA and the U.S. Small Business Administration (SBA). Survivors of Hurricane Irma have 60 days from the Sept. 10 date of disaster declaration to apply for Individual Assistance.

Anyone who sustained a loss in any of the 48 Individual Assistance-designated Florida counties should register before the deadline even if they have insurance.

Federal disaster assistance may help eligible applicants with temporary housing, disaster-related uninsured personal property losses, medical, dental and funeral expenses, along with other disaster-related expenses and serious needs.

Survivors must register with FEMA to be considered for federal disaster assistance even if they have contacted the state, their local emergency management agency, the American Red Cross or other charitable organizations.

The quickest way to apply for federal assistance is online at www.disasterassistance.gov or through a smartphone or tablet at www.fema.gov/apply-assistance.

Survivors may also apply by phone at 800-621-3362 for voice, 711 and Video Relay Service (VRS). If you are deaf, hard of hearing, or have a speech disability and use a TTY, call 800-462-7585. Information on the registration process is available in American Sign Language at: fema.gov/medialibrary/assets/videos/111546.

Next to insurance, SBA low-interest disaster loans are the survivor’s primary source of money for the long-term rebuilding of disaster-damaged property.

Low-interest disaster loans from the SBA are also available to help with residential and business losses not covered by insurance. Businesses of all sizes, homeowners, and renters may obtain information on SBA disaster loan applications by calling 800-659-2955 or online at www.SBA.gov. For those who are deaf, hard of hearing, or have a speech disability and use a TTY, call 800-877-8339. They may also apply for disaster loans at www.disasterloan.sba.gov/ela/.

Get more information by visiting www.FEMA.gov/IrmaFL and FEMA’s Facebook page, and by following @FEMARegion4 on Twitter.

(TNS) - The flood maps that help determine where homes are built in Texas, how much insurance costs and which areas would benefit from flood control projects are based on rainfall data that hasn't been updated for as long as a half-century, meaning that development has expanded here for decades without a complete understanding of the flood risks.

Those risks have come into sharp focus following the record-setting rainfall of Hurricane Harvey, which inundated areas never touched by floodwaters before, and growing expectations among climate scientists that powerful storms will not only happen more frequently, but also pack more rain as global and ocean temperatures rise. Of the 39 Texas counties that experienced flooding during Hurricane Harvey, fewer than 10, including Harris County, have flood maps based on precipitation data from this century.

And even that data, from 2001, is more than 15 years old and doesn't capture severe storms that included Hurricane Ike in 2008, the Memorial Day floods in 2015 and the Tax Day floods of 2016.

...

http://www.govtech.com/em/disaster/Explore-Harveys-Broad-Reach.html

Tuesday, 10 October 2017 16:29

Explore Harvey's Broad Reach

(TNS) - As the number of mass shootings continues to climb across the United States, emergency medical workers in central Ohio are among those nationwide seeking to arm bystanders with the knowledge, equipment and confidence needed to save lives during bleeding emergencies.

"A person with a severe enough injury to an artery can bleed to death in three to five minutes, so the regular public needs to know how to stop bleeding, whether it's by applying pressure or a tourniquet" said Jodi Keller, who oversees disaster preparedness for the Central Ohio Area Trauma System.

The network of health-care professionals has been participating in the national Stop the Bleed campaign for about a year, she said. The campaign was launched by the White House in October 2015.

...

http://www.govtech.com/em/disaster/Stop-the-Bleed-Campaign-Teaches-Bystanders-to-Help-Save-Lives.html

Investigators: Don’t Lose Sight of the Basics

These days, attorneys and in-house legal departments can easily get caught up in the electronic evidence frenzy and in their rush to embrace the ever-evolving world of electronic evidence, they may find themselves expending significant resources on digital collection and authentication procedures. They’d do well to remember that many of the challenges attorneys and courts have faced with respect to old-fashioned physical evidence are no different from those they face with electronic evidence.

These days, many attorneys and in-house legal departments are finding themselves ensnared in the electronic evidence frenzy. And in their rush to stay abreast of the ever-evolving world of electronic evidence, these legal professionals often expend significant time, resources and money on digital collection and authentication procedures — measures that often prove entirely unnecessary. Because while there is undoubtedly a unique set of issues associated with electronic evidence (Where do you collect it from? How do you collect?), at the end of the day, electronic evidence is still evidence. Accordingly, many of the concerns associated with electronic evidence (How do you ensure it is admissible? Is there any way to keep it out of a case?) are no different than the challenges attorneys and courts have tackled for years with respect to old-fashioned physical evidence. Indeed, as one court aptly remarked in addressing electronic communication authentication concerns, “the same uncertainties exist with traditional written documents. A signature can be forged; a letter can be typed on another’s typewriter; distinct letterhead stationary can be copied or stolen.” In re F.P., 878 A.2d 91, 95 (Pa. Super. Ct. 2005). So while legal professionals cannot simply ignore the onslaught of electronic evidence issues, they should not lose sight of the basics in navigating them.

Perhaps the most challenging issue associated with electronic evidence is identifying the variety of sources from where it can be obtained. For example, beyond the more traditional e-mails, text messages and social media accounts, attorneys must now also consider those less-trodden electronic sources (at least in the world of litigation) that might contain useful information, such as voice-activated products (Siri, Google Home) and activity trackers (Fitbits). That said, while seeking Fitbit data may be valuable in defending against a plaintiff’s claim of severe disability, the same data would likely have no relevance in defending a gender discrimination claim. And given that irrelevant evidence — electronic or otherwise — generally will not be admissible in court, attorneys should carefully evaluate all of the claims in a case to determine whether seeking these less traditional (and less accessible) types of electronic evidence would be a waste of unnecessary resources and costs.

...

http://www.corporatecomplianceinsights.com/best-practices-managing-electronic-evidence/

(TNS) - The National Hurricane Center has issued a tropical storm watch for the Emerald Coast to the Okaloosa-Walton line in anticipation of Tropical Storm Nate affecting the area over the weekend.

As of the 11 p.m. advisory Nate was about to move off the Honduran coastline into an area where intensification was considered likely. The Hurricane Center said in its 11 p.m. advisory that Nate could be near hurricane strength once it nears the northeastern Yucatan Peninsula.

Nate's interaction with land could cause a temporary cessation in the the strengthening process, but once the storm emerges over the Gulf of Mexico, Nate is expected to resume intensification and the storm is expected to become a hurricane.

Guidance as of the 8 p.m. advisory has not changed significantly and Nate is expected to make landfall along the north-central Gulf Coast early Sunday.

Tropical storm conditions mean an area could experience higher than normal tides, heavy rain and winds up to and exceeding 39 mph.

...

http://www.govtech.com/em/disaster/Tropical-Storm-Watch-Issued-for-Emerald-Coast-as-Nate-Threatens.html

What Compliance Professionals Need to Know About Employee Data

The deadline for the General Data Protection Regulation (GDPR) is on the horizon, and a customer’s information is not the only thing that should be on a compliance practitioner’s radar. After all, the mishandling of an employee’s information can pose as much financial risk – therefore, it is important to understand the potential GDPR issues from extended rights and burden of proof to social media snafus and the need for defined policies.

Heads up: There’s more to the General Data Protection Regulation (GDPR) and GDPR compliance than meets the eye. That’s because the regulation — which takes effect on May 25, 2018 — doesn’t simply cover personally identifiable information (PII) belonging to the customers of corporate and government entities that are headquartered and/or do business in the European Union (EU). It also applies to employee PII which, as with customer PII, encompasses everything from telephone numbers to gender preferences.

Neglecting to address the employee PII aspect of the GDPR is not simply foolhardy; it puts organizations at risk for financial repercussions. EU authorities have a record of imposing penalties for noncompliance with mandates, as well as for doing so early on. Their approach to the GDPR will be no exception. But just as significant, in today’s economic climate, PII is increasingly viewed as a valuable commodity and as individuals’ personal property. Employees and former employees want control over this property and will undoubtedly capitalize on opportunities to gain it as afforded by the GDPR. Accordingly, it’s important to clarify key issues surrounding the GDPR and employee data.

...

http://www.corporatecomplianceinsights.com/dont-overlook-aspect-gdpr/

Friday, 06 October 2017 17:15

Don’t Overlook This Aspect Of The GDPR

Despite the continual emergence of new malware, hackers, and data breaches, people continue to ignore security warnings. Researchers have suggested this all comes down to our brains.

With most successful cybersecurity attacks, we are constantly seeing it come down to basic human errors. From opening phishing emails to using weak passwords to running outdated software, people have long been compromising their own – or their employers’ – security. Cyber-criminals are always looking to exploit this flaw.

Most People Are Ignoring Cyber Security Warnings

We tend to blame people for clicking on links to malware or not following policies or training. Unfortunately, we are training people to ignore warnings. Think about your own experience – how often do you ignore a security warning that a website is not secure? We often believe, correctly, that it is an expired certificate and nothing is wrong. Also, with all the scam security warnings that pop up, we have allowed people to become accustomed to believing that the warnings are not valid.

...

https://www.mha-it.com/2017/10/ignoring-cyber-security-warnings/

(TNS) — A week after the first travel trailers to house displaced hurricane victims arrived in the Keys, they remain in storage in Key West with no apparent immediate plan to get people in them.

The Florida Division of Emergency Management said in a statement Tuesday that “the temporary housing units in Monroe County are staged in Key West for just-in-time delivery to ensure that empty units are not sitting in the public eye. As for a timetable, it is ongoing. As pads become available and survivors are approved by FEMA, we are then able to match them.”

On Sept. 18, Gov. Rick Scott, speaking in Marathon, estimated that about 10,000 of the Keys’ 75,000 or so residents were left homeless by Hurricane Irma, which hit the islands as a Category 4 Sept. 9 into 10.

...

http://www.govtech.com/em/disaster/Trailers-to-House-Storm-Victims-are-Here-but-no-Ones-in-Them.html

You may find this blog article mind-expanding – especially if your natural reaction is to think about its title in two dimensions, rather than three. To set things straight, we’re not talking about paper printouts of Business Continuity Plans that by definition are out of date the moment they are distributed.

We’re talking instead about 3D printing, which has become a practical reality.

Businesses are finding all sorts of uses for it, including the creation on demand and on location of machine spare parts for maintenance and repair, and therefore increased uptime and greater continuity.

In a recent article on the web, consultancy firm PwC suggests several reasons why enterprises can improve their business continuity by using 3D printing. Suppliers of spare parts can look forward to cost savings: the article suggests that within 10 years, German spare parts suppliers will save 3 billion euros annually by using 3D printing.

...

http://www.opscentre.com/business-continuity-machines-just-sec-ill-print/

(TNS) — Even before Sunday's mass shooting in Las Vegas, emergency management officials in Massachusetts and on the Cape and Islands were preparing for a similar tragedy here, including plans for how to get information to the families of the dead and injured.

"A lesson learned from the events in Orlando and other mass casualties, including San Bernardino and the Boston Marathon, is it's necessary that incident commanders set up a family assistance center," Kurt Schwartz, director of the Massachusetts Emergency Management Agency, said during an interview with the Times last month after he spoke at a meeting of the Barnstable County Regional Emergency Planning Committee.

A formal state-operated family and survivor assistance plan is in the final stages of development, according to Schwartz.

Initial responsibility for meeting the needs of survivors and family members falls to local authorities where the incident occurs, but state-level assistance can be quickly activated if requested.

...

http://www.govtech.com/em/safety/Local-Emergency-Management-Officials-say-Region-is-Prepared-for-Mass-Shootings.html

Case Study

OVERVIEW: Since 1933, the Jericho Fire Department has been charged with protecting its Long Island, New York community residents from the perils of fire and other emergency situations. The Department proudly provides Fire Prevention and Safety Education, Fire Suppression, Emergency Medical Services and Hazardous Materials response. Its staff of 36 dedicated employees and 94 volunteers valiantly serve the residents and businesses of the Jericho Fire District and, since its inception, the department has evolved into an all-risks emergency response agency, currently responding to about 1000 alarms each year. Together as a team they save lives, reduce property loss, and improve emergency services to meet the evolving life safety needs of citizens.

CHALLENGE/OBJECTIVE: As is the case with so many Fire Departments, maintaining control over the myriad keys kept at a firehouse can be challenging. It's critical to be able to have quick, but at the same time, controlled access to some of the keys. John O'Brien, Jericho Fire District Supervisor, chose to demo the MedixSafe Key Care Cabinet to determine if it would meet the Department's key control needs. The Department already had a MedixSafe Narcotics Cabinet/Safe in their ambulances and firehouse, which has been instrumental in securing their emergency response narcotics and making them available only to the advanced life support personnel authorized to administer them in an emergency. "It's been great," O'Brien notes. "There is no key to override it, and it provides an audit trail of who has accessed the safe and when. So when the Key Care Cabinet became available, we were eager to demo it."

KeyBox6SOLUTION: O'Brien reports that "We loved what we saw, because key control was an issue, and knowing who is in the key cabinet and when is so important. The Key Care Cabinet gives us the ability to track that, as well as the capability to restrict access to those not of the rank to have access." The MedixSafe Key Care Cabinet is electronically controlled and allows the user to not only organize their access keys, but to control them, as well. A 'key' feature that differentiates the MedixSafe Key Care Cabinet from low-end key cabinets is that it enables more secure access.

Because a single PIN can be easily compromised, dual, triple or biometric authentication credentials are required before access to the Key Care Cabinet is granted. Users can opt to go with a fingerprint and PIN combination, key card and PIN combination, or a key fob and PIN combination.

It accommodates over 1,000 individual users and provides an audit trail history of up to 50,000 events. The Key Care Cabinet is accessible via a remote Ethernet network and also has a manual key override. This ensures that the cabinet can still be accessed via a single key in the event of an electronic failure.

KeyBox3BENEFITS: The ability to control access to crucial keys is among the most significant benefits the Jericho Fire Department is reaping from the MedixSafe Key Care Cabinet. Certain keys are especially important to store, O'Brien points out, including the Department's radio keys, auxiliary vehicle keys as well as keys to the fuel pumps. "Probably the most important," he says, "Are the keys for the sirens, which always need to be found quickly." There are also outside vendors the Department works with, and some of them need access to keys, as well. "My radio repairman, for instance, needs access," he adds. "We operate the radios, but he repairs them!" O'Brien adds that the software is very easy to operate, and the overall operation is extremely user-friendly. "It's really just some data entry, and our system is wireless, which made it easy to install. All we needed was a power outlet."

"The Key Care Cabinet would benefit firehouses everywhere," he says. "It ensures the security of the most important keys, and gives you the ability to control and track who's accessed those keys. I highly recommend it."

ABOUT MEDIXSAFE: A leader in the access control cabinet market, MedixSafe began designing and manufacturing narcotics control cabinets in 2008. The first narcotics control cabinets were designed for the EMS market to be used in ambulances. Based on customer requests, MedixSafe designed and built different sized cabinets to meet their varying needs. MedixSafe caters to the key control needs of doctors, dentists, veterinarians, university research departments and schools of medicine, hospitals, the U.S. Army, U.S. Navy, pharmacies, and more. For more information, visit http://medixsafe.com/

It's sometimes billed as "America's playground," but most of America doesn't live within four highway hours (much less if you speed) from downtown Las Vegas.

Which partly explains why the deadliest mass shooting in modern U.S. history – a Sunday night rampage near the Las Vegas Strip that left at least 59 dead and more than 500 wounded or injured – feels like a local crime.

Though hard numbers aren't known, a huge chunk of the estimated 22,000 people on hand when Jason Aldean's performance was halted by the crackle of an automatic weapon, came from Los Angeles, Orange, Riverside and San Bernardino counties. Even the name of the three-day country music event – the Route 91 Harvest festival – refers to the former name of the stretch of freeway and highway that connects Long Beach to Las Vegas.

...

http://www.govtech.com/em/disaster/Las-Vegas-Mass-Shooting-Turns-Refuge-for-Southern-Californians-Deadly.html

The number of valid certificates to ISO management system standards (MSS) rose 8 % in 2016 compared to 2015, according to latest figures of the ISO Survey.

The ISO Survey is an annual survey of valid certifications to ISO management system standards issued by accredited certification bodies worldwide. It is the most comprehensive overview of certifications to these standards currently available.

A total of 1 643 523 valid certificates were recorded across nine standards compared to 1 520 368 in 2015 (an increase of 8 %), with a further 834 certificates across two new additions to the survey bringing the 2016 total to 1 644 357.

The ever-popular ISO 9001, Quality management systems – Requirements, and ISO 14001, Environmental management systems – Requirements with guidance for use, were up 7 % and 8 % respectively, with 1 106 356 and 346 189 certificates issued, while more recent additions to the survey, such as ISO 50001 for energy management and ISO/IEC 27001 for information security, rose by 69 % and 21 % respectively, amassing 20 216 and 33 290 certificates worldwide.

...

https://www.iso.org/news/ref2228.htm

The Need for Regulatory Support

Financial institutions and federal bank regulators can integrate location intelligence as a regulatory technology (Regtech) solution to ensure compliance with anti-money laundering (AML) standards, financial inclusion requirements, and fair lending regulations. This article outlines the key benefits for banks and regulatory authorities of integrating geospatial technology.

Geospatial technology — or technology focused on the collection, analysis and visualization of location data — has a variety of uses across different industries. For instance, this technology can be used by law enforcement to track criminal activity or by retail companies to monitor customer behavior. While some financial institutions use geospatial tools to gather customer data and manage risk, this technology has not been widely adopted due to concerns from regulatory authorities regarding aspects of its functionality and credibility. If integrated properly, geospatial technology can enhance anti-money laundering (AML) practices, bolster financial inclusion and refine fair lending compliance in financial services.

...

http://www.corporatecomplianceinsights.com/minimizing-risk-geospatial-technology/

Wednesday, 04 October 2017 14:56

Minimizing Risk through Geospatial Technology

The cloud industry is loosely defined, unregulated, and quickly evolving. The typical cloud service provider (CSP) business model is very uniform. It looks the same across all industries — there’s no per-tenant service customization, CSPs don’t offer one-off contracts, and they don’t bend their terms and conditions for customers in any specific industries.

So can you use a CSP if your organization is in a highly-regulated industry? Steve Chambers, a Cutter Consortium Senior Consultant and expert on the CSP industry, explains:

Some CSPs enthusiastically embrace industry regulators as they see it as a competitive advantage. These CSPs build their own assurance programs that any customer can audit, effectively meeting an industry regulator halfway by supporting the regulated organization.”

According to Chambers, a review of public CSPs shows that the oldest, largest, and most mature CSPs have the most comprehensive set of assurance programs:

...

http://blog.cutter.com/2017/10/03/highly-regulated-industries-can-move-to-the-cloud/

(TNS) - Sunday's mass shooting on the Las Vegas Strip might not have been preventable from a security standpoint, but lessons learned from it figure to alter how authorities prepare for major events and respond to potential tragedies, experts said.

“The sad fact is we will never prevent these,” said emergency management consultant Michael DeCapua, an adjunct professor at Concordia University's Department of Homeland Security and Emergency Preparedness in Portland, Ore.

“Each incident changes how we plan and how we react,” DeCapua said. “It's a constant process of analysis, looking at the plans, training and exercising.”

The Las Vegas massacre that left at least 58 dead and more than 500 people injured could result in increased emphasis on ensuring that the environment surrounding an event venue is secure, said Laura Dugan, a professor of criminology and criminal justice at the University of Maryland.

...

http://www.govtech.com/em/safety/Las-Vegas-Shooting-to-Change-Security-Priorities-Experts-Say.html

Rethinking Independence in Internal Investigations

Demonstrating and ensuring independence in internal investigations is a critical issue for corporate counsel to consider, especially when facing or anticipating parallel regulatory probes. How to properly do so is a nuanced process: as this piece explores, it is not as simple as the binary question of whether counsel conducting an internal investigation had a previous working relationship with the company.

For a company under actual or potential government scrutiny, an independent internal investigation performed by outside counsel, sometimes coupled with cooperation with the government, can mean the difference between indictment and a much more palatable result. Often, outside counsel’s “independence” is conflated with “absolutely no prior work done for the subject company.” Indeed, some companies and boards categorically refuse to hire outside counsel to handle internal investigations if the firm has previously performed work for the company; this is out of concern that the government will assume that such counsel cannot conduct an “independent” investigation.

Although there are circumstances in which an entirely new firm should be hired for an internal investigation, imposing this sort of bright-line rule in every case may risk disqualifying a firm that is otherwise best equipped to handle a particular investigation, driving up costs and reducing efficiency while failing to increase credibility. In many situations, investigative counsel can be diligent, objective and independent despite having done some prior work for the client.  Investigative counsel that are familiar with the inner workings of a company from a prior relationship can bring enhanced efficiency and understanding to the investigation that can be extremely beneficial to the truth-finding process, as well as to cost-control efforts. The point at which a prior counsel relationship may defeat independence must be considered on a spectrum.  While hiring a firm with no prior relationship may be useful or even necessary for some types of investigations, in other circumstances, an existing or previous counsel relationship can enhance effectiveness with minimal – if any – threat to the investigation’s credibility.

...

http://www.corporatecomplianceinsights.com/counsel-relationships-can-increase-scrutiny/

What’s more important in IT Service Management, the management or the service?

In the past, the management element tended to get more attention, and the services were simply the IT systems, networks, and applications, with availability, integrity, reliability, and security added in.

Now, there is a trend towards a greater customer orientation, listening to business requirements, stakeholder expectations, and understanding that simply meeting an SLA may no longer be enough.

If this trend continues, could the IT department shift entirely from technical expertise to marketing and customer service knowhow?

For IT geeks tucked away in cubicles and glued to their screens, contact with other human beings is sometimes a stretch.

...

http://www.opscentre.com/service-management-new-name-marketing/

BRUNSWICK, Ga. — If you are a disaster survivor in Georgia applying for assistance with the Federal Emergency Management Agency and are referred to the U. S. Small Business Administration, it’s important to submit a low-interest disaster loan application. This will ensure that the federal disaster recovery process continues and you keep your options open. The SBA offers federal disaster loans for businesses of all sizes, homeowners and renters.

Next to insurance, an SBA low-interest disaster loan is the primary source of funds in Georgia for real estate property repairs and for replacing contents destroyed in the wake of Hurricane Irma.

FEMA and SBA encourage homeowners, renters and businesses to apply for low-interest disaster loans to help fund their recovery and to ensure the federal disaster recovery process continues.

  • Many survivors who register with FEMA will be contacted by SBA. Those who are contacted should advise SBA how they will be submitting their loan application.
  • There are three ways to submit an SBA loan application: online at https://disasterloan.sba.gov/ela/; in person at a Disaster Recovery Center (DRC); or by mail. To find the nearest location, use the FEMA Mobile app or visit www.FEMA.gov/DRC.
  • Do not wait on an insurance settlement before submitting an SBA loan application. You can begin your recovery immediately with a low-interest SBA disaster loan. The loan balance will be reduced by your insurance settlement if you receive one. SBA loans may be available for losses not covered by insurance or other sources.
  • You should complete and return an SBA application as soon as possible. Failure to complete and submit the home disaster loan application may stop the FEMA grant process. Homeowners and renters who submit an SBA application and are not approved for a loan may be considered for certain other FEMA grants and programs that could include assistance for disaster-related car repairs, clothing, household items and other expenses.
  • Homeowners may be eligible for home disaster loans up to $200,000 for primary residence structural repairs or rebuilding.
  • SBA may be able to help homeowners and renters replace important personal property including automobiles damaged or destroyed in the disaster, up to $40,000. 
  • SBA can help businesses and private nonprofit organizations with up to $2 million to repair or replace disaster-damaged real estate and other business assets. Eligible small businesses and nonprofits can apply for economic injury disaster loans to help meet working capital needs caused by the disaster.
  • SBA has staff at all DRCs to provide one-on-one assistance to homeowners, renters and businesses of all sizes in submitting their application.
  • Applicants may be eligible for a loan amount increase up to 20 percent of their physical damages, as verified by SBA for mitigation purposes. Eligible mitigation improvements may now include a safe room or storm shelter to help protect property and occupants from future damaged caused by a similar disaster.
  • SBA Business Recovery Centers (BRCs) help businesses get back on their feet from damage they sustained during the storms. The BRCs are a resource where businesses can meet face-to-face with SBA representatives to learn how a low-interest disaster loan can help them recover.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion4 and the FEMA Blog at http://blog.fema.gov.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling 800-659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it. or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call 800-877-8339.

(TNS) - Las Vegas police have long feared an attack by a shooter, said former Boston Police Commissioner Edward Davis, who touched down in the city last night ahead of a crisis-planning meeting today with hotel security chiefs, before a sniper carried out the deadliest mass shooting in modern U.S. history from his 32nd-floor Mandalay Bay Resort hotel room.

"There's always been a fear - not so much among the security chiefs, but by the police out here - that there would be an attack. It is is their worst fear coming true," Davis told the Herald in a phone interview from Vegas this morning.

"This is, just on its face, a big glaring target for Islamic terrorists. And now you've got a yahoo with a machine gun firing at people from a hotel window. It's terrible times," he said.

...

http://www.govtech.com/em/safety/Former-BPD-Boss-Ed-Davis-Mass-Shooting-is-Vegas-Cops-Worst-Fear.html

Avoiding Blind Spots, Groupthink and Other Issues

Though virtually every involved party was at fault to some degree, bias on multiple fronts was largely the cause of the 2008 financial crisis. Given that bias in risk management can result in a disastrous event such as this one, protecting against biases is critical. Jim DeLoach presents several strategies to overcome these blind spots and effectively address operational risks.

Few would argue that the 2008 financial crisis was likely the most spectacular failure in risk management recorded to date. There are so many causal factors and culpable parties, we cannot possibly cover them all. One of my favorite books on the subject is All the Devils Are Here: The Hidden History of the Financial Crisis. The promo for this outstanding, highly readable book reads as follows:

As soon as the financial crisis erupted, the finger-pointing began. Should the blame fall on Wall Street, Main Street or Pennsylvania Avenue? On greedy traders, misguided regulators, sleazy subprime companies, cowardly legislators or clueless homebuyers? According to [the authors], the real answer is all of the above – and more. Many devils helped bring hell to the economy. And the full story, in all of its complexity and detail, is like the legend of the blind men and the elephant. Almost everyone has missed the big picture. Almost no one has put all the pieces together.

...

http://www.corporatecomplianceinsights.com/addressing-bias-problem-risk-management/

If you have homeowners or flood insurance, you can still register with FEMA for assistance for an eligible need not covered. However, survivors must take care not to accept the same benefits from more than one source, also known as the duplication of benefits.

Duplication of Benefits   

• Duplication of benefits occurs when an individual or family receives an identical item or service from more than one source.
• Federal and state agencies responding to disasters are prohibited from duplicating the benefits of insurance companies or other public or private entities.

Insurance Companies

• FEMA cannot legally provide disaster assistance for items or services already covered by flood insurance.
• When insured survivors apply for FEMA assistance, they must submit copies of their flood insurance settlements.
• Survivors who have flood insurance that covers structure and/or contents may receive little to no disaster assistance from FEMA.

Public or Private Organizations

• FEMA also cannot provide disaster assistance for items or services that survivors have received through donation.
  o For example, if a public or private organization provides donated appliances, bathroom fixtures or medical equipment to a survivor, that survivor cannot receive FEMA assistance to replace those items.

Duplicating Benefits Violates FEMA-Survivor Agreement

• Survivors who receive disaster assistance sign a form agreeing to use all awarded funds in the manner specified by FEMA.

###

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards. Follow us on Twitter at https://twitter.com/femaregion3 and the FEMA Blog at http://blog.fema.gov.

The U.S. Small Business Administration (SBA) is the federal government’s primary source of money for the long-term rebuilding of disaster-damaged private property. SBA helps homeowners, renters, businesses of all sizes, and private non-profit organizations fund repairs or rebuilding efforts and cover the cost of replacing lost or disaster-damaged personal property. These disaster loans cover losses not fully compensated by insurance or other recoveries and do not duplicate benefits of other agencies or organizations. For more information, applicants may contact SBA’s Disaster Assistance Customer Service Center by calling (800) 659-2955, emailing This email address is being protected from spambots. You need JavaScript enabled to view it., or visiting SBA’s Web site at www.sba.gov/disaster. Deaf and hard-of-hearing individuals may call (800) 877-8339.

(TNS) — Miami-Dade government employs the second-largest workforce in the county. Why couldn’t it find enough people to open hurricane shelters on time?

That’s one of the topics likely to be broached Thursday when the County Commission convenes a meeting at 1 p.m. to examine Miami-Dade’s response to Hurricane Irma, which sparked the largest evacuation in the county’s history as well as complaints that the government wasn’t ready for the logistical demands of a major storm.

The most visible challenges came in the increasingly frantic days before Irma’s projected landfall in south Florida. Until the Friday before Irma hit on Sunday, Sept. 10, forecasts had the Category 5 storm as one of the most threatening ever for Miami, with the possibility of the eye crossing the city’s downtown. Miami-Dade Mayor Carlos Gimenez issued unprecedented evacuation orders for more than 600,000 residents.

...

http://www.govtech.com/em/disaster/After-Hurricane-Irma-Miami-Dade-Asks-What-Needs-to-be-Fixed-Before-the-Next-Storm.html

Cybercrime damage costs are projected to hit $6 trillion annually by 2021. And it’s not just the big guys that are getting hit – 43 percent of cyber attacks specifically target small businesses. Cyber attacks are clearly here to stay, which is why it’s become vital to the survival of your business to prepare for them.

Here are five solid tips that should help you protect yourself against these malicious digital threats.

...

https://continuitycenters.com/5-solid-cybersecurity-tips-for-your-business/

Friday, 29 September 2017 15:35

5 Solid Cybersecurity Tips for Your Business

A law firm’s livelihood depends upon its reputation among clients. However, this reputation is at risk when client confidence is diminished—whether this be as a result of failed expectations or inadequate due diligence. For this reason, and the rise of a more modern threat landscape, law firms are prioritizing the protection of sensitive information and prevention of downtime now more than ever.

69% of legal professionals rated “Data Security” as the top challenge for their firms*

Most firms are investing heavily in preventative IT security by implementing tools and strategies to ensure no one gets unwarranted access to data. However, many of those firms have not modernized the restorative side of their IT security strategy, the portion that ensures you can recover from an incident.

...

https://www.bluelock.com/blog/draas-can-help-law-firm/

Friday, 29 September 2017 15:30

Protecting Your Firm’s Reputation

When you look at something, you have an impact on it. That’s the observer effect.

Cited in quantum physics, the effect can have a major impact when you try to look at very small particles, because the photons (the light) required to see the particles are of a comparable size.

Bouncing photons off those particles will therefore have an impact on them, what they do, and what you finally observe.

...

http://www.opscentre.com/observer-effect-business-continuity/

Thursday, 28 September 2017 14:56

The Observer Effect in Business Continuity

Security software vendors are furiously introducing new products with increasingly sophisticated machine learning algorithms that can detect phishing scams and quarantine a message before it ever gets in front of a vulnerable end user to be clicked upon.

But a ransomware campaign launched Sept. 18 features a sophisticated new wrinkle to the phishing technique, enabling it to slip past many of the machine learning algorithm-based software sold by some of the industry’s most popular vendors, according to research by security firm Comodo.

...

http://mspmentor.net/security/new-ransomware-evades-machine-learning-security-software

If you're an MSP, you might have noticed something a little unfair about the tech world today: Software developers get most of the glory, but it's the people who maintain software -- including MSPs -- that do a lot of the hard work to keep systems running smoothly.

I was thinking about the importance of software maintenance recently after reading an op-ed encouraging readers to "get excited about maintenance."

The piece focused primarily on industries like transportation.

But the authors noted that in the software industry, maintenance accounts for well over half of costs and labor.

...

http://mspmentor.net/devops/why-msps-deserve-more-credit-software-maintenance-work

https://blog.sungardas.com/2017/09/cartoon-ignoring-software-update-pop-ups-may-get-ransom-note-instead/

Hackers prey on complacency like thieves checking cars in a parking lot: They don’t have to break windows if you leave the doors unlocked.

They bet organizations won’t make simple software updates, and they’re often right.

Just look at the WannaCry attacks earlier this year. The ransomware was designed to exploit a known weak spot in Windows—one for which Microsoft had issued a patch months before. Thousands of victims, who didn’t install the updates, were left with a tough choice if they didn’t have backups in place: Either pay a Bitcoin ransom to unlock their data or say goodbye to that information.

Maybe we ignore regular updates because we’re too busy, or we don’t think they’re necessary. Or we see the pop-ups so often, we don’t give them a second look before we dismiss them.

But regular updates are a crucial part of your cyber security—well worth the 15 minutes it takes to install them. Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

Patch Updates FINAL100dpi

Taking the most basic precautions by making sure every system in your organization is up to date can’t prevent every cyberattack, but it’s often enough for hackers’ tools to skip your organization for one that’s less prepared.

Do you have plans in place for use when traditional communication methods are limited? Here’s why you should create and implement backup communications systems

In our blogs over the past several weeks, we have been discussing business continuity strategies and IT architecture. We have also talked about planning for hurricanes and other storms. As a follow up to both of those concepts, today’s blog is a bit more tactical and pointed. The recent storms and hurricanes have directed our attention back to natural disasters and our preparedness for them. One thing the devastation in Puerto Rico has made clear is how difficult it is to maintain communications when the underlying infrastructure has been destroyed or compromised. Internet and cell phone networks are out all over the island making communication with officials, friends, and relatives on the mainland almost impossible.

Here are some things to consider regarding communication (including contact with government officials and vendors; locating and accounting for staff, etc.) if your planned use of telephones (cell or otherwise), email, websites, messaging, and the like become unavailable.

...

https://www.mha-it.com/2017/09/backup-communications-systems/

Wednesday, 27 September 2017 14:31

What About When Communication Methods are Limited?

2016 was a record year for large HIPAA breaches, with covered U.S. healthcare entities reporting 133 cases that affected the private information of at least 500 individuals each.

This year is on pace to more than double that figure, with 221 major breaches reported to federal authorities already, as of Sept. 20, government records show.

...

http://mspmentor.net/security/2017-s-record-hipaa-breach-pace-points-growing-hacker-threat

If you’ve worked in IT development for hardware or software, or had dealings with that world, you may well have seen the statistics about the costs of fixing bugs.

In terms of “units” of cost, suppose catching a bug during the design phase costs one unit to fix it. Then catching it after module code has been written costs ten units, and catching it at final quality assurance testing costs 100 to fix it. Once the product has been released to market, the cost is 1,000 units.

A similar logic applies to IT security. If you try to stick it on as an afterthought, it gets expensive too. But what do you do with legacy systems that were built before these illuminating statistics were available?

The problem with bolted-on solutions in a digital world is not just the cost, although this mounts up rapidly in terms of effort to find a suitable solution, testing, and retrofitting (patching or upgrades). IT security is now an all or nothing situation.

...

http://www.opscentre.com/bolted-security-option/

Tuesday, 26 September 2017 15:03

When Bolted-On IT Security is the Only Option

FEMA and FCC Share Key Points About Test

WASHINGTON – The Federal Emergency Management Agency (FEMA), in coordination with the Federal Communications Commission (FCC), will conduct a mandatory nationwide test of the Emergency Alert System (EAS) on Wednesday, September 27, 2017, at 2:20 p.m. EDT. In light of the upcoming test, the agencies share the following key informational points:

  • The purpose of the nationwide test is to ensure that the EAS remains an effective means of warning the public about emergencies.  Periodic testing of public alert and warning systems helps to assess the operational readiness of alerting infrastructure, and to identify any needed technological and administrative improvements.
  • FEMA will administer the nationwide test, in cooperation with the FCC and National Weather Service, and with the participation of broadcast TV, radio, cable, satellite, wireline video, and other service providers, known as “EAS participants.”  After the test, EAS participants are required to file reports with the FCC, which the agency will analyze to determine how the test performed.
  • FEMA’s nationwide test message will be similar to regular monthly EAS test messages, in that the public should receive both audio and on-screen text conveying that it is only a test.  The nationwide test message language will differ slightly as it will say, “This is a national test of the Emergency Alert System.  This is only a test.” (Emphasis added.)
  • The test message will be transmitted in both English and Spanish, with EAS participants deciding which version to use for their communities.  The test is intended to last approximately one minute.
  • How EAS works: Emergency alerts are created and sent by authorized government agencies.  EAS participants receive the alerts through a central Internet-based system administered by FEMA or through local “over the air” monitoring sources.  EAS participants then disseminate the emergency alerts to affected communities.  The FCC prescribes technical and procedural rules for communications providers’ participation in this process.
  • Public safety officials need to be sure that in times of an emergency or disaster, they have reliable methods and systems to deliver urgent alerts and warnings to the public when needed.  
  • Wireless Emergency Alerts will not be part of the test. 
  • The back-up date for the test is October 4, 2017, in case the September 27 test is cancelled due to widespread severe weather or other significant events.
  • The test was first officially announced on July 24, 2017.  FEMA and the FCC have been coordinating with EAS participants and other stakeholders in preparation for the test. Additionally, FEMA announced the test September 19, 2017.

You can also access a video, FEMA Accessible Emergency Alert System IPAWS Test Message, in American Sign Language.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

When was the last time your organization conducted a mock disaster exercise? If you can’t think of a single instance (or if you’re taking too long to consider your answer), then your well-laid disaster recovery plans aren’t likely to be recovering anything anytime soon.

If you start performing those exercises now, however, there’s still time to turn things around.

What is a mock disaster exercise? It is a simulation of an unplanned disruption that requires participants to identify the actions and steps they would take to successfully respond, assess the impacts, activate resources, and recover in a timely matter.

Why is it so important? Because this type of “mock” testing validates your recovery plans and strategies (both of which are based on a formal business impact analysis that has been analyzed and shared with management). Having a set of written directions is only the first step in a two-part process of disaster response planning; the second step is testing those directions to see if people can actually put them to use. Could your team really respond, activate, and recover? You’ll never know unless you put them to the test.

...

http://www.bcinthecloud.com/2017/09/how-to-build-a-mock-disaster-test-the-recovery-plan/

Evacuteer checking someone in during 2017 full-scale city assisted evacuation exercise.

“I am a Katrina survivor.” These were the first words out of Joan Ellen’s mouth when I spoke with her. And she was one of the lucky ones. She made it out of New Orleans before Hurricane Katrina made landfall on August 29, 2005. But not everyone was so fortunate. One of Joan Ellen’s neighbors did not evacuate because she could not bring her old dog with her to a shelter and would not leave him behind. Her neighbor died in the flooding. Joan Ellen recalls, “If I had known I would have taken her with me.”

Evacuations are more common than you might think. Every year people across the United States are asked to evacuate their homes due to fires, floods, and hurricanes. However, there are many reasons people may not be able to evacuate– including issues that New Orleans’ residents face, like lack of transportation, financial need, homelessness, and medical or mobility issues.

No one left behindJoan Ellen returned to her home in New Orleans 48 days after Hurricane Katrina. She likes to tell people, “I only had a foot of water – but it was a foot over my roof.” The thing she remembers most vividly about going home was not the destruction, but the smell. When Joan Ellen heard a radio announcement that they were recruiting volunteers to help in a mandatory evacuation she signed up. She has been training other Evacuteers since she joined the organization in 2009. She loves the casual definition of family that keeps people together in the event of an evacuation. “Family is anybody we say is family, and we will keep everybody together. In New Orleans we are only two degrees of separation.”

According to FEMA’s Preparedness in America report, people in highly populated areas were more likely to rely on public transportation to evacuate in the event of a disaster. In the event of a mandatory evacuation, approximately 40,000 people living in New Orleans will need assistance to evacuate because they don’t have a safe or alternative option.

After learning from Hurricane Katrina, the City of New Orleans will now call a mandatory evacuation nearly three days in advance of a dangerous or severe storm making landfall on the Louisiana coast. Everyone must leave during a mandatory evacuation until officials declare the city safe for re-entry.

Mobilizing the Evacuteers

The City also started City Assisted Evacuation (CAE) to help people who are unable to evacuate on their own. Through this program, the city provides free transportation for residents, along with their pets, to a safe shelter. CAE counts on volunteers from Evacuteer.org, a local non-profit organization that recruits, trains, and manages 500 evacuation volunteers called “Evacuteers” in New Orleans. As the Executive Director of this organization I tell people, “We are a year-round public health preparedness agency that promotes outreach to members of the community that aren’t always easy to reach, nor trusting of government, about their options and the evacuation process. The goal is to make sure that everyone using CAE is treated with dignity throughout the entire process.”

Lit evacuspot in Arthur Center

Evacuteers receive a text message if the City of New Orleans calls for a mandatory evacuation. Teams are assigned to seventeen pickup points, called Evacuspots, placed in neighborhoods around the city. The Evacuteers help register people and provide information about the evacuation process. When residents go to an Evacuspot, Evacuteers will give every person a ticket, a wristband, and a luggage tag to help track their information and ensure that families stay together. After the paperwork is filled out, evacuees are transported to the downtown Union Passenger Terminal bus station where they will board a bus, and for a smaller percentage, a plane, to a state or regional shelter. When the city is re-opened after the storm passes, the process will bring residents back home to New Orleans.

An artistic approach to save lives

Each Evacuspot is marked by a statue of a stick figure with his arm in the air, and looks as though he is hailing a safe ride out of the city. Erected by international public artist, Douglas Kornfeld, the statues are a public art initiative led, and fundraised, by Evacuteer.org. Installed at each of the pick-up points in 2013, the stainless steel statues measure 14-feet tall, and stand as a reminder to residents year-round that there is a process to ensure everyone has the opportunity to safely evacuate.

Do you know what to do?
  1. Have a plan. Know where your family will meet, both within and outside of your neighborhood, before a disaster.
  2. Fill ‘er up. Make sure you have a half a tank of gas at all times in case of an unexpected evacuation. If an evacuation seems likely, make sure your tank is full.
  3. Keep your options open. Have alternative routes and other means of transportation out of your area. Choose several destinations in different directions you can go to evacuate.
  4. Leave early. Plan to take one car per family to reduce congestion and delay.
  5. Stay alert. Do NOT drive into flooded areas. Roads and bridges may be washed out and be careful of downed power lines.
Learn more
Read our other National Preparedness Month blogs:

Posted on by Kali Rapp Roy, Executive Director, Evacuteer.org

Tuesday, 26 September 2017 14:53

CDC: The Power of Us

F17 01

F17 02PHOENIX, Ariz. – Fall World 2017 was another great success for Disaster Recovery Journal, marking the 57th conference for the business continuity industry’s premier event.

More than 700 attendees joined speakers, board members, and exhibitors from around the globe at the JW Marriott Desert Ridge Resort and Spa in Phoenix, Arizona, Sept. 17-20, 2017. The three-day event featured 62 sessions, a concurrent exhibit hall with almost 100 booths, and numerous networking events.

F17 03“The venue was just very well received again this year,” said DRJ President Bob Arnold, looking over attendee evaluations after the show. “The numerous networking opportunities seemed to be very popular with attendees too. Our topics always get very high marks but the food was at a higher level than we’ve seen. JW Marriott does a good job. It’s a great venue.”

The conference took place just days after two major hurricanes and days ahead of more earthquakes and hurricanes.

“In the wake of Hurricanes Harvey and Irma, the subject was a major topic of discussion among our speakers, vendors, and attendees,” said Arnold. “We plan on covering details as lessons learned come out of these events.”

The senior advanced track was very popular with practitioners as well. This special track allows the industry’s most advanced planners to interact with C-level personnel and other advanced practitioners.

“The senior advanced track is a good balance between IT and the organizational side,” said Arnold.

F17 04DRJ Fall World 2017 gold sponsor Fusion Risk Management hosted the Monday Night Hospitality event, featuring food, drinks, dancing, and giveaways. Silver sponsors included eBRP Solutions, Firestorm, IBM Resiliency Services, Onsolve, Regus, RSA, Strategic BCP, and SunGard Availability Services. Co-sponsors included Agility Recovery, AlertMedia, Avalution Consulting, BC in the Cloud, ContinuityLogic, Fairchild Consulting, Kingsbridge Disaster Recovery, Mail-Gard, Quantivate, Recovery Planner, Rentsys Recovery Services, RES-Q Services, Ripcord Solutions, and Virtual Corporation. Business partners include Business Continuity Institute (BCI), Forrester Research, International Consortium for Organizational Resilience (ICOR), and Public & Private Businesses Inc. (PPBI).

F17 05“I want to thank all of our sponsors and exhibitors for helping us provide so many networking opportunities with attendees and vendors,” said Arnold. “We were really happy with everyone who joined us for another great show in Phoenix.”

F17 08In addition to several individual vendor drawings, attendees raked in 18 of the hottest technology items at the DRJ booth as part of the exhibit hall raffle. Grand attendance prize drawings also went to Chuck Robertson, Donna Turner, and Melanie Lightfoot Wednesday morning before the final general session. All three attendees win a free pass to a future DRJ conference.

Check out the DRJ.com Live page for more photos, tweets, and other details from DRJ Fall World 2017.

F17 10DRJ is now preparing for its next conference, DRJ Spring World 2018, which will be held March 25-28, 2018, in Orlando. Potential speakers have until Sept. 29, 2017, to submit a Call For Papers presentation.

To attend DRJ Spring World 2018, visit https://www.drj.com/springworld/.

Register
Sponsors
Sessions
Hotels & Travel
Pre/Post Classes
Key Contacts
ROI Toolkit

F17 13

Monday, 25 September 2017 22:35

DRJ Fall World 2017 Another Great Success

SolarWinds this week launched a beta of a converged application performance monitoring (APM) and infrastructure monitoring tool.

AppOptics combines SolarWinds’ TraceView APM and Librato, a cloud infrastructure monitoring company it purchased in early 2015.

The unified platform is designed to make it easier to monitor complex modern applications and distributed infrastructure, while eliminating the need for multiple monitoring solutions.

“The era of cloud and digitalization is driving exponential application growth,” Christoph Pfister, executive vice president for products at SolarWinds, said in a statement. “Applications are now the prime medium by which customers experience a brand, making uptime and end-user experience more critical than ever.

...

http://mspmentor.net/rmm/solarwinds-starts-testing-unified-application-and-cloud-infrastructure-monitoring-tool

Don’t be Caught Unprepared

An emergency is defined as “a serious, unexpected, and often dangerous situation requiring immediate action.” The key word here is “unexpected.” An emergency is an emergency because it is not predictable – but it can be planned for if you understand your most likely threats.

As we are in the heart of hurricane season and have witnessed perhaps two of the worst hurricanes on record, we can all agree Harvey and Irma presented urgent situations. The good news about hurricanes, however, is that they are rarely unexpected. Thanks to modern technology, we have time to plan. We may not know what to expect, we do have certain steps we can take to ensure we come out of it alive, if not well.

The same goes for organizations designing their emergency response strategy. Not every situation can be predicted, but it’s wise to assess your current risks and make plans on how you would respond.

...

https://www.alertmedia.com/4-emergency-notification-templates-you-must-have-to-protect-employees/

A solid IT architecture keeps your business running efficiently, but what if you don’t have one? These are key indicators for when a rebuild is in order.

Many come into the planning of an IT infrastructure with the best intentions. But even with a solid plan in hand, mismanagement, departmental politics, and emphasis on expediency can morph your implementation into a series of case-by-case decisions and leave you with a structure that doesn’t reflect your original intentions.

How do you know if your organization has strayed from the path? Here are some indicators that the current IT architecture has taken your company hostage.

...

https://www.mha-it.com/2017/09/signs-of-an-unreliable-it-architecture/

Monday, 25 September 2017 16:03

Signs of an Unreliable IT Architecture

How many times have you heard business people talk about their DNA – meaning their business culture or something similar?

It’s a little out of fashion now, kind of like SPIN selling, if you remember that. Corporate DNA or the enterprise double helix was supposed to be where business values lived, the “way we do things around here”, and so on.

Now, business DNA and its potential for harbouring business continuity may be set for a comeback, but not as an airy-fairy concept. This time, it really could be engrained in the business or rather in the people who represent the business.

...

http://www.opscentre.com/business-continuity-dna-right/

Monday, 25 September 2017 16:02

Business Continuity? It’s in Our DNA, Right?

What’s the difference between a risk, a threat, and a vulnerability? This is worth knowing, because if you can spot the risks in your enterprise and mitigate or eliminate them, you might not have to worry about associated threats.

Proactive action like this can keep your enterprise safe and secure, without having to worry (unduly) about changes in finance, sales, production, IT, or others.

So, the first thing to understand is the definition of each term and how they relate to each other.

A handy way of understanding the relationship between risk, threat, and vulnerability is the following simple equation:

Risk = Threat x Vulnerability x Impact

Now, a threat is something you cannot control. Cyber criminals threaten the security of your systems, while a hurricane threatens power supplies, for example.

...

http://www.opscentre.com/risk-management-proactively-dealing-threats/

Is Your Company Prepared for a Pandemic?

Recent natural disasters such as Hurricanes Harvey and Irma have undoubtedly sparked a renewed interest in continuity planning among many business leaders. When compared with even large-scale weather events, however, a global crisis – particularly a pandemic – is exceedingly difficult to plan for. This article outlines risk mitigation strategies and steps companies can take to ensure business continuity in the event of a pandemic.

Every flu season, public health experts speculate about the likelihood of a future global pandemic and its possible costs to lives and livelihoods. No one doubts those costs will be high. In recent years, outbreaks of highly infectious diseases, though short of pandemic levels, have taken billions of dollars from the global economy and caused untold misery.

For example, the World Bank projected losses of $3.5 billion in Latin America and the Caribbean due to the 2016 Zika virus. The 2014 Ebola outbreak in Guinea, Liberia and Sierra Leone cost those countries an estimated $2.8 billion in overall economic impact through 2015. A study by scholars at Korea University and the Australian National University roughly estimated the global economic impact of the 2003 SARS epidemic at $40 billion.

While public health officials and medical professionals work to understand how to prevent or contain pandemics to save lives, less attention has been paid to containing the economic risks. A 2016 report by the National Academy of Medicine’s Commission on a Global Health Risk Framework for the Future estimates that an outbreak on the scale of the 1918 influenza pandemic would cost the global economy as much as $60 billion a year. Despite this and other frightening estimates, businesses today are unprepared for the revenue losses that will result from the disruption of commerce during a global or even a regional disease outbreak.

...

http://www.corporatecomplianceinsights.com/managing-risk-global-crisis/

Monday, 25 September 2017 15:59

Managing Risk During a Global Crisis

Hurricanes, earthquakes, floods, wildfires and tornados devastate lives and companies. The companies that survive are led by those who invest in emergency plans

When natural disasters strike, four out of ten businesses never reopen, according to FEMA. Of those that do reopen, only 29 percent will be operating two years later.

The aftermath is overwhelming

If employers and company leaders don’t plan for emergencies and don’t plan for business continuity, they become overwhelmed with cascading problems concerning employees, property, logistics, customers, suppliers, investors and media.

Too many employers are in denial and don’t plan for foreseeable emergencies in their location.

...

https://911consulting.net/survive-natural-disaster/

Monday, 25 September 2017 15:44

How smart employers survive a natural disaster

The BCI

Hurricane Maria hit the Caribbean on Monday causing widespread damage throughout the US Virgin Islands, Dominica and Puerto Rico. Communications prior to the storm appeared clear and concise. Residents were warned to prepare and take shelter however, considering the damage left by Hurricane Irma just two weeks ago, the risk to lives and infrastructure was even higher.

Whilst news reports are showing the destruction from afar, one of the problems being faced by those affected in the Caribbean is a wide-scale loss of communications, meaning rescue operations and external aid missions are hindered, and communities face periods of time where contact with relatives and friends is impossible.

During a crisis, what are the repercussions of limited communications? Some communication outages can be repaired reasonably quickly by fixing damaged phone lines or restoring power to servers, however the long-term effects can be much more severe. If cables are damaged, major repairs can be needed which could take weeks or months to facilitate. The human effects of communications outages can also be damaging to communities by heightening a sense of panic. Whilst it’s important that members of the community can contact their colleagues, friends and family; the relief effort of emergency services must be a priority and without consistent communications, these efforts can be negatively impacted or even made impossible.

In the business continuity and resilience sector, having back-up systems and data sets is one of our key drivers. By having multiple sources of communication, for example, wireless and cable, communities and organizations are more likely to maintain access to at least one source and reduce any backlog of communications, therefore increasing the speed and effectiveness of the response effort.

At present, disaster recovery efforts appear to be heavily focussed on organizations, human welfare and infrastructure. However, the loss of communications is a problem which could be avoided. With the emergence of new technologies and a deeper understanding of these technologies, it should be possible to safeguard communications against the effects of a disaster by prioritising the implementation of multiple communication methods before a disaster becomes a crisis. 

Download the attached files

PDF documents  

The Business Continuity Institute

Climate change is seen to be one of the main challenges for the future, with the consequences of extreme weather events ranked the number one cause of business disruption.

The BCI Long-Term Planning Report, sponsored by Siemens, explores the attitudes and behaviours linked to long-term planning in the Benelux region and beyond, and considers how organizations prepare for future challenges related to climate change as well as how to they perceive their impact.

The results show the outstanding importance of long-term planning, horizon-scanning, and collaboration, as key elements when preparing for, responding to, and recovering from weather related disruptions. Download the full report and discover all the results.

Monday, 25 September 2017 15:28

BCI Continuity Planning for Climate Change

The Business Continuity Institute

2017 marks the 16th anniversary of the 9/11 terror attack. On the 11th September, 2001, two planes flew into the Twin Towers in the centre of New York, a third targeted the Pentagon in Washington DC and a fourth plane crashed in a field in Pennsylvania. The ongoing impact of the attacks is still widely spoken about today, and they brought to light the importance of planning and business continuity.

We focus, as business continuity professionals, on the importance of a variety of factors and one of the keys to embedding business continuity in your organization is staff welfare.

Staff welfare is ensuring that your staff not only feel supported during a disruption, but that they understand their roles and responsibilities during a disaster. If employees and stakeholders aren’t supported and their needs not met, can an organization guarantee that they will respond proactively to a disaster? Following the 9/11 attacks, major organizations affected have incorporated welfare plans into their BC plans.

Morgan Stanley was one of the organization’s affected by the 9/11 attacks and in the years following, talked about how their staff welfare took precedence. Within 20 minutes of the attack, most members of staff had been evacuated and within one hour of the attack, staff were relocated and backup systems were operational.

Robert Scott, COO of Morgan Stanley at the time, credits this success to their plans, exercising programmes, and personnel. By training senior managers and staff to respond to disasters, they were indeed prepared. They put the welfare of their staff above financial security and as a result, were able to resume business as soon as possible.

In an interview with the Harvard Business School, the COO stated "I am most proud that the clear, collective, first priority of senior management was the well-being of the people who work for Morgan Stanley." The resumption of their business is testimony to this approach.

Although each organization works differently and prepares for disruption in different ways, many can learn from this approach. The responsibilities of preparedness lie not only with management, but with every stakeholder associated with an organization and it is vital that business continuity and resilience professionals continue to endorse the importance of planning by demonstrating improvement through lessons learned and vigilance during times of uncertainty. 

Download the attached files

PDF documents  

The Business Continuity Institute

 

Mexico is waking up to widespread disruption and damage following a 7.1 magnitude earthquake.

The country is prepared for this type of disaster. All across Mexico, regular drills are practiced to ensure people are prepared for natural disasters, however this time it wasn’t a drill. The widespread damage is yet to be fully reported on and it’s likely that we won’t know the extent for days, weeks and even months, however their initial response appears proactive and positive.

In August 2017, the U.S. Department of Defense undertook an exercise designed to prepare the military and residents for a possible 7.0 magnitude earthquake. They followed their plans to the letter; escalating the disaster from local to county authorities. Once these county authorities could no longer manage the exercise scenario, it was escalated to state authorities and as a final escalation, the federal government was involved. According to Army Col. Barry Graham; “… I think it has been a great exercise and everyone has gotten something out of this training. New Mexico is very prepared because of this exercise."

Residents across the US and Mexico are also exercised regularly, undertaking drills which educate them on how to respond to a variety of scenarios. During these exercises, a 30 second warning is given and they are instructed of where to go and what to do depending on the type of disaster being exercised. This time however, there was no warning. The first the residents felt was the tremor. 

As this disaster becomes a reality with uncanny resemblance to their most recent exercise, how are local, state and federal authorities responding? Alfredo del Mazo Maza, the State of Mexico’s governor has invoked their disaster response plan; ordering schools to close and public transport to operate free of charge to allow residents to travel safely. Emergency services and volunteers are also in place working around the clock, searching the rubble for survivors. The extent of the damage and the widespread panic may hinder the recovery process, however even in the first 24 hours following the disruption, it appears that their widespread preparedness and exercising schedule will play a vital role in their recovery as a whole. 

Download the attached files

PDF documents 

The Business Continuity Institute

 

Having related but different disciplines work together, such as information security and business continuity, is the key for building resilience at an organizational level

Caversham, 19rd September 2017 –The Business Continuity Institute (BCI), in association with Mimecast, have published the BCI Information Security Report 2017. Cyber-attacks, such as the recent WannaCry ransomware attack, cause great disruption and financial loss, meaning organizations need to focus on collaboration as a key driver for building information security which is an important component of organizational resilience. 

The BCI Information Security Report looks to benchmark how organizations handle sensitive data and how resilient they are when it comes to data protection. The survey assessed 369 organizations in 63 countries worldwide on the different solutions and key drivers on which they build information security. 75% of organizations report the use of internet-connected devices at least once daily which demonstrates the pervasiveness of technology and how crucial it is to keep these devices secure. The results also showed that, top management commitment is pivotal in building information security across the organization. Compliance with legislation alongside organizational policies – such as staff training, company regulation etc. – and financial investment in information security, were also key drivers for information security in organizations. 

What stands out the most from the report is the concept of collaboration. Indeed, having collaboration among management disciplines and teams plays an essential role in tackling information security challenges, but it also helps when building organizational resilience. Therefore, business continuity professionals, with their expertise in dealing with disruption, should engage with related disciplines. Collaboration involved organizational change and effort, but the benefits deriving from it should be the motivation behind taking action. 

Founded in 1994 with the aim of promoting a more resilient world, the Business Continuity Institute (BCI) has established itself as the world’s leading Institute for business continuity and resilience. The BCI has become the membership and certifying organization of choice for business continuity and resilience professionals globally with over 8,000 members in more than 100 countries, working in an estimated 3,000 organizations in the private, public and third sectors.

The vast experience of the Institute’s broad membership and partner network is built into its world class education, continuing professional development and networking activities. Every year, more than 1,500 people choose BCI training, with options ranging from short awareness raising tools to a full academic qualification, available online and in a classroom. The Institute stands for excellence in the resilience profession and its globally recognised Certified grades provide assurance of technical and professional competency. The BCI offers a wide range of resources for professionals seeking to raise their organization’s level of resilience, and its extensive thought leadership and research programme helps drive the industry forward. With approximately 120 Partners worldwide, the BCI Partnership offers organizations the opportunity to work with the BCI in promoting best practice in business continuity and resilience.

The BCI welcomes everyone with an interest in building resilient organizations from newcomers, experienced professionals and organizations. Further information about the BCI is available at www.thebci.org.

Wednesday, 20 September 2017 16:32

BCI Information Security Report

The Business Continuity Institute

 

In our globally connected world, most organizations have staff that travel overseas, making it more important than ever for those organizations to have an effective emergency communications plan in place in order to contact geographically dispersed staff during a crisis.

Our annual emergency communications survey, sponsored by Everbridge, aims to benchmark the emergency communication arrangements of organizations in different sectors worldwide. Please do support the valuable research work of the BCI by completing the survey which you can find by clicking here. As an added incentive, all respondents will be entered into a prize draw to win a £100 Amazon gift card.

Tuesday, 19 September 2017 19:22

BCI Emergency Communications Survey 2017

TALLAHASSEE, Fla. – As Floridians begin the cleanup process after Hurricane Irma, the Federal Emergency Management Agency (FEMA) urges everyone to know the best way to remove debris from their property.

Don’t wait to clean up storm damage. Document damage with photos or videos.

Take care when cleaning up. Dangling power lines, flooding and other hazards remain. If trees and other debris have fallen on your private property, be sure to check with your insurance agent to determine if tree damage is covered by your policy. As you clean up, be sure to keep in mind the following information:

  • Due to the magnitude of recent disaster events, residents can move debris from their private property to public rights-of-way for pick up and removal by local governments for a limited time. Debris removal from private property is generally the responsibility of the property owner, just as before the hurricane.
  • Follow guidance from your local officials when placing debris for collection. Separate debris into six categories when disposing along the curb:
    • Electronics, such as televisions, computers or phones;
    • Large appliances, such as refrigerators, washers, dryers, stoves or dishwashers.  Be sure to seal or secure the doors so that they are not accessible;
    • Hazardous waste, such as oil, batteries, pesticides, paint or cleaning supplies. If you suspect that materials contain lead-based paint, keep them moist or contain materials in plastic bags so that the paint does not become airborne;
    • Vegetative debris, such as tree branches, leaves or plants;
    • Construction debris, such as drywall, lumber, carpet or furniture; and
    • Household garbage, discarded food, paper or packaging.
  • Place debris away from trees, poles or structures including fire hydrants and meters.
  • Remove all water-damaged materials from your home and place curbside for pickup.
  • Debris should not block the roadway.

Hurricane Irma left behind fallen trees, limbs and trash from damaged buildings on private and public property. Workers have begun picking up the tons of debris dumped on streets, highways, curbsides and from private yards. Federal and state aid will help pay for removing debris from public property.

For more Hurricane Irma recovery information, visit www.fema.gov/hurricane-irma.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

TALLAHASSEE, Fla. – If you live in one of the disaster-designated Florida counties and experienced property damage or loss directly caused by Hurricane Irma, register with the Federal Emergency Management Agency (FEMA) for disaster assistance – even if you have insurance. This can be an important step to begin the process of recovery.

You may register for assistance the following ways:

  • At www.DisasterAssistance.gov.
  • If you don’t have Internet access, you can call 800-621-3362.
  • People who have a speech disability or hearing loss and use TTY should call 800-462-7585.
  • For those who use 711 or Video Relay Service (VRS), call 800-621-3362.
  • These toll-free telephone numbers will operate from 7 a.m. to 11 p.m. (EST) seven days a week until further notice.

FEMA assistance for individuals may include grants for rent, temporary housing and home repairs to their primary residences, as well as funding for other serious disaster-related needs, such as medical, dental or funeral costs. If you have insurance, FEMA may still be able to assist with disaster-related expenses that were underinsured or not covered by your policy.

After you apply, a FEMA inspector will contact you to schedule an inspection. The inspection generally takes 30-40 minutes or less and consists of a general verification of your disaster-related losses and a review of ownership or residence records. There is no fee for the inspection.

When a FEMA housing inspector comes to visit your home, be sure they show you proper identification. All FEMA inspectors have prominent photo identification badges. If you suspect someone is posing as a FEMA housing inspector, call our toll-free Disaster Fraud Hotline at 866-720-5721, or call local law enforcement officials.

Once the inspection process is complete, your situation will be reviewed by FEMA. You will receive a letter by email or physical mail, depending on your preference, which outlines the decision about your claim. For more information about the inspection process, and documentation you will need to provide the inspector, visit the FEMA Individual Assistance Inspection Process page.

Know that you may receive a visit from more than one inspector throughout the recovery process. In addition to FEMA housing inspectors, representatives from the U.S. Small Business Administration, state and local officials and inspectors for private insurance coverage also visit neighborhoods in affected areas.

For more recovery information visit FEMA’s Hurricane Irma web page at www.fema.gov/hurricane-irma.

 A call from a FEMA inspector. A brief inspector's visit. A decision letter. If you receive a SBA loan application completing it is an important step in finding out what aid may be available to you.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Disaster recovery assistance is available without regard to race, color, religion, nationality, sex, age, disability, English proficiency or economic status. If you or someone you know has been discriminated against, call FEMA toll-free at 800-621-FEMA (3362). For TTY call 800-462-7585.

FEMA’s temporary housing assistance and grants for public transportation expenses, medical and dental expenses, and funeral and burial expenses do not require individuals to apply for an SBA loan. However, applicants who receive SBA loan applications must submit them to SBA loan officers to be eligible for assistance that covers personal property, vehicle repair or replacement, and moving and storage expenses.

FEMA has authorized Clean and Removal Assistance (CRA) for all designated counties in Texas for homeowners with disaster-related real property damage that do not qualify for Home Repair Assistance because the damage did not render the home uninhabitable.

This assistance is intended to prevent additional loss and potential health and safety concerns and reduce contamination from floodwater.

Clean and Removal Assistance is awarded as a one-time payment per household. This amount represents the average cost of cleaning, sanitizing and removing carpet in a flooded dwelling in the designated area. 

CRA payments are part of FEMA’s Other Needs Assistance program. Applicants must register with FEMA at DisasterAssistance.gov and meet all eligibility requirements. An inspector must verify that floodwater caused the damage to at least one item in the home.

Friday, 22 September 2017 18:54

Fact Sheet: FEMA Clean and Removal Assistance

WASHINGTON – The U.S. Department of Homeland Security's Federal Emergency Management Agency (FEMA) continues coordinating the efforts of the federal family, working alongside state, Commonwealth, tribal, territorial, and local emergency responders to help address the immediate needs of survivors following Hurricane Irma.

Tens of thousands of federal workers are supporting preparedness, response, and recovery to Hurricane Irma, including more than 3,200 FEMA staff, and more than 13,000 National Guard soldiers and airmen from 22 states, in rescue, evacuation, security and support operations.

three men on a boat repair a light

Crewmembers from Coast Guard Aids to Navigation Team Jacksonville Beach make repairs to a light damaged by Hurricane Irma, Friday, Sept. 15, 2017, in Brunswick, Georgia. The ANT Jacksonville Beach crew is responsible for over 950 aids to navigation throughout northeastern Florida and southeastern Georgia. (U.S. Coast Guard photo courtesy of Aids to Navigation Team Jacksonville Beach)

The Department of Energy is coordinating with its partners to facilitate communications, provide situational awareness, and expedite restoration efforts. More than 60,000 personnel are activated from more than 250 investor-owned electric companies, public power utilities, and electric cooperatives from all corners of the United States and Canada, to support power restoration. Private sector partners estimate that power should be returned to 95 percent of customers by September 17. Restoration to severely damaged areas will take additional time.

For those in designated areas in Florida, Puerto Rico, and the U.S. Virgin Islands, registering online at www.DisasterAssistance.gov is the quickest way to register for federal assistance, including FEMA assistance.  If survivors do not have access to the internet, they may register by calling 1-800-621-FEMA (3362) or 1-800-462-7585 (TTY). If survivors use 711 relay or Video Relay Service (VRS), they should call 800-621-3362 directly.

a woman wearing a FEMA vest stands in front of a flooded home with a clipboard

FEMA disaster assistance teams go door to door in Florida after Irma.

FEMA received more than 413,000 registrations to date and has already approved $92.8 million for Hurricane Irma survivors. As it becomes safe for people to return to their homes, FEMA expects registration numbers to increase.

Federal Efforts Underway as of September 16, 2017   

  • The American Red Cross (ARC) is operationally focused on safety, shelter, food, which includes shelf-stable meals, and positioning personnel and supplies. More than 8,100 people were provided refuge from Hurricane Irma in more than 100 government and Red Cross evacuation centers across four states, Puerto Rico, and the U.S. Virgin Islands.  To date, the ARC served more than 380,000 meals and snacks. More than 3,000 Red Cross workers are responding to Irma now, with almost 350 more volunteers on the way.
     
  • The U.S. Army Corps of Engineers (USACE) currently have more than 350 personnel engaged and have received 35 FEMA Mission Assignments (MA). For Florida, USACE’s mission assignments include providing temporary power, temporary roofing, debris removal, and infrastructure assessment. For Puerto Rico and the U.S. Virgin Islands, USACE’s mission assignments include providing temporary power, temporary roofing, debris removal/technical assistance, infrastructure assessment, and a commodities management subject-matter expert.
     
  • The U.S. National Guard Bureau (NGB) is sending additional personnel to support law enforcement and security operations; they’re scheduled to arrive in the affected areas in the next four days. National Guard soldiers and airmen continue staffing critical points of distribution to deliver essential resources including food and water, and continue clearing debris to open roads in affected areas. The National Guard continues search and rescue efforts in the Keys, while route clearance, shelter operations, law enforcement support, communication restoration and essential resource distribution remain a priority as well.  The National Guard is augmenting civilian law enforcement in securing areas affected by Hurricane Irma and in helping citizens rebuild their communities.
     
  • U.S. Department of Energy (DOE) continues to work with its partners to ensure that fuel remains available in the areas impacted by Hurricanes Irma and Harvey. The fuel situation is stable, and DOE is working with its interagency and private sector partners to ensure that it remains available throughout the region. The Strategic Petroleum Reserve delivered 3.1 million barrels of crude, out of the 5.3 million authorized. A blog post about these efforts can be found here, and DOE continues to provide situational updates here.
     
  • The Federal Aviation Administration (FAA) is sending a large, mobile air traffic control tower to Key West to help increase the safety and number of operations at the damaged airport. The mobile tower is currently at Bradley Airport, Connecticut and will be en route soon to Key West, and operational mid-week.
     
  • U.S. Department of Health and Human Services (HHS) response coordinators are working with federal and U.S. Virgin Islands territory agencies to identify long-term solutions for health care in the U.S. Virgin Islands; the territory’s entire medical care system and public health system were hard hit by the storm. National Disaster Medical System and U.S. Public Health Service Commissioned Corps teams have seen more than 3,700 patients, including dialysis patients evacuated from the Caribbean islands to Puerto Rico, as well as at the St. Thomas hospital, Florida shelters, and two hospitals in the Florida Keys. The HHS continues to provide the Disaster Distress Helpline (1-800-985-5990), which remains open 24/7 for free help coping with the stress of the storm.
     
  • The Center for Disease Control and Prevention (CDC) continues to provide personnel to support the efforts in Florida and the U.S. Virgin Islands, and share information about carbon monoxide and generator safety: https://www.cdc.gov/disasters/co-materials.html. The agency is currently translating guidance material into more than ten languages for survivors.
     
  • The U.S. Coast Guard (USCG) is working with the U.S. Navy and the National Oceanic and Atmospheric Administration in Key West, Florida, to open the shipping channel from the sea buoy to the Mole Pier, to facilitate the safe movement of relief supply deliveries.  However, the port of Key West remains closed at this time. Since Sept. 12, sixteen (16) tank ships have been cleared to deliver their supplies of fuel to ports in Florida. Eight additional tank ships are expected to arrive in the coming days. Coast Guard National Strike Force crews are working with local, state and federal teams on 64 pollution cleanup responses across the storm-impacted areas.
     
  • The U.S. Department of Justice (DOJ) released a message from Attorney General Jeff Sessions to those impacted by Hurricanes Irma and Harvey. To view this release, click here or see the video. The NCDF Disaster Fraud Hotline is (866) 720-5721. The Bureau of Prisons is providing updates at www.bop.gov.
     
  • U.S. Environmental Protection Agency (EPA) continues to coordinate closely with local, state, tribal and federal partners, especially the Florida Department of Environmental Protection in response to Hurricane Irma. EPA deployed six National Priority List (NPL) Assessment Teams to Florida this week and over one third, and counting, of the NPL sites in Florida have been assessed. EPA is also exercising enforcement discretion for diesel fuel use by utility work vehicles and equipment.  Florida Governor Rick Scott issued a request that will go into effect immediately, and terminates when all diesel reserves have been used or by the end of the day on September 22, 2017, whichever comes first.
     
  • The U.S. Social Security Administration (SSA) is working with the United States Postal Service and the Department of Treasury regarding check payments to be delivered. Cycle 3 benefit payments will be delivered on September 20. They estimate approximately 5,700 checks will be issued in the areas affected by Irma. The SSA will continue to monitor the status of all check payments in affected areas.
     
  • The U.S. Postal Service (USPS) continues to restore all mail processing operations in the state of Florida, including the areas hardest hit. In the Florida Keys, delivery and retail operations have resumed today in Key Largo and Tavernier. All facilities in Puerto Rico are open except for one post office.

a photo collage of men holding the American flag

VATF1 and NYTF1 personnel w/ @forestservice force protection officers re-raised US flag above the old firehouse at Fort Christian. [U.S. Virgin Islands]

Sailors work with heavy equipment to remove debris from Naval Air Station Key West, Florida

Sailors work with heavy equipment to remove debris from Naval Air Station Key West, Florida, Sept. 15, 2017. Clean up efforts are in full swing across the Florida Keys after Hurricane Irma caused extensive damage across the state. (U.S. Coast Guard Petty Officer 2nd Class Dustin R. Williams) 

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

People who were affected by Hurricane Harvey and the subsequent floods and who live in the disaster-designated Texas counties should register for FEMA assistance even if they are covered by insurance or have registered with other agencies.

Under federal law, FEMA cannot duplicate insurance settlements or other benefits, but there are cases where insured survivors might still be eligible for FEMA help.

For example:

  • Your settlement was delayed longer than 30 days after you filed a claim.
  • The settlement does not fully cover all your losses and needs.
  • You exhausted the additional living expenses provided in your policy.
  • You cannot locate suitable rental resources in your community.

You should file your insurance claims, whether homeowner’s or flood or both, as soon as possible. And you have until Oct. 24 to register with FEMA for assistance. Here’s how:

  • Log onto DisasterAssistance.gov. Registering online is the quickest way to register for FEMA assistance.
  • Those without internet access can register by phone. Call 800-621-3362 (voice, 711 or video relay service) or 800-462-7585 (TTY). The toll-free lines remain open 6 a.m. to 10 p.m. local time seven days a week until further notice.
  • Via the FEMA app, available for Apple and Android mobile devices. To download, visit fema.gov/mobile-app.

Once you have registered, you have 12 months to let FEMA know if your insurance coverage was not enough and you want to be considered for help.

To apply for assistance, fax or mail a letter to FEMA explaining the circumstances:

FEMA Individuals and Households Program
National Processing Center
P.O. Box 10055
Hyattsville, MD 20702-8055
Fax: 800-827-8112

If you have registered with other organizations, you still need to register with FEMA if you want to be considered for FEMA assistance.

Homeowners, renters and businesses in Aransas, Bee, Brazoria, Calhoun, Chambers, Colorado, Fayette, Fort Bend, Galveston, Goliad, Hardin, Harris, Jackson, Jasper, Jefferson, Kleberg, Liberty, Matagorda, Montgomery,  Newton, Nueces, Orange, Polk, Sabine, San Jacinto, Refugio, San Patricio, Tyler, Victoria, Waller, Walker and Wharton counties may be eligible for help.

FEMA has authorized Critical Needs Assistance (CNA) for all designated counties in Texas for households with immediate or serious needs due to being displaced from their primary dwelling.

Critical needs are life-saving and life-sustaining items including, but not limited to: water, food, first aid, prescriptions, infant formula, diapers, consumable medical supplies, durable medical equipment, personal hygiene items and fuel for transportation.

To be eligible for CNA a survivor must:

  • Complete a registration with FEMA;
  • Verify identity;
  • Assert at the time of registration that they have critical needs and request financial assistance for those needs and expenses;
  • Have a pre-disaster primary residence located in a county designated for CNA; and
  • Be displaced from their pre-disaster primary residence as a result of the disaster.

CNA is currently available in the following counties: Austin, Aransas, Bastrop, Bee, Brazoria, Calhoun, Chambers, Colorado, DeWitt, Fayette, Fort Bend, Galveston, Goliad, Gonzales, Hardin, Harris, Jackson, Jasper, Jefferson, Karnes, Kleberg, Lavaca, Lee, Liberty, Matagorda, Montgomery, Newton, Nueces, Orange, Polk, Refugio, Sabine, San Jacinto, San Patricio, Tyler, Victoria, Walker, Waller, and Wharton.

Funds are delivered via direct deposit or paper check payable to the eligible applicant. Critical needs funding may take longer than usual due to the magnitude of this disaster. Once made, an eligibility determination is final.

Tuesday, 19 September 2017 18:51

FEMA Fact Sheet: Critical Needs Assistance

WASHINGTON—To support the ongoing disaster recovery, the Federal Emergency Management Agency’s (FEMA) National Flood Insurance Program (NFIP) is enhancing the flood insurance claims process, and extending the grace period for paying policy renewal premiums for insured survivors affected by Hurricane Irma.

Due to the wide-spread catastrophic damage caused by Hurricane Irma, FEMA implemented temporary changes to rush recovery money into the hands of NFIP policyholders, for repair and replacement of flood-damaged properties. FEMA also wants to ensure continuous flood insurance coverage for current NFIP policyholders affected by this storm, even if the renewed policy premium cannot be paid at this time. FEMA is directing all NFIP private insurance partners to:

  • Provide advance payments on flood claims, even before visits by an adjuster;
  • Increase the advance payment allowable for policyholders who provide photographs or video depicting flood  damage and expenses, or a contractor’s itemized estimate;
  • Waive use of the initial Proof of Loss (POL) form; and
  • Extend the grace period for payment of NFIP flood insurance policy renewal premiums to 120 days. This waiver applies to all NFIP policies, whether issued by the NFIP Servicing Agent or a Write Your Own Company, written for properties in areas in the U.S. Virgin Islands, Puerto Rico, and counties in Florida that have received a Major Disaster Declaration for Individual Assistance (IA) under the Stafford Act.

Advance Payments 

The NFIP is making it easier for policyholders to receive an advance payment for their flood claim to help them begin the process of recovery as quickly as possible. After filing a flood insurance claim, the policyholder can discuss advance payment with the insurer:

  • When a policyholder contacts his/her insurer and verifies his/her identity, he/she can receive an advance payment for up to $5,000 on a flood claim without an adjuster visit or additional documentation.  When the advance payment is issued, a letter is sent to the policyholder which explains that by accepting this payment the policyholder is certifying the damage.
  • Up to $20,000 may be advanced to a policyholder who provides photos and/or videos depicting damage, and receipts validating out-of-pocket expenses related to flood loss or a contractor’s itemized estimate. Policyholders with significant damage who have a contractor’s itemized estimate may be eligible for a larger advance payment and should discuss this with the adjuster.

Advance payments are deducted from a policyholder’s final claim settlement amount. Advance payments may only be used according to the terms of the policy. For example, if a policyholder has a building/structure flood insurance policy, the advance payment must be used to repair or rebuild the structure. Or if a policyholder has contents coverage, the advance payment must be used to repair or replace contents that were within the structure. Advance payments may not be used for temporary housing and living expenses.

If a policyholder’s property is mortgaged, the lender will also be named on the advance payment issued for a building/structure flood insurance policy. In this case, the policyholder and lender will both be required to sign the advance payment check. 

Proof of Loss Waiver

To expedite processing of NFIP claims for Hurricane Irma, the NFIP is waiving the requirement for a policyholder to submit an initial Proof of Loss (POL) document. Here’s how the expedited process will work:

  • After a policyholder files a claim, a time is set up for the adjuster to inspect the flood damaged property. The adjuster will document the damage and submit a report to the policyholder’s insurance company.
  • If additional damage is discovered or a policyholder does not agree with the payment amount, a policyholder can seek additional payment if the policy’s coverage limits have not been met. A POL will be required to seek a supplemental payment on the claim. If payment is issued based upon the adjuster’s initial report and an additional proof of loss is not submitted by the policyholder, the insurer will close the file.

If a policyholder decides to request an additional payment, which must be done by completing a POL, the policyholder will have one year from the date of filing the initial claim to submit the request to the insurance company. FEMA has informed all of its NFIP insurance partners about this process and how it will work.  NFIP policyholders are encouraged to work closely with an adjuster on this expedited process.

Grace Period Extension for Policy Renewals

To ensure that policyholders affected by Hurricane Irma can focus on recovery and continue to have flood insurance coverage, FEMA is extending the current 30-day grace period of continual flood insurance coverage to 120 days, for policies in Florida, Puerto Rico, and the U.S. Virgin Islands, that were set for renewal during the immediate response to Hurricane Irma.

Policies with an expiration date of August 7, 2017, through October 6, 2017, are eligible for the grace period extension.  Payment for those policies must be received within 120 days of the policy expiration.

The NFIP cannot pay a claim for a flood loss that occurs after a policy expiration date unless the policyholder’s insurance company receives the payment in full for renewal on or before the last day of the grace period. 

The grace period extension applies to NFIP policies covering properties in Puerto RicoU.S. Virgin Islands, and Florida counties designated under the Presidential Disaster Declaration. NFIP policyholders are encouraged to contact their insurance company and report a flood claim as soon as possible.  For any policy with a renewal date on or after October 7, 2017, the normal 30-day grace period will apply.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

MIDLAND, Mich. — Michigan homeowners, landlords and business owners are reminded to check with local government building officials regarding permits before repairing or rebuilding a structure damaged by June storms and flooding.

Many building owners have already received disaster assistance grants, settled their insurance claims, or are preparing to dip into their savings to repair or rebuild their homes. Before beginning any work, state law requires you check with local officials to make sure that you have the proper permits. Repairs or rebuilding should not begin until issuance of appropriate permits.

Local governments keep track of construction activity in their areas. City inspectors make sure that the buildings being repaired or constructed meet the minimum requirements of the state building code, thereby providing safe buildings in their community.

Community building officials require you to meet current building code standards. If a home or business is located in a Special Flood Hazard Area - the 100 year flood plain - there are local ordinances that will affect how dwellings are repaired, renovated, or reconstructed. A community must enforce these regulations so that federally-backed flood insurance and most forms of disaster assistance continue to be available to local residents and property owners.

Upon final inspection of the completed project, a Certificate of Occupancy is issued to the project’s owner. At this point the building or structure is available to be used or occupied by the public.  Be sure to keep receipts for materials used or contracted work.

Once the job is complete, the insurance company will inspect the property to verify work that was done. Permits that were issued will prove the work was done by an accredited contractor.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

English: https://www.fema.gov/disaster/4326

Spanish: https://www.fema.gov/es/disaster/4326

https://twitter.com/femaregion5

All FEMA disaster assistance will be provided without discrimination on the grounds of race, color, sex (including sexual harassment), religion, national origin, age, disability, limited English proficiency, economic status, or retaliation. If you believe your civil rights are being violated, call 800-621-3362 or 800-462-7585(TTY/TDD).

While natural disasters have the unique ability to unify people, it is important to stay cognizant of scams and fraud that follow.

PropertyCasualty360 addressed potential scams in this article, noting that hurricane relief fraudsters are some of the first to appear after a storm. One way to avoid scams is to donate strictly to well-known reputable organizations such as the Red Cross or Direct Relief.  The Insurance Industry Charitable Foundation has a Hurricane Harvey disaster relief fund as well.

Affected homeowners should be wary of who they let into their home for repairs. Regulators in Florida are warning consumers not to sign Assignment of Benefits (AOB) forms to get repair work started.

...

http://www.iii.org/insuranceindustryblog/?p=5442

Thursday, 21 September 2017 18:45

DISASTER RELIEF: PREPARING FOR FRAUDSTERS

It’s easy to assume that data loss will never happen to your business. 

You’re not on the Fortune 500, so who’d want your data? And you’re not in the path of major natural disasters, so what’s the big deal? 

As far as you’re concerned, nothing is getting between you and your data — because why would it? 

Unfortunately, though, hackers and Mother Nature aren’t the only threats to your data. In fact, those are — by far — the least of your worries, and here are just a few of the reasons why.

 ...

https://continuitycenters.com/top-5-leading-causes-data-loss/

Sunday, 17 September 2017 18:44

The top 5 leading causes of data loss

The issue of causation, especially when there may be multiple causes of loss, can be a tricky one for both insureds and insurers. It comes down to what caused the loss – and in what order.

Take the example of a major catastrophe, like a hurricane, where there may be property claims arising from both wind and water. Determining the cause of loss is key to determining whether there is coverage under the terms of an insurance policy because there are two policies in play, one for wind damage and one for flood damage.

Some jurisdictions subscribe to the “efficient proximate cause doctrine” while others subscribe to the “concurrent causation doctrine”.

What’s that?

...

http://www.iii.org/insuranceindustryblog/?p=5438

Wednesday, 20 September 2017 18:43

CONCURRENT CAUSATION AND HURRICANE IRMA CLAIMS

Given modern technology demands, any form of downtime now presents problems for ongoing revenue generation. This places additional pressure on business leaders and IT departments in proving their IT disaster recovery (DR) plan’s effectiveness. In many industries, sensitive information has become increasingly regulated due to the importance in maintaining constant availability. For this reason, securing proper documentation to verify recoverability a priority.

Trouble is, not every DR solution is equal. In some scenarios, IT teams and third-party providers will take shortcuts in IT resiliency, which does nothing to truly protect technology operations. For this reason, Disaster Recovery-as-a-Service (DRaaS) has emerged as a viable option for reliable business continuity.

...

https://www.bluelock.com/blog/proving-disaster-recovery-constituents/

Sunday, 17 September 2017 18:41

Proving IT Disaster Recovery to Constituents

As a business continuity manager, you are likely to be involved in getting your colleagues to take business continuity seriously and ensure that their own departments will continue to function even in adverse conditions.

Those names in a list might make a group of people to work with, but that doesn’t necessarily mean collaboration is part of the package.

If collaboration is missing, then so the “act of working together to produce or create something” will be missing too.

Which could all too easily mean one department “ticking the box” for business continuity for itself, yet neglecting to plan to give vital support to others.

...

http://www.opscentre.com/3-ways-build-collaboration-business-continuity-management/

You may have noticed that it isn’t 2009 anymore, and the factors that define different cloud providers are more difficult to spot than they used to be.

All offer basic computing, networking and storage options.

They all also have derivative services like load balancers, databases, and queuing that allow them to sell more computing, networking and storage at a premium – and common application components you no longer have to manage.

All even have next-wave functionality built around IoT, voice-to-text (and back), AI and serverless computing.

With all that common core technology, how do you differentiate among them?

...

http://mspmentor.net/cloud-services/factors-define-different-cloud-providers

Monday, 18 September 2017 18:38

Factors That Define Different Cloud Providers

WASHINGTON – The Department of Homeland Security’s (DHS) Federal Emergency Management Agency (FEMA) is raising awareness that Hurricane Irma disaster survivors, and their friends and family, should be alert for false rumors, scams, identity theft, and fraud. Although many Americans are working hard to help their neighbors now, during chaotic times, some will always try to take advantage of the most vulnerable.

To dispel some of the false rumors circulating on the internet and social media, FEMA has a dedicated website to address some of the most common themes. Remember, if it sounds too good to be true, it probably is. Visit FEMA's Hurricane Rumor Control page to get the most accurate information from trusted sources.

Here are a few guidelines to protect yourself, or someone you care about, from disaster fraud:

Hurricane survivors are also encouraged to notify local authorities to cases of lawlessness or violence, especially in hurricane shelters. In an emergency, call 9-1-1. For other cases:

  • In Florida, report suspicious/criminal activity to 1-855-352-7233.
  • In Puerto Rico, report suspicious/criminal activity to the Puerto Rico Police by calling 787-343-2020, or by calling your local FBI office at 787-754-6000.
  • In the U.S. Virgin Islands, report suspicious/criminal activity to:
    • St. Thomas - 519-631-1224
    • St. John - 340-693-8880
    • St. Croix - 340-778-4950

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blogwww.twitter.com/femawww.twitter.com/femaspoxwww.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

t seems clear that business architecture, as a discipline, is rapidly growing worldwide. Cutter Consortium’s business architecture experts William Ulrich and Whynde Kuehn are seeing the sophistication of how people are using business architecture expanding. They’re witnessing an escalation in both the depth and quality of how people are using business architecture and a shift in focus from how to just build a business architecture practice to how to strategically leverage business architecture to transform the business and launch it forward. Organizations are realizing that business architecture is a critical for translating strategy into execution for large scopes. Business architecture is the bridge between business direction and a coordinated set of downstream actions for business and IT required to make it real.

...

http://blog.cutter.com/2017/09/13/business-architecture-is-to-stay-heres-one-example-why/

Our Communications department has received questions from Canadian news outlets on behalf of Canadian citizens who own homes in areas affected by either Hurricane Harvey or Irma. Here are some of their questions and the answers we found.  Of course, the answers below also apply to other non-citizens who own property in the U.S.

Q: Can Canadians qualify for a Federal Emergency Management Agency (FEMA) grant?

A:  It depends. To be eligible for assistance from FEMA, at least one person in the household must be a U.S. citizen, Qualified Alien or noncitizen national with a U.S. Social Security number.

 ...

http://www.iii.org/insuranceindustryblog/?p=5434

Wednesday, 20 September 2017 18:34

INSURANCE AND DISASTER AID FOR NON-U.S. CITIZENS

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:

...

https://www.alertmedia.com/5-signs-you-need-a-mass-notification-system

Sunday, 17 September 2017 18:32

5 SIGNS YOU NEED A MASS NOTIFICATION SYSTEM

The prevailing wisdom is that if you back up your data you can recover from a ransomware attack. While this premise generally holds true, simply backing up your data no longer provides an absolute guarantee that you can recover from a ransomware attack. Here are three techniques that ransomware may use to circumvent existing backups and make your “good” backups bad.

Ransomware hackers attack corporate data by infiltrating and/or bypassing corporate firewalls with viruses that encrypt corporate data. Once encrypted, they then charge a fee for the key or keys to decrypt it. Fail to pay and corporate data may become unrecoverable.

To recover from ransomware attacks, organizations have one of two choices. Pay the fee (or ransom) or take steps to recover from an existing backup. In circumstances where an organization does not have a reliable backup and needs to recover, it has little choice but to pay the ransom and hope that the key supplied by the attacker enables them to recover. The best case scenario is that the organization has a good backup and can recover without having to pay any ransom.

...

https://www.dcig.com/2017/09/ransomware-possesses-three-techniques-turn-good-backups-bad.html

In recent months and years, many have come to question VMware’s commitment to public clouds and containers used by enterprise data centers (EDCs). No one disputes that VMware has a solid footprint in EDCs and that it is in no immediate danger of being displaced. However, many have wondered how or if it will engage with public cloud providers such as Amazon as well as how it would address threats posed by Docker.

Public cloud offerings such as are available from Amazon and container technologies such as what Docker offers have captured the fancy of enterprise organizations and for good reasons. Public clouds provide an ideal means for organizations of all size to practically create hybrid private-public clouds for disaster recovery and failover. Similarly, container technologies expedite and simplify application testing and development as well as provide organizations new options to deploy applications into production with even fewer resources and overhead than what virtual machines require.

However, the rapid adoption and growth of these two technologies in the last few years among enterprises had left VMware somewhat on the outside looking in. While VMware had its own public cloud offering, vCloud Air, it did not compete very well with the likes of Amazon Web Services (AWS) and Microsoft Azure as vCloud Air was primarily a virtualization platform. This feature gap probably led to VMware’s decision to create a strategic alliance with Amazon in October 2016 to run its vSphere-based cloud services on AWS and its subsequent decision in May 2017 to divest itself of vCloud Air altogether and sell it to OVH.

...

https://www.dcig.com/2017/09/vmware-shows-new-love-public-clouds-containers.html

With the two recent hurricanes that have devastated the Gulf states area, especially Texas and Florida, at MHA we add our thoughts and prayers to those who are displaced and experiencing loss as a result.

When water, wind, and rain become overwhelming, it illustrates exactly how fragile the works of man – including businesses – truly are. Many businesses impacted by natural disasters are small and only carry minimum – or not enough – insurance to cover property damage and business interruption. Due to this and many other factors, small businesses have a challenging time recovering from natural disasters such as hurricanes.

Because of the long-lasting and sometimes terminal effect major natural disasters like hurricanes can have on businesses, this guide is intended to assist small business owners in planning and preparing for the recovery phase of natural disasters, and for use if their business is damaged during an event. By breaking the process down into simple steps, we hope we can relieve some of the stress and uncertainty. It is important that these steps and preparations be in place before the event occurs or is bearing down.

...

https://www.mha-it.com/2017/09/natural-disaster-relief/

As Texans begin to recover from Hurricane Harvey and Floridians survey the destruction from Irma, the question looms: How do major urban centers and small communities rebuild after a catastrophic natural disaster?

To recover from a such a disaster requires a massive coordinated effort. Federal, state and local governments must lead. Philanthropy, nonprofits and the private sector will be key partners. Residents will voice their views, through community planning meetings and other venues, on how best to spend disaster-recovery dollars. With so many stakeholders and rebuilding needs, the process of restoring neighborhoods and economic activity will become emotionally and politically charged. As Brock Long, administrator of the Federal Emergency Management Agency, has already warned in Texas: "This is going to be a frustrating and painful process."

For public officials to effectively steer a recovery process and for citizens to trust in the effort, reliable, transparent information will be essential. Leaders and the public need a shared understanding of the scale and extent of the damage and which households, businesses and neighborhoods have been affected. This is not a one-time effort. Data must be collected and issued regularly over months and years to match the duration of the rebuilding effort.

...

http://www.govtech.com/data/How-Reliable-Transparent-Data-Serves-as-Essential-Tool-in-Disaster-Recovery.html

What Technology Are You Using?

What system do you use to send mass messaging to your employees? If you’re like most organizations, you probably use email. According to The Internal Communication and Technology Survey of 500 respondents from SMB to global enterprises, 68 percent communicate via email with at least 80 percent of their employees, mostly for events, pulse surveys, leadership communications, employee newsletters, change communications, and HR/rewards/pension communications. Many also utilize their company intranet site, often sending an email to direct employees to the intranet site.

While these technologies can be effective, they also have plenty of drawbacks. The survey  lends us some insight into the types of challenges internal communication leaders face with email:

...

https://www.alertmedia.com/5-signs-you-need-a-mass-notification-system

Wednesday, 13 September 2017 14:59

5 Signs You Need a Mass Notification System

An Effective Business Continuity Program can Enhance Your Emergency Management Capabilities and Drive Higher Levels of Preparedness Across the Organization

Many organizations that we encounter have an obligation to support the community in time of crisis, including hospitals and utilities, for example. These organizations place a heavy emphasis on emergency management, and in recent years, we’ve seen increased implementation of the standardized Incident Command System (ICS) framework, or in the case of hospitals, the Hospital Incident Command System (HICS). There are many benefits to adopting ICS or HICS, but, most importantly, it allows organizations (both government and non-government) to operate and collaborate more effectively during emergencies. Common terms, roles, and responsibilities remove barriers to cooperation, ultimately benefiting the community.

When a community is impacted by a natural or manmade crisis, we are all better off thanks to ICS and HICS. However, many organizations are discovering that these systems may fall short when it comes to an incident that does not directly impact the communities in which they operate. While placing a heavy focus on emergency management is great (and many organizations are already mature in this space), it may not prepare an organization for unplanned resource interruptions, such as IT downtime or an unexpected facility closure. So how can an organization ensure the performance of social or community responsibilities, while protecting its own operations in the event of a more isolated disruption? Enter business continuity.

...

http://perspectives.avalution.com/2017/breaking-down-silos-evolving-an-incident-command-system-to-include-business-continuity/

After you apply for disaster assistance from the Federal Emergency Management Agency (FEMA), you may be contacted by the U.S. Small Business Administration (SBA). If you are asked to submit an application for a low-interest SBA disaster loan, don’t hesitate.

If SBA determines you are eligible for a loan, you don’t have to accept it. If you don’t qualify for a loan, SBA will refer you back to FEMA and you could be considered for other FEMA grants for Other Needs Assistance, which covers items like disaster-related car repairs, clothing, household items and other expenses. You can’t be considered for these grants unless you complete and return the SBA loan application.

Some types of Other Needs Assistance do not depend on completing the SBA application. These include, medical, dental and funeral expenses. So it’s not necessary to submit the application for those kinds of grants.

In planning your recovery, give yourself the widest possible set of options. Submitting the application makes it possible for you to be considered for additional grants, and if you qualify for a loan you will have that resource available if you choose to use it.

Applicants may apply online using SBA’s secure website at https://disasterloan.sba.gov/ela. Applicants may receive additional disaster assistance information by visiting www.sba.gov/harvey. Applicants may also call SBA’s Customer Service Center at 800-659-2955 or email This email address is being protected from spambots. You need JavaScript enabled to view it. for more information on SBA disaster assistance. Individuals who are deaf or hard‑of‑hearing may call 800-877-8339.

Homeowners may borrow up to $200,000 from SBA to repair or replace their primary residence. Homeowners and renters may borrow up to $40,000 to repair or replace personal property. Businesses may borrow up to $2 million for any combination of property damage or economic injury. The filing deadline to return applications for property damage is Oct. 24, 2017. The deadline to return economic injury applications is May 25, 2018.

"ROTTERDAM, HOLLAND - SEPTEMBER 5, 2010: Demonstration of handling of car crash victim by medics at the annual World Harbor Days in Rotterdam, Holland on September 5"

New York City completed a functional exercise to help the city’s hospital system prepare for emergency medical personnel to treat and transport children, like this young girl, after a catastrophic event.

Setting the Stage

Imagine this: Explosions across New York City target elementary schools. Hundreds of severely injured and traumatized children, teachers, and parents flood hospital emergency departments in the five boroughs. Municipal emergency medical services (EMS) are rushing to respond.

Fortunately this scenario wasn’t really happening – it was part of an exercise conducted on May 25, 2017. The exercise was designed to test the ability of the New York City (NYC) Healthcare System to respond to a massive surge of pediatric trauma patients, exceeding the usual resources of this large and complex healthcare system.

Identifying the Players

As a CDC Career Epidemiology Field Officer assigned to NYC, I worked with the experts in the Pediatric Disaster Coalition and the Fire Department of New York (FDNY). We designed an exercise that reflected the number of injured children who would need to go to the hospital and the type of injuries they might experience if a similar event really happened.

NYC has 62 acute care hospitals that participate in the 911 system. Of these, 16 are level 1 trauma centers designated by the NYC Department of Health  (this includes three pediatric level 1 trauma centers and 4 burn centers). A total of 28 hospitals care for pediatric patients and have, during the past seven years with the assistance of the NYC Pediatric Disaster Coalition, developed pediatric-specific components of their overall disaster plans to prepare them to receive pediatric patients from an incident like the one invented for this exercise. All 28 hospitals participated in the exercise.

Coordinating Resources

Hospitals who participated in the exercise were challenged to rapidly respond to more than 60 simulated patients with a range of injuries and conditions:

  • a 7-year-old boy unresponsive after a traumatic injury to his head

  • A toddler with burns to the face, chest, and abdomen

  • A 12-year-old distraught after witnessing another child lose arms in an explosion

Hospitals had to assess the resources that were available to care for the patients, including

  • What nursing and specialty staff could be made immediately available?

  • What medications and equipment, including imaging equipment and burn supplies, were needed to care for the children?

  • What communications and incident command processes would each hospital use to mobilize staff and other resources in the situation described in the exercise?

  • Which patients needed to be transferred to specialty hospitals to receive care for their injuries?

Coordination between FDNY and hospitals was critical to the success of this exercise – it supported interfacility transfers for patients who required specialty care or to better match hospital resources with patient needs. During the exercise, I met with FDNY leadership from EMS and Office of Medical Affairs physicians, and leaders from NYC Emergency Management and the Health Department at the Fire Department’s Operations Center. There, we tested the communications between hospitals, FDNY, and a volunteer pediatric intensive care physician who was trained to assist FDNY’s Office of Medical Affairs to prioritize patients for urgent interfacility transfers.

Measuring Success

Hospital Incident Command leadership discusses the availability of resources to make more pediatric beds available.

Hospital Incident Command leadership discusses the availability of resources to make more pediatric beds available.

This exercise revealed that 28 NYC hospitals were able to rapidly and dramatically increase their pediatric critical care capacity. It was the largest exercise NYC has done that was focused primarily on caring for injured children. During the exercise, these hospitals:

  • More than doubled the number of beds in pediatric intensive care units (PICUs) and added 1,105 pediatric inpatient beds, so children could stay in the hospital for an extended period of time

  • Opened 203 operating rooms that could treat children who needed surgery

During the exercise, we also identified some challenges, including

  • More than half of the hospitals did not have enough supplies that could be used to treat critically injured children

  • A limited number of pediatric specialists, including doctors who could perform brain surgery on children as well as ear, nose, and throat specialists

  • Hospital resources (beds, supplies, and staff) would have been further strained if the disaster scenario had also included large numbers of adults

We were able to identify ways to improve each hospital’s process and further develop our citywide plans to respond to any emergency that strains our healthcare system. As a pediatrician and a parent of two young New Yorkers, I’m grateful that so many dedicated people are working together to make sure that city and hospital plans account for the unique needs of children in disasters.

The NYC Department of Health and Mental Hygiene receives federal funds used to support state and local public health and healthcare system preparedness through the aligned Hospital Preparedness Program (HPP) – Public Health Emergency Preparedness (PHEP) cooperative agreement. NYC used HPP funds to fund the NYC Pediatric Disaster Coalition to design and conduct the exercise, and coordinate participation of hospitals in the exercise.

Read our other National Preparedness Month blogs:

Tuesday, 12 September 2017 17:52

CDC: Preparing for the Worst-case Scenario

With floodwaters at four feet and rising, a family in Houston, Texas abandoned their possessions and scrambled to their roof during Hurricane Harvey to sit with their pets and await rescue. Unable to reach first responders through 911 and with no one visible nearby, they used their cellphones to send out a call for help through a social media application called Nextdoor.

Within an hour a neighbor arrived in an empty canoe large enough to carry the family and their pets to safety. Thanks to a collaboration with Nextdoor, we learned of this and hundreds of similar rescues across Harvey’s path.

This story illustrates the power of systems like Nextdoor, an app designed to make communication between neighbors easy. Survivors in Houston have been using social media platforms such as Facebook, Nextdoor and Twitter to connect to rescuers, organize food and medical supplies, and find places for people to stay.

These stories support our findings showing that social ties can save lives during disasters. They demonstrate why social media platforms should have pride of place among our preparations for and initial assessments of disaster damage.

...

http://www.govtech.com/social/Why-Social-Media-Apps-Should-Be-In-Your-Disaster-Kit.html

It’s always good to show how business continuity can be a net profit generator or produce other positive and measurable advantages.

While BC is crucially important anyway, it makes it easier to “sell” to sceptics if you can show that it puts more into the business than it takes out.

Yet our attention was caught by some recent figures on the impact of business continuity management on data breaches, and at the same time the effect as organisations move from traditional to next generation IT security.

Which one does more to help organisations get back to normal afterwards?

...

http://www.opscentre.com/business-continuity-management-relevant-data-breaches/

(TNS) — WASHINGTON — The devastating paths of hurricanes Irma and Harvey have stretched the Federal Emergency Management Agency to a point unlike any in recent memory as the country looks to recover from the damage caused by record-breaking winds and flooding across Florida, Southeast Texas and South Carolina, not to mention wildfires in the West.

The two storms have illustrated how the disaster agency — unable to be everywhere at once — has been forced to become more nimble. It has evolved from a command-and-control operation into coordinator that oversees and encourages help from outside groups, such as the private sector and nonprofits, and regular citizens in Houston who were called on to break out their canoes to help stranded neighbors when traditional search and rescue teams couldn't reach them.

"You didn't use to see that 10 to 15 years ago," said Katie Fox, acting deputy administrator at FEMA. "Government folks have recognized that there is a huge amount of capability out there in the population. Engaging those folks is a huge help. It often used to be seen as a hindrance that you'd have to manage."

...

http://www.govtech.com/em/disaster/Record-Breaking-Hurricanes-Stretch-and-Strain-FEMA.html

Fitness trackers that measure your heart rate, map applications that know where you are – and calculate the best route to where you’re going, sensors that monitor diagnostics on jet engines 30,000 feet in the sky; ride-hailing apps that send a vehicle to you when summoned.

Many of us are familiar with the above services, why they’re useful and can probably even name the companies that have made them famous.

The dawn of the smartphone and the proliferation of quick LTE wireless networks paved the way for mobile applications over the last several years that are ready and able to serve right from one’s pocket.

As the “old” saying goes, there’s an app for that.

...

http://mspmentor.net/networking/are-service-providers-ready-mega-services

Tuesday, 12 September 2017 17:47

Are Service Providers Ready for Mega Services?

Online reviews are no longer simply something that trendy millennials look at before going out on the town.

Online reviews are everywhere – from Angie’s List to Yelp and beyond.

They have literally transformed how individuals and organizations evaluate goods and services providers – your MSP business, included.

Recently, I received an email from one of our clients.

...

http://mspmentor.net/best-practices/how-combat-negative-reviews-and-profit-positive-ones

Today marks the 16-year anniversary of 9/11, and as we remember those who perished and honor first responders on that day, it’s worth noting that we have not had a large-scale terrorist attack on U.S. soil since then.

From a recent discussion by property underwriters Gedion Amesias and Jeri Xu at the Swiss Re Open Minds blog:

“Since 9/11, the U.S. government and four of its allies (Five Eyes alliance) have been spending tens of billions of dollars each year on counter-terrorism. Even though it’s hard to accurately estimate, there are experts that approximate the U.S. spends around $100 billion a year on counter-terrorism efforts. Successful attacks since 9/11 have been carried out by either a lone wolf or a duo, for example the 2016 cargo truck attack in Nice by one driver, and 2013 Boston Marathon bombing by a pair of brothers. Plots that involve more people are more likely to be discovered through the surveillance of their communications, so organized large-scale plots are less likely to occur.”

...

http://www.iii.org/insuranceindustryblog/?p=5430

Global freight transport is a key component in the trade of goods and materials, but new demands on the transport network are creating fresh challenges for data. Transport companies are endeavouring to meet those new demands, but are they successful? Discover how an adaptive, intelligent supply chain – built around standards – accelerates innovation and drives change.

Imagine an advanced interconnected freight transport network that connects goods safely, quickly and cost-efficiently, a network that makes different modes of transport easier to use than ever before, and provides reliable, predictable and accessible information to enable moving a product from A to B to reach its final destination.

In today’s congested world, most would agree that the e-logistics related to movement of goods is a growing field, and one that will not plateau. Companies are seeking faster and better ways to get product to market and on consumer’s shelves or in their driveways. At the same time, many would agree that demand frequently outstrips the available capacity of transport infrastructure. There can be few companies that have not experienced sporadic load disparities, slow freight movement, or high transport expenses.

...

https://www.iso.org/news/ref2214.html

With Texas still dealing with the remnants of one major hurricane and Florida about to contend with another, Thursday’s Wall Street Journal called considerable attention to hurricane deductibles:

These deductibles were widely put in place after Hurricane Katrina in 2005 and have been standard in many states for years. But they have rarely been triggered on a large scale because few hurricanes have landed in the U.S. over the past decade.

The Journal article called them “little known provisions that allow insurers to shift thousands of dollars of damage costs” onto homeowners. Most industry experts would quickly point out that this reduces premiums – by hundreds of dollars a year in hurricane-prone states like Florida.

...

http://www.iii.org/insuranceindustryblog/?p=5418

Monday, 11 September 2017 15:57

Understanding Hurricane Deductibles

Sounds obvious? When you’re knee deep in metrics, reports, and audits, it’s not always easy to remember that without people doing their jobs, nearly every organisation will rapidly cease to function.

Does that mean you need to be socially extroverted, a psychologist, and an HR expert all wrapped into one?

No, of course not. On the other hand, a passing knowledge of some key concepts about working with people may come in handy, if you want to encourage them to build business continuity into their professional activities.

...

http://www.opscentre.com/people-important-business-continuity/

Phil Klotzbach, lead author of the Colorado State University (CSU) hurricane forecasting team, and I.I.I. non-resident scholar delivers this perspective.

After a relatively mild start, the 2017 Atlantic hurricane season has become drastically more active over the past couple of weeks. Hurricane Harvey made landfall in Texas as a Category 4 hurricane, bringing devastating rains to the Houston metropolitan area, causing at least 70 fatalities and economic losses estimated as high as $108 billion.  Following hot on its heels, Hurricane Irma developed off of Cabo Verde and has intensified into a devastating Category 5 hurricane.  Irma has wreaked death and devastation across the northern Leeward Islands, and after brushing the northern coast of by Puerto Rico, the cyclone is tracking across the Turks and Caicos, the Bahamas, and appears headed toward Florida and the southeast United States.  While landfall of a major (Category 3+ on the Saffir-Simpson Wind Scale – maximum sustained winds of 111 mph or greater) hurricane in the United States seems likely at this point, it is important to realize that other years in the recent past brought major storms in rapid succession.

...

http://www.iii.org/insuranceindustryblog/?p=5393

The Business Continuity Institute

 

In the news, we see posts about terrorism, unstable financial markets and pandemics, however of late, natural disasters appear to be taking centre stage.

Just two weeks ago, on the 25th August, we saw the disruption caused by Hurricane Harvey in Texas. Yesterday, images of the ongoing devastation of Hurricane Irma across the Caribbean begun to emerge, and today, an earthquake off the Pacific coast of Mexico takes more lives and threatens further disruption.

For individuals, natural disasters can be catastrophic; homes are damaged, at times beyond salvage and as we see during many large-scale disasters, lives are lost.

For businesses, natural disasters are equally catastrophic and damaging. Their staff may suffer physically and mentally and it’s likely that their critical infrastructure will be damaged as well as supply chains becoming disrupted for extended periods of time. 

There are many things these organizations can do to reduce the ongoing damage relating to this type of disruption. Preparation and collaboration are key. Preparing for a natural disaster isn’t a science. There’s no right or wrong way to ensure your business can continue but by ensuring you have considered the importance of your infrastructure, people welfare of all staff, and how your supply chain will be affected, you can aim to continue business within a reasonable period of time. 

When planning, by looking at collaboration opportunities, local businesses can work with others from further afield to obtain urgent supplies. They can work closely with the community to not only continue their business but to begin repairing the affected area. These local businesses can repair homes and buildings, they can provide transport for critical supplies and help to repair critical services when they’re disrupted. 

Whilst continuing business during a disaster may seem like a low priority for communities, the reality is that the quicker businesses can start supplying products and services to the community, the quicker the area can begin to recover as a whole. Whilst planning and collaboration can’t stop a disaster from happening, business continuity professionals use it as a tried and tested method to ensure their communities are restored as quickly as possible.

Download the attached files

PDF documents 

Riverbed SteelCentral and SteelHead identifies and solves application issues and provides quick access and improved uptime for critical applications

 

SAN FRANCISCO – Riverbed Technology today announced that Rockwell Collins Interior Systems, a leader in aviation cabin design and manufacturing, is using Riverbed® SteelCentral™ and Riverbed®SteelHead™ to ensure quick access to centralized applications and to improve uptime for critical applications. According to the company, SteelHead cut the time to access applications by half while simultaneously reducing bandwidth requirements by 60% and SteelCentral delivers the intelligent analytics needed to identify and resolve application issues quickly, allowing aviation specialists to spend more time developing safer, more comfortable airplanes.

“We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

Tweet This: Riverbed helps @RockwellCollins deliver safe and comfortable aircraft interiors to travelers worldwide: http://rvbd.ly/2vuVmT7

The Interior Systems division of Rockwell Collins, operating in 50 locations worldwide, is a leader in the design and manufacture of aviation interior cabin components such as oxygen systems, comfortable seating, cabin lighting, galley systems (including food and beverage preparation), advanced lavatories, and more.

The division houses all of its major applications in a co-lo data center in the U.S. delivering them across an MPLS network to remote sites. Major applications include Oracle, three ERP systems, and two Siemens PLM Software solutions: Teamcenter and NX design. The division also relies heavily on a number of proprietary .NET applications.

After centralization, access to the data was slow across the board, especially for locations that were furthest away or with limited bandwidth. “Everything took a lot longer to respond. Engineers would click on a drawing and then wait for it to download,” explained Chris Elder, senior manager of enterprise networks and data center operations for Rockwell Collins Interior Systems. “We can’t have engineers sitting around half the day waiting for things to happen on the network.”

Customer Storyhttps://www.riverbed.com/customer-stories/rockwell-collins-interior-systems.html

With productivity taking a hit, the division decided to deploy Riverbed SteelHead WAN optimization appliances throughout most of the organization, immediately boosting application performance while simultaneously reducing WAN bandwidth requirements by 60%. Elder also decided to improve visibility into the network to more quickly identify and resolve issues. He chose Riverbed SteelCentral AppResponse, a network-based application performance management solution that is integrated with the SteelHead appliances. “I’m a big fan of Riverbed,” Elder said. “We used to get a lot of complaints about network performance from the users, and we don’t hear that anymore.”

The division also needed to address nagging application performance issues. “We are primarily a .NET shop,” explained Derek Turner, Senior .NET and SharePoint developer for Rockwell Collins Interior Systems. “We have 12 custom high-availability, internal and external facing .NET applications, and nine times out of 10, when I’m troubleshooting, it’s a .NET issue.”

Turner chose Riverbed SteelCentral AppInternals, which captures and analyzes all user transactions, end to end, from the user device to the back-end while capturing system metrics every second. This complete application visibility allows IT to reconstruct incidents in the detail needed to quickly diagnose problems. Powerful analytics helps pinpoint issues down to code level allowing for faster problem solving. “Now if I get a report that something is timing out, which generally means it’s taking longer than 90 seconds to respond, with the information available to me with this tool, I can isolate the offending component in minutes,” Turner said. “This is the power of SteelCentral AppInternals.”

Gone are the days when Turner faced an unknown amount of time to first recreate a problem, then identify the root cause, and finally fix the code. “I can't explain how good AppInternals really is,” he added. “There’s nothing that I can't see or explain [with it]. Having a tool like this is life changing. Our development response time to deliver a solution to the business unit has been vastly improved.”

Riverbed Delivers Solutions for Cloud and Digital World

Riverbed is delivering solutions to help companies transition from legacy hardware to a new software-defined and cloud-centric approach to networking, and improve end user experience, allowing enterprises’ digital transformation initiatives to reach their full potential. Riverbed’s integrated platform delivers the agility, visibility, and performance businesses need to be successful in a cloud and digital world. By leveraging Riverbed’s platform, organizations can deliver apps, data, and services from any public, private, or hybrid cloud across any network to any end-point.

Riverbed SteelHead™ is the industry’s #1 optimization solution for accelerated delivery and peak performance of applications across the software-defined WAN. Riverbed SteelCentral™ product family is a performance management and control suite that combines user experience, application, and network performance management to provide the visibility needed to diagnose and cure issues before end users notice a problem, call the help desk, or jump to another web site out of frustration.

Connect with Riverbed

About Riverbed

Riverbed enables organizations to modernize their networks and applications with industry-leading SD-WAN, application acceleration, and visibility solutions. Riverbed’s platform allows enterprises to transform application and cloud performance into a competitive advantage by maximizing employee productivity and leveraging IT to create new forms of operational agility. At more than $1 billion in annual revenue, Riverbed’s 28,000+ customers include 97% of the Fortune 100 and 98% of the Forbes Global 100. Learn more at www.riverbed.com

Riverbed and any Riverbed product or service name or logo used herein are trademarks of Riverbed Technology, Inc. All other trademarks used herein belong to their respective owners.

Interstate Restoration directing resources to victims of Harvey, Irma

FT. WORTH, Texas – One of the nation’s leading disaster-recovery companies has positioned its resources in anticipation of restoration demands in both Texas and Florida.

Offering assurance to businesses already affected by or preparing to be affected by dual, massive hurricanes, Chief Executive Officer Stacy Mazur of Interstate Restoration said his company is ready to handle the unusual confluence of events.

Interstate Restoration already has 125 employees in the area devastated by Hurricane Harvey, along with 35 trucks and tractor trailers, plus about 1,500 subcontractors. Now Interstate is expanding its Florida resources, using its Boynton Beach office as a base, to help businesses get back in operation following any flooding or wind damage caused by Hurricane Irma. Interstate also has an equipment repository in Orlando, from which the company will launch operations.

“We believe we’re better positioned than anybody in the industry to fight this hurricane battle on two fronts,” said Mazur.

One of the largest concentrations of Interstate clients is in Florida, and the company recently merged with a Boynton Beach-based restoration company to increase Interstate’s capacity.

“We’re taking this (two-front challenge) seriously, with proper preparation and responsiveness,” he said.

Initially, Interstate will have more than 50 people in Florida, with more than 20 trucks and tractor trailers. Hundreds of subcontractors have already positioned themselves to join the effort.

Interstate began its preparation for Hurricane Irma last week and shared advice for clients and the general public in the path of the storm.  Mazur added a few additional items for businesses to keep in mind, with safety as a top priority:

  • Create an emergency action plan that includes instructions for both employees and customers.
  • Think about the ways you are going to communicate before the storm’s impact, during and after.
  • Download a severe-weather app onto your smartphone so you can track developments.

He added that clients in previous disaster situations have expedited recovery by posting notices on their business doors, alerting public safety officials that they should allow access to restoration companies like Interstate, and thus speeding up the recovery process.

 

About Interstate Restoration

Founded in 1998, Interstate Restoration LLC is an emergency restoration and general contractor specializing in repairing commercial property nationwide. Ft. Worth-based Interstate helps businesses recover quickly from fire, flood, and other natural and manmade disasters. This means companies and people can focus on the important stuff - like getting back to business and back to life.

Thursday, 07 September 2017 19:48

Recovering on Two Fronts:

 

Esri, the leader in spatial analytics and mapping, has created a new Hurricanes and Tropical Cyclones Story Map that identifies the potential impact of the storm through a variety maps, including:

  • Public Information Map - identifies the current and recent location of Harvey as well as forecast positions and probable track; additionally, the shaded area is called the "cone of uncertainty," the likely path of the center of Harvey.
  • Impact Summary Map - shows the storm surge by identifying locations most at risk for life-threatening inundation from storm surge; accordingly, to Esri's data, the total population at risk is 248k people, 99k households, and 10k businesses.
  • Forecast Precipitation Map – forecasts the amount of rain expected within the next 72-hour period

This map is provided by the Esri Disaster Response Program.

Thursday, 07 September 2017 19:41

Mapping the Impact of Hurricane Irma

(TNS) - As thousands of cars streamed north on Florida's roads Wednesday, carrying residents fleeing the approach of Hurricane Irma, the Category 5 storm maintained its powerful 185 mph winds on a path towards the Bahamas today and eventually, forecasters predict, a landfall Sunday afternoon on the state's southeast coast.

The latest projected track from National Hurricane Center forecasters Wednesday night had shifted east from earlier predictions on where the storm would go, based on conclusions that the system will eventually shift course from its present west-northwest trajectory and head north, along or just off Florida's east coast. However, experts underscored that the entire Florida peninsula remained within Irma's potential path, and noted that the margin of error for predictions this far out ranged from 175 to 225 miles. A shift either east or west would have dramatically different results for Florida residents, including those in Southwest Florida.

As a result, many local governments ramped up their emergency preparations, while schools set plans to close on Friday and canceled activities. Highways, gas stations and stores saw firsthand how seriously residents were taking officials' warnings. Meanwhile, mandatory evacuations began in southeast Florida.

...

http://www.govtech.com/em/disaster/Hurricane-Irmas-Path-Continues-Shift-Toward-East-Coast.html

Integrating Dangerous Goods Software into Your ERP System

Shipping hazardous materials is a complicated, time-consuming process, and today’s ever-evolving regulations make the task even more challenging. Integrating ERP and dangerous goods software systems simplifies hazmat shipping to streamline supply chain operations and maintain regulatory compliance.

Dangerous goods (DG) software should be standard for any organization that ships hazardous materials regularly. However, a recent survey shows that just having this software doesn’t automatically inspire confidence in shipping hazmat compliantly.

According to Labelmaster’s 2016 survey of DG shippers, 77 percent of participants do not consider their shipping technology to be forward-thinking, and 31 percent do not believe their companies have the right technology in place to meet emerging regulations.

In today’s rapidly changing world of regulations and complex logistics, keeping up means having the right technology and infrastructure in place. Today’s shippers should consider fully integrated DG software as a solution to help meet regulatory compliance and streamline supply chain operations.

...

http://www.corporatecomplianceinsights.com/ensuring-compliance-hazmat-regulations/

Thursday, 07 September 2017 15:43

Ensuring Compliance with Hazmat Regulations

(TNS) - Floridians hit the highways, scrambled for scarce supplies and hammered plywood over windows as a monster hurricane made landfall in the Caribbean, where it was blamed for at least four deaths.

Hurricane Irma, one of the most powerful Atlantic hurricanes, set a wild, wind-churned course toward Puerto Rico, with the U.S. mainland in its sights, probably over the weekend.

Amid an overnight assault of battering waves and 185-mph winds, two deaths were reported in French island territories, a third in Anguilla, a British territory, and a fourth in Barbuda, part of a tiny independent nation.

In Florida, Gov. Rick Scott implored constituents to obey calls to flee the storm’s path when the time came

...

http://www.govtech.com/em/disaster/Four-Deaths-Reported-as-Hurricane-Irma-Rakes-Caribbean-With-Florida-Likely-in-Crosshairs.html

Hurricane Irma begins its assault, while Texas and Louisiana begin the long road to recovery from Hurricane Harvey.

No one, of course, knows exactly what damage Irma will unleash, but it is likely to be quite different from what Harvey wrought. That’s because no two storms are alike.

Business Insider touches on the differences:

...

http://www.iii.org/insuranceindustryblog/?p=5383

Thursday, 07 September 2017 15:39

Harvey vs. Irma: Every Hurricane is Different

Fifty percent of employees say they are more productive and motivated when their bosses share information. In fact, 76 percent don’t trust bosses who fail to communicate. Obviously, internal communications are a big deal when it comes to employee engagement and satisfaction. Is there such a thing as too much communication?

Related: Employee Engagement Starts with Communication

With 24-hour access to news and social media, we have become a culture of instant and all-encompassing information. We are increasingly expecting to know it all, or at least thinking we deserve to. However, companies must sometimes make decisions about what information they believe to be appropriate for their employees and what could cause damage to morale, revenue, reputation, or retention.

This isn’t always easy. To tell or not to tell can be a dilemma. Disclose too much and you can have an internal crisis on your hands. Offer up too little and your employees may rebel, or at best grumble. The truth is, every situation requires different evaluation, but we can safely place certain issues into “Tell” and “Don’t Tell” buckets.

We offer up the top 4 things employees need to know and need not to know:

...

https://www.alertmedia.com/4-things-you-shouldnt-notify-your-employees-about/

WAYNE, Pa. – Sungard Availability Services® (Sungard AS), a leading provider of information availability through managed IT, cloud and recovery services, has appointed Kathy Schneider as Chief Marketing Officer reporting directly to Andrew A. Stern, Sungard AS' Chief Executive Officer.

Schneider will have global responsibility for Sungard AS' marketing, market strategy and corporate communications. In this role, she will drive the company's global go-to-market approach and brand strategy to further strengthen Sungard AS' market relevance and recognition, and to accelerate revenue growth. Schneider will also represent the voice of the customer, ensuring customer experience is integral to all Sungard AS' business decisions. As such, she will assume leadership responsibility for Sungard AS' European and North American Customer Advisory Boards (CABs).

"We are delighted to welcome Kathy to the Sungard AS leadership team as our CMO," said Andrew Stern. "Kathy has extensive experience developing global marketing strategies that have helped to achieve growth for both established and emerging IT businesses. As a proven marketing leader, Kathy will help Sungard AS elevate our brand, ensure that we are developing solutions aligned with customers' evolving needs, and generate increased demand to drive growth."

Schneider joins Sungard AS after more than two decades of technology and business-to-business marketing experience at country, regional and global levels in both pre-IPO and Fortune 500 companies. Her most recent role was at Level 3 Communications, where she served as Senior Vice President, Product and Marketing, EMEA. Prior to Level 3, she led global Marketing and Communications at Criteo, a leader in digital marketing and big data. Schneider also spent 14 years at Dell Inc. where she held a variety of marketing leadership roles in the U.S. and EMEA.

"For more than 35 years, Sungard AS has been reputed as the market leader for delivering recovery solutions that keep enterprises and organizations 'always on' and able to meet their business objective," said Kathy Schneider. "Over the last several years, the company has transformed its solutions portfolio to offer fully resilient production and recovery services. I am thrilled to join Sungard AS at such a pivotal time as it continues to evolve its solutions portfolio and help customers across their entire IT deployment."

About Sungard Availability Services:
Sungard Availability Services ("Sungard AS") is a leading provider of critical production and recovery services to global enterprise companies. Sungard AS partners with customers across the globe to understand their business needs and provide production and recovery services tailored to help them achieve their desired business outcomes. Leveraging more than 35 years of experience, Sungard AS designs, builds and runs critical IT services that help customers manage complex IT, adapt quickly and build resiliency and availability. Visit Sungard Availability Services at http://www.sungardas.com/en/ or call 1-800-468-7483. Connect with us on TwitterLinkedIn and Facebook.

Sungard Availability Services is a trademark or registered trademark of SunGard Data Systems or its affiliate, used under license. The Sungard Availability Services logo by itself is a trademark or registered trademark of Sungard Availability Services Capital, Inc. or its affiliate. All other trademarks used herein are the property of their respective owners.

The Business Continuity Institute

Explore the latest business continuity and resilience trends at the inaugural BCI India Conference. Open to both new and experienced practitioners, this conference will focus on the theme of business continuity excellence through personal accountability and process effectiveness, and will feature interactive sessions, case studies, plenary addresses and thought leadership from industry experts.

The BCI would like to thank Sungard Availability Services who are the headline sponsor, Send Word Now from OnSolve who are the gold sponsor, and Emreach and Regus who are silver sponsors. Thanks are also extended to NASSCOM who are ecosystem partner, and BSI who are knowledge partner. 

Thursday, 07 September 2017 14:41

BCI India Conference Sponsors

(TNS) - Almost before the rain started in Houston, economic prognosticators started trying to figure out how much Hurricane Harvey was going to cost.

The numbers kept mounting as the rainfall totals piled up. In the first few days of the storm, investment research firms estimated the total property damage at between $30 and $40 billion — not even approaching the toll of Hurricanes Katrina and Rita.

By Wednesday, Enki Research had pegged it at between $48 and $75 billion. Toward the end of the week, as the flood receded and its carnage became clear, many analysts were hailing Harvey as the nation's most destructive storm ever.

...

http://www.govtech.com/em/disaster/Harvey-Might-Have-Been-Fiercer-Than-Katrina-but-its-Effects-Could-Fade-Faster.html

This is the conclusion to a 4-part series on Business Transformation.

Recent studies tracking the progress of digitizing enterprises indicate two key trends:

  1. The number and proportion of organizations with an enterprise-wide digital strategy has increased significantly in three years.
  2. Companies are struggling to cultivate and advance their digital strategies.

Numerous causes have been cited to explain the lag in many companies’ efforts to successfully execute their digital strategies, including leaders not being fully equipped to lead digital initiatives, resistance to change, being bound by strategic decisions made 10 to 20 years ago, and many other factors.

...

http://www.enaxisconsulting.com/ready-to-launch-building-your-digital-team-blog/

Wednesday, 06 September 2017 14:29

Ready to Launch: Building Your Digital Team

It almost seems that there are as many definitions of the “blended attack” in IT security, as there are experts willing to give them.

At one end of the scale, the blended attack is defined as a piece of malicious code using a variety of delivery methods to infect systems.

About halfway along the scale, a blended attack is defined as a combination of different malwares or virtual attacks, used in combination to attain a target. And at the other end of the scale, the blended attack “gets real” in the sense that it not only has virtual components, but can be combined with physical attacks as well.

Each case needs to be assessed for the potential impact on your organisation.

...

http://www.opscentre.com/worrying-definition-blended-attack/

Many organizations consolidate their disaster recovery and IT security recovery plans into one package without asking if this approach makes sense.

Security and disaster plans are related but they are not the same, and at MHA Consulting, we advise against combining them.

How Disaster Recovery and IT Security Recovery Plans Differ

DR and IT security recovery plans appear to be very similar. Both plans include a procedure to minimize the impact of an event. They also have procedures to recover from the event and return to production, and will likely have a process to minimize the possibility of a similar event occurring again. Yet, beyond that, disaster and IT security recovery plans are fundamentally different.

The core difference between these plans is that disaster recovery is about business continuity, while IT security is about information protection. Therefore, disaster recovery plans tend to be actionable while security plans tend to be more validation and configuration driven. Part of the recovery tasks performed to make applications or environments available include the necessary security architecture and settings.

...

https://www.mha-it.com/2017/09/separate-security-disaster-recovery-plans/

Having a business continuity plan in place is all well and good, and an important part of preparing for any potential disruption in business, but if the plan sits on a shelf collecting dust, what good is it really doing? For a BC plan to truly thrive, it needs to be practiced, regularly.

Why Exercise

Organizations that perform well-planned exercises get better results when faced with the real event. It makes sense, but often companies fail to move forward with exercising plan implementation. When you regularly run tabletop, functional and even full scale exercises, drilling on all aspects of your plan, it becomes nearly muscle memory for your staff in the event of an actual incident.

...

http://www.missionmode.com/importance-regular-drills-practices-bc-managers/

WASHINGTON – The Federal Emergency Management Agency (FEMA) is raising awareness that Hurricane Harvey disaster survivors, and their friends and family, must be alert for false rumors, scams, identity theft, and fraud. Although many Americans are working hard to help their neighbors now, during chaotic times, some will always try to take advantage of the most vulnerable. 

To dispel some of the false rumors circulating on the internet and social media, FEMA created a dedicated website to address some of the most common themes. Remember, if it sounds too good to be true, it probably is. Visit https://www.fema.gov/hurricane-harvey-rumor-control to get the most accurate information from trusted sources.

Here is how to protect yourself, or someone you care about, from disaster fraud:

  • Federal and state workers do not ask for, or accept, money. FEMA staff will never charge applicants for disaster assistance, home inspections, or help filling out applications. Stay alert for false promises to speed up the insurance, disaster assistance, or building permit process.
     
  • In person, always ask to see any FEMA employee ID badges. FEMA Disaster Survivor Assistance teams may be in impacted communities providing information and assisting survivors with the registration process or their applicant files.
     
  • A FEMA shirt or jacket is not proof of identity. All FEMA representatives, including our contracted inspectors, will have a laminated photo ID. All National Flood Insurance Program adjusters will have a NFIP Authorized Adjuster Card with their name and the types of claims they may adjust.
     
  • If you are unsure or uncomfortable with anyone you encounter claiming to be an emergency management official, do not give out personal information, and contact local law enforcement.
     
  • If you suspect fraud, contact the FEMA Disaster Fraud Hotline at 866-720-5721 or report it to the Federal Trade Commission at www.ftccomplaintassistant.gov
     
  • More information on disaster-related fraud is available at the Texas Attorney General’s Office website at texasattorneygeneral.gov/cpd/disaster-scams or call -800-252-8011.
     
  • In Louisiana, disaster-related fraud information is available on the State Attorney General’s Office website at http://www.agjefflandry.com or contact the National Center for Disaster Fraud’s hotline at 1-866-720-5721.

##

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

The media will bring you the facts. Houston has been hit by one of the largest storms of the century. Despite this catastrophe, Houstonians have come together demonstrating compassion for their neighbors in need.

The community at large has come together like never before. #HoustonStrong has begun to trend on Twitter, offering up numerous examples through pictures and videos of what it means to be a strong Houstonian. The hashtag was made in honor of the city of Houston’s collective birthday. This hashtag highlights the resilient spirit of the city and its citizens throughout the many years of its existence. People from all over Houston and beyond are volunteering to help in the relief of victims caught in the path of the storm.

Multiple posts have shown evidence of people from around Texas bringing their boats to the Houston area to assist in amateur search and rescue operations. Other posts show more personal stories, one being of a Houston officer purchasing emergency supplies and food for victims of the tremendous flooding (this might be a good spot to put a link to the source). The Cowboys and Texans have officially canceled their Thursday preseason game so players can return to Houston to further help their community.

While official government funding for the relief effort is still being debated, others have taken up the mantel in an unprecedented way. Both MLB Texas teams, the Astros and the Rangers, have pledged $4 million and $1 million, respectively, in showing their support for Houston during this difficult time.
in addition to organizations and citizens, celebrities have also contributed to humanitarian efforts with their money and time. Kim Kardashian West, for example, has donated $500,000 to the relief of Houstonians. Despite how you may personally feel about certain celebrities, their contribution and their compassion for those in need have made a difference for the people in Texas.

The hashtag isn’t exclusively for content showing humans helping humans; it also includes anything that inspires hope for the people affected by the storm. The spread of positive news has inspired those in Texas and around the nation of the hope that still lingers on the horizon. Clear skies have opened up over Houston as the storm has started to migrate to southwestern Louisiana, and the sun is shining down on a different Houston, a damaged but still standing one.

Through this crisis, we have seen the resilient spirit of the American people, the unquestionable durability that America is known for. Houston is a shining example of how different people can come together and help one another. We now have confirmation that everything is indeed bigger in Texas, even their hearts.

http://resqdr.com/hurricane-harvey-houstonstrong/

Friday, 01 September 2017 15:01

Hurricane Harvey and #HoustonStrong

NEW YORK – CA Technologies (NASDAQ:CA), today announced it has been named a Leader in the prestigious “The Forrester Wave™: Continuous Delivery and Release Automation, Q3 2017” report by Forrester Research. The report evaluates 15 of the most significant continuous delivery and release automation vendors.

New #ForresterWave names @CAinc @Automic "Leader" in continuous delivery& release automation http://bit.ly/2x7JVAD

Tweet this

Vendors were evaluated on 26 criteria on their ability to support major DevOps processes for continuous delivery and release automation, including: integration with CI tools, package creation and modeling, pipeline modeling and governance, API coverage, vulnerability rectification and out-of-the-box integrations.

“We are delighted to be named a Leader in Forrester’s latest Continuous Delivery and Release Automation Wave report,” said Ayman Sayed, president and chief product officer, CA Technologies. “We believe this achievement testifies to CA Technologies success in empowering enterprises with the speed and agility they need to achieve continuous delivery and adopt digital transformation as an important strategic initiative.”

Per the report, Forrester states, “Automating the movement and deployment of infrastructure, middleware, and applications through testing is a key pain point for I&O teams today. CDRA [Continuous Delivery and Release Automation] tools remove errors from manual deployment and release processes by standardizing and automating the movement of applications between environments; this is a critical step in the delivery pipeline of applications and has a direct impact on customer experience.”1

According to the report, “CA Continuous Delivery Director and CA Automic Release Automation demonstrated good pipeline management across all pipeline stages, movement of complete releases including applications, infrastructure and middleware, remediation of vulnerabilities, defect tracking, and out-of-the-box integrations with a broad range of third party solutions including configuration management, database management tools and testing tools.”2

CA Continuous Delivery Director and CA Automic Release Automation received the highest scores possible in the deployment flexibility, deployment scenario support, advanced model creation and deployment, pipeline health and orchestration, scalable governance, planned enhancements, consulting, training and support, and innovation in delivery models and pricing criteria.

CA Automic Release Automation is the most flexible, yet scalable release automation product on the market. It is also environment agnostic, making CA Technologies uniquely positioned to help transform any enterprise for the digital age.

To learn more, visit:
CA Automic Release Automation: https://automic.com/products/application-release-automation
CA Continuous Delivery Director: https://www.ca.com/us/products/ca-continuous-delivery-director.html

1 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

2 Forrester Research, The Forrester Wave™: Continuous Delivery And Release Automation, Q3 2017, Stroud, Gardner, et al., 30 August 2017.

Tweet this: New #ForresterWave recognizes @CAinc @Automic as a “Leader” in continuous delivery & release automation: LINK @Automic #DigitalTransformation

Follow Automic Software

Automic Blog
Latest News
Join the Conversation
Join us on LinkedIn

About CA Technologies

CA Technologies (NASDAQ:CA) creates software that fuels transformation for companies and enables them to seize the opportunities of the application economy. Software is at the heart of every business in every industry. From planning, to development, to management and security, CA is working with companies worldwide to change the way we live, transact, and communicate – across mobile, private and public cloud, distributed and mainframe environments. Learn more at www.ca.com.

Follow CA Technologies

Twitter

Social Media Page

Press Releases

Blogs

Legal Notices

Copyright © 2017 CA, Inc. All Rights Reserved. All trademarks, trade names, service marks, and logos referenced herein belong to their respective companies.

Derived from the old proverb “a chain is only as strong as its weakest link”, this axiom was top of mind for me this past weekend as I prepared to lift a 20-foot section of trunk and root ball from a downed cottonwood that was blocking my creek. I carefully examined each link of the 40 feet of logging chain, I examined the winch mechanism of my “come-a-long” (read manual) winch, I searched for the right tree to which to attach my winch, I cleared the ground around me to have ample foot room, and thought through my “escape route” should the chain break.

On one of my many breaks, I started thinking about how this old adage can impact your cyber security strategies. (Yes, I really do think about this stuff all the time, even when covered in mud, creek water, and sweat!) ‘You are only as strong as your’ weakest link is something that should be on the mind of every CISO, CIO and Risk Manager.

Hackers are getting smarter. They are attacking the weakest link.

...

https://www.bluelock.com/blog/strong-weakest-link/

Thursday, 31 August 2017 20:31

You are only as strong as your weakest link

(TNS) — As scientists, engineers, and victims of Harvey try to grasp exactly how a storm got that big and destructive, some say that there might never be one answer — but that climate change, sea rise, sprawl, and randomness all converged with a vengeance on Houston.

“They are mysterious unto themselves,” William Sweet, a National Oceanic and Atmospheric Administration oceanographer, said of storms like Harvey and Sandy.

“Climate change aside, rare events happen,” Sweet said. “Oftentimes it’s not very well understood that your area might be prone to these major events. Just because you haven’t seen a storm like it in 30, 50 years doesn’t mean they aren’t prone to occur. If your region is prone to these kind of events, you need to be prepared.”

...

http://www.govtech.com/em/disaster/Five-Reasons-Harvey-Has-Been-so-Destructive---its-Not-Only-About-Climate-Change.html

Ideally, business continuity means no discontinuity.

Interruptions are prevented or avoided, and the business keeps ticking, no matter what the circumstances.

But as savvy business people know, such perfection is rarely achievable and even if it is, the costs can be astronomical.

Excellence may be a better goal, but does this mean that the occasional BC imperfection is acceptable – and if so, to what degree?

...

http://www.opscentre.com/business-continuity-prevention-detection-repair/

(TNS) - The biggest rainstorm in the history of the U.S. mainland made a second landfall Wednesday on the Gulf Coast, slowly moving away from Houston and dousing southeast Texas and southwest Louisiana.

While Tropical Storm Harvey no longer has the power of the Category 4 hurricane that slammed the Gulf Coast late Friday — it is expected to weaken as it moves north toward Mississippi and Tennessee — the National Hurricane Center warned of continued “catastrophic and life-threatening” flooding.

The Texas National Guard has made more than 8,500 rescues and 26,000 evacuations, Texas Gov. Greg Abbott said at a news conference Wednesday.

...

http://www.govtech.com/em/disaster/The-Worst-is-Not-Yet-Over-for-Southeast-Texas-Governor-Declares.html

Whew! I’m safe! I’m in the cloud, I don’t need a disaster plan!

Please don’t agree with me. I had chills just writing that. Look, it is very exciting to be out of the datacenter business. No more worries about cabinets, cables, or cooling. No more pesky power issues, counting rack units, or server procurement. 100% software defined datacenter, baby! It’s a dream and the conclusion of a many-year strategy for many. Or perhaps you’re one of the new, hip kids living the dream with containers and continuous integration.

Sure, many clouds can offer uptime SLAs, security, and features that many individual businesses could not duplicate, and we can assume, if you are now all-in-cloud, that your business uptime requirements are met when the cloud meets their SLA. However, the most important questions to ask is: “Is the business uptime requirement met if my provider doesn’t meet their SLA?” And, if they broke the uptime SLA, you’re out of guarantees. Is the business willing to risk uptime based on that SLA?

...

https://www.bluelock.com/blog/im-cloud-now-dont-need-disaster-recovery/

AUSTIN – The Centers for Medicare and Medicaid Services (CMS) issued a November 15, 2017 deadline requiring all Medicaid and Medicare providers and suppliers to have an emergency preparedness plan in place for their facility. These new rules can mean changes to familiar processes and procedures – causing headaches and added stress for healthcare compliance professionals.

But the good news is these guidelines are designed to make healthcare facilities safer, more efficient, and better at communicating around emergency situations. Meeting the program requirements may seem overwhelming, but the best way to approach the new regulations is to find a way to make them work best for your organization and to find a solution you can implement quickly and easily. New technologies such as AlertMedia’s emergency mass notification system can assist you in a big way.

1. Build an Emergency Plan

This is the first item the CMS regulations address and the best place to start when building a CMS compliance strategy. Begin with researching relevant material that will apply to your facility such as local emergency requirements and important emergency personnel contact information.The assessment checklist published by CMS recommends gathering the following information:

  • Copies of any state and local emergency planning regulations or requirements
  • Facility personnel names and contact information
  • Contact information of local and state emergency managers
  • A facility organization chart
  • Building construction and Life Safety systems information
  • Specific information about the characteristics and needs of the individuals for whom care is provided

CMS guidelines requires your emergency plan also include a Continuity of Operations Plan (COOP) for hazardous situations. CMS specifies that facilities should develop this plan with an all hazards approach taking into consideration events such as hurricanes, floods, tornadoes, fire, bioterrorism, pandemic, etc. If the event could disrupt the flow of your facility’s service in any way, it must be planned for.

Collaborate with local emergency services, analyze all hazards, discuss with suppliers, and set up a hierarchy for decision criteria for your emergency plans.

2. Put in Place Policies & Procedures

This portion of the requirements should be specific to your organization and based on the facility’s risk assessment and emergency plan. Policies and procedures must be reviewed and updated on an annual basis.

The key to fulfilling this requirement is to fully develop and document your emergency policies and procedures with a schedule for review, update, and maintenance built in to remain compliant. Build policies and procedures that work for your organization and make ongoing compliance as easy as possible.

3. Develop an Emergency Communications Plan

Proper communication before, during, and after an emergency is the key to your emergency preparedness plan. It will inform employees, patients and visitors of the situation at hand and where and what they should be doing during the event. But communicating on this scale can be a logistical nightmare.

Your organization must gather, store and update a large amount of contact information to communicate efficiently during an emergency situation. A comprehensiveemergency notification systemcan help you gather and maintain this data in a safe, efficient manner, making it a great option to use for your compliant communications plan.

AlertMedia, the fastest-growing emergency mass notification system provider in the world, has helped numerous healthcare organizations meet the Emergency Communications Plan regulations included in the CMS guidelines. Organizations use AlertMedia’s web and mobile applications to interact with their audience from any device, over any communication channel – such as voice call, text, native mobile apps, email, social media, and Slack – keeping their people safe and informed with just a few clicks.

4. Training & Testing Program

To meet the training and testing portion of the new CMS Guidelines your facility must provide:

  1. Initial training for new and existing staff in emergency preparedness policies and procedures
  2. Annual refresher training so that staff can demonstrate knowledge of emergency procedure

This section in the emergency preparedness guidelines allows for a more tailored approach that works best for your facility and the hazards your organization specifically faces. The purpose of this requirement is to ensure that the processes you've put in place work well, are fully compliant, and are understood by the members of your team. If you've put solid systems in place, you’ll simplify your program training and testing.

Summary

The new CMS guidelines are designed to ensure patients, visitors, personnel and government officials are safe and informed during natural and man-made critical events. Improved emergency communications help ensure the safety of your facility and your people. One of the best technological investments your healthcare facility can make in preparation for these new guidelines is a multi-layered mass communication system like the AlertMedia platform. You can keep your people safe when you keep them informed.

About AlertMedia

As a mass communications and monitoring company, AlertMedia helps hundreds of global organizations securely and effectively monitor threats, streamline notifications, and improve employee safety. The company’s cloud-based platform delivers communications that protect organizations, improve operations, and mitigate loss from any location, at any time, using any device. For more information, call (800) 826-0777 or visit www.alertmedia.com.

The Business Continuity Institute

On Friday 25th August 2017, Hurricane Harvey hit Texas, in the USA. The natural disaster has brought record levels of rainfall causing widespread flooding.

The level of disruption in Houston has hit unprecedented levels, affecting health, homelessness and economy. Hospitals have had to be evacuated, homes have become damaged and uninhabitable and businesses have been forced to close. With widespread power cuts, emergency services have been relying on backup systems to continue offering care to those most in need.

Could anything be done better at this stage of the crisis? Looking back to 2005 and Hurricane Katrina, in New Orleans; evacuation led to congestion, lack of resources resulted in poor health and social care, and widespread panic lead to looting and damage to businesses. More than a decade later, New Orleans still hasn’t recovered. Their population is significantly lower than pre-Katrina and their businesses still struggle to trade.

12 years on however, the military are on site to reduce disruption to people and businesses in the affected areas of Texas. Supplies and generators have been shipped in, and engineers are onsite in an effort to restore Houston’s critical infrastructure whilst evacuation efforts are planned and prioritised around those most at risk. On the surface, the response effort appears more coordinated.

Whilst the efforts will continue to focus on the safety of residents, the effects on businesses will not be clear until much later. It does seem that businesses were better prepared with emergency response and business continuity plans already in place. Renovation and restoration organizations prepared for the storm by safeguarding their stocks and have put a lockdown on service inflation in the area. Farmers and traders worked tirelessly to protect their crops and although not a failsafe approach, have managed to bring at least some of their produce to safety. Local businesses have invoked their disaster recovery plans and are preparing to repair damage in disrupted areas as soon as possible, however with supply chains disrupted and entry roads blocked, this is likely to be a lengthy and difficult task.

At this early stage, it would seem that lessons were learned relating to preparedness, however whether the response has been proactive enough to ensure the regeneration and continuity of Houston and affected areas will only be seen over time.

Download the attached files

PDF documents  

Companies today know they need to fully and effectively leverage all data—including the increasing digitization of human communications and the data being generated by everything from light bulbs to smartphones. They know they must capture a wide variety of data, store it in a way that makes it accessible, and query it based on the rapidly changing needs of the business. They also know that they can’t get by with rigid, predetermined schemas . What they are finding, however, is that this is much easier said than done.

What’s standing in their way? Many things, unfortunately; but there are five big challenges that companies must overcome in order to fully exploit their data along with partner data, and other external data sources.

...

http://www.datacenterknowledge.com/archives/2017/08/29/five-challenges-companies-must-overcome-make-use-data/

“89 percent of IT leaders are planning in implementing more cloud-based disaster recovery in the next year.” -Lauren Cooke, 

Within the decade, the adoption of cloud computing and hybrid-cloud computing applications in organizations has risen exponentially. Businesses are realizing the cost effectiveness of having business continuity and disaster recovery cloud-based solutions. From enterprise to small business, 75 percent of teams recognize the cloud’s ability to offer them offsite backups and stronger business continuity. (source)

...

http://www.bcinthecloud.com/2017/08/bcdr-in-the-cloud-are-you-behind-the-curve/

Wednesday, 30 August 2017 14:33

BC/DR in the Cloud, Are You Behind the Curve?

An architectural risk assessment is not a penetration test or merely a vulnerability scan. It is an engineering process with the aim of understanding, defining, and defending all the functional output from customers, line workers, corporate staff, and client-server interactions. Architectural risk assessments include ethical hacking, source code review, and the formation of a new network design.

As Fred Donovan wrote in the Cutter Consortium Executive Update, Architectural Risk Assessment: Matching Security Goals to Business Goals, “Performed correctly, [an architectural risk assessment] will empower the technology staff and enable the business to focus less on security and more on customers.”

According to Donovan, the first step of an architectural risk assessment is to conduct interviews with line workers — the people who interact daily with customers. These line workers who know many of the issues — without understanding the technical details — that may negatively affect customer interaction with a running application. This knowledge will benefit the redesign of the network architecture.

...

http://blog.cutter.com/2017/08/29/conducting-an-architectural-risk-assessment-step-1/

Establishing your business continuity strategy starts with considering your organization’s objectives, legal and regulatory requirements, personnel, and products or services, along with your customers and clients. Before jumping in to identify and develop your strategy and plans for business continuity, there are some preparations you can perform to help you successfully implement a functional program. These are:

  • Seek support from senior management.
  • Engage a competent third-party BCM consultant.
  • Develop a basic plan if nothing exists.
  • Appoint your BCM team.
  • Perform a business impact analysis (BIA).
  • Develop the BC strategy.
Seek Support from Senior Management

Without management support and engagement, it is difficult for a BC program to provide value and succeed in its goals. Management should form a steering committee to assist with funding and facilitation of cross-departmental issues. Providing regular status updates and reports on the added value of the program will help you garner support and understanding from senior management.

...

https://www.mha-it.com/2017/08/business-continuity-strategy/

It’s a common misconception many businesses have that sever weather incidents won’t drastically change the way they operate even if this unexpected severe weather occurs in their geographic area. However, according to FEMA, this simply isn’t the case. In fact, FEMA estimates 40% of all businesses are forced to close immediately after a disaster and another 25% of businesses will fail within one year. Knowing these sobering statistic begs us to take a closer look at exactly how severe weather may impact your business.

Building Damage/Loss of Facilities

The most obvious way severe weather can hit home is when it causes structural damage to your company’s building or even destroys the facility all together. Whether it’s a flood, tornado, hurricane, fire, or any other terrible act of mother nature, losing the place your staff reports to every day to perform their work has a tangible impact on your business operations. You’ll need a plan in place for backup facilities and/or remote work options.

...

http://www.missionmode.com/closer-look-severe-weather-can-disrupt-business/

(TNS) — Heeding orders not to evacuate but instead to shelter in place, hundreds of Houston residents found themselves trapped in their homes Monday as floodwaters from Tropical Storm Harvey rose around them.

“We have no power, no water. We’re flooded in. We need help,” said Dana Godfrey, 46, who was stranded with her 24-year-old son in an apartment complex surrounded by water in the Lake Houston neighborhood. “They never told us to evacuate. It’s never flooded over here.”

Godfrey said she was terrified over reports that robbers were casing homes in flooded areas. Her calls to overwhelmed emergency services had failed to yield any response by Monday evening. Across the city, residents were reporting 911 calls that went unanswered, or being put on long holds, then told that emergency personnel could not immediately be dispatched.

...

http://www.govtech.com/em/disaster/They-Were-ordered-Not-to-Evacuate-Now-Many-Families-in-Houston-Find-Themselves-Trapped-in-their-Homes.html

FEMA may provide Transitional Shelter Assistance (TSA) to applicants who are unable to return to their pre-disaster primary residence because their home is either unihabitaable or inaccessible due to a Presidentially-declared disaster. TSA is intended to reduce the number of disaster survivors in congregate shelters by transitioning survivors into short-term accomodations through direct payments to lodging providers. TSA does not count toward an applicant’s maximum amount of assistance available under the Individuals and Households Program (IHP).

TSA is funded under Section 403 of the Stafford Act and is subject to a state cost-share. The State may request that FEMA authorize the use of TSA for the declared disaster in specific geographic areas.

The affected state, territorial, or tribal government may request TSA. This form of assistance may be considered when the scale and projected duration of the declared incident results in an extended displacement of disaster survivors. The state, territorial, or tribal government, in coordination with FEMA, identifies areas that are inaccessible or that incurred damage which prevents disaster survivors from returning to their pre-disaster primary residence for an extended period of time.

Under TSA, disaster survivors may be eligible to stay in an approved hotel or motel for a limited period of time and have the cost of the room and taxes covered by FEMA. For those who are eligible, FEMA will authorize and fund, through direct payments to participating hotels/ motels, the use of hotels/motels as transitional shelters.  The applicant is responsible for all other costs associated with lodging and amenities, including, but not limted to  incidental room charges or amenities, such as telephone, room service, food, etc.

The initial period of assistance will be 5-14 (adjustable to 30 days, if needed) days from date of TSA implementation. FEMA, in conjunction with the state, territorial, or tribal government, may extend this period of assistance, if needed,  in 14-day intervals for up to six months from the date of disaster declaration.

Individuals and households who are not eligible for TSA will be referred to local agencies or voluntary organizations for possible assistance.

Individuals and households may be eligible for TSA, if:

  • Register with FEMA for assistance
  • Pass identity and citizenship verification
  • Their pre-disaster primary residence is located in a geographic area that is designated for TSA
  • As a result of the disaster, they are displaced from their pre-disaster primary residence
  • They are unable to obtain lodging through another source

FEMA provides eligible applicants access to a list of approved hotels in their area, and applicants may choose to stay at any approved hotel or facility identified by FEMA. The list of approved hotels is available at http://www.femaevachotels.com/index.php or the FEMA Helpline. FEMA provides applicants with access and functional needs additional assistance in locating approved hotels to meet their needs.

FEMA bases the amount of TSA on the maximum lodging rate plus taxes for the locality, as identified by the General Services Administration (GSA).

Extending TSA

When FEMA extends TSA eligible applicants are allowed to remain in transitional sheltering through the end of the extended interval if they are otherwise eligible for IHP Assistance, or both

of the following apply:

  • FEMA is currently considering the applicant’s eligibility for Temporary Housing Assistance or is waiting for documentation from the applicant needed to consider eligibility
  • They meet other conditions of eligibility established by FEMA and the coordinating state, territorial, or tribal government

Ending TSA

  • If an applicant who is receiving TSA is approved for Rental Assistance, their TSA-eligibility will terminate at the end of the 14-day interval.
  • Applicants who are not eligible for IHP Assistance may only remain in transitional sheltering until their TSA interval expires.

###

FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 29 August 2017 17:11

FEMA: Transitional Shelter Assistance

FEMA may provide financial assistance to individuals and households who, as a result of the disaster, have immediate or critical needs because they are displaced from their primary dwelling. Immediate or critical needs are life-saving and life-sustaining items including, but not limited to: water, food, first aid, prescriptions, infant formula, diapers, consumable medical supplies, durable medical equipment, personal hygiene items, and fuel for transportation. Critical Needs Assistance (CNA) is awarded under the Other Needs Assistance provision of the Individuals and Households Program (IHP) and is subject to a state cost share. It is a one-time $500 payment per household. The State must request that FEMA authorize CNA in a disaster for specific geographic areas that are expected to be inaccessible for an extended period of time (i.e., seven days or longer). The eligibility period for CNA corresponds to the standard registration period for IHP, which is 60 days from the date of the Presidential disaster declaration.


Individuals and households may be eligible for CNA if all of the following have been met:

  • A registration is completed with FEMA;
  • The applicant passes identity verification;
  • At registration, the applicant asserts that they have critical needs and requests financialassistance for those needs and expenses;
  • Their pre-disaster primary residence is located in a county that is designated for CNA; an
  • The applicant is displaced from their pre-disaster primary residence as a result of the disaster.

###


FEMA’s mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards.

Tuesday, 29 August 2017 17:09

FEMA: Critical Needs Assistance

Once upon a time, IT security was all about building the highest wall possible to keep attackers out and corporate users and systems safe.

Collaboration, cloud computing, and data mobility changed all that.

Although the list of bad actors may not have changed, their methods have and so have the relative levels of risk associated with each one. Insider threats are now only equalled in diversity and range by cyber terrorists. It’s time to take the insider threat seriously.

Key cyber threat sources can be categorised as nation states, cyber criminals, cyber terrorists, hacktivists, hackers, competitors, and insiders.

...

http://www.opscentre.com/rise-rise-insider-threat-it-security/

Broadly speaking, there are two approaches to structuring a business continuity program.

A centralized structure involves leading and executing the business continuity planning process within a single team and engaging the business as needed.

A decentralized structure involves leveraging a small number of centralized resources that offer consultative assistance and performance measurement while resources dispersed throughout the business execute the actual planning process.

...

http://perspectives.avalution.com/2017/business-continuity-planning-centralized-and-decentralized-approaches/

WASHINGTON – The compassion and generosity of the American people is never more evident than during and after a disaster. It is individuals, non-profits, faith- and community-based organizations, private sector partners, and governmental agencies working together that will most effectively and efficiently help survivors cope with the impacts of Tropical Storm Harvey.

Please follow a few important guidelines below to ensure your support can be the most helpful for Tropical Storm Harvey disaster survivors.

TO DONATE TO RELIEF EFFORTS

The most effective way to support disaster survivors in their recovery is to donate money and time to trusted, reputable, voluntary or charitable organizations.

Cash donations offer voluntary agencies and faith-based organizations the most flexibility to address urgently developing needs. With cash in hand, these organizations can obtain needed resources nearer to the disaster location. This inflow of cash also pumps money back into the local economy and helps local businesses recover faster.

Please do not donate unsolicited goods such as used clothing, miscellaneous household items, medicine, or perishable foodstuffs at this time. When used personal items are donated, the helping agencies must redirect their staff away from providing direct services to survivors in order to sort, package, transport, warehouse, and distribute items that may not meet the needs of disaster survivors.

Donate through a trusted organization.  At the national level, many voluntary-, faith- and community-based organizations are active in disasters, and are trusted ways to donate to disaster survivors. Individuals, corporations, and volunteers, can learn more about how to help on the National Voluntary Organizations Active in Disaster (NVOAD) website.

In addition to the national members, The Texas Voluntary Organizations Active in Disaster (Texas VOAD) has a list of vetted disaster relief organizations providing services to survivors.  Texas VOAD represents more than three dozen faith-based, community, nonprofit and non-governmental organizations.    

TO PERSONALLY VOLUNTEER IN THE DISASTER AREAS

The State of Texas is asking volunteers to not self-deploy, as unexpectedly showing up to any of the communities that have been impacted by Hurricane Harvey will create an additional burden for first responders.

The National VOAD has also noted the situation may not be conducive to volunteers entering the impacted zone and individuals may find themselves turned away by law enforcement.

To ensure volunteer safety, as well as the safety of disaster survivors, volunteers should only go into affected areas with a specific volunteer assignment, proper safety gear, and valid identification.

At this time, potential volunteers are asked to register with a voluntary or charitable organization of their choice, many of which are already in Texas and supporting survivors on the ground.

The National and Texas VOAD websites are offering links to those who wish to register to volunteer with community- and faith-based organizations working in the field.

Most importantly, please be patient. Although the need is great, and desire to help strong, it is important to avoid donating material goods or self-deploying to help until communities are safe and public officials and disaster relief organizations have had an opportunity to assess the damage and identify what the specific unmet needs are.

Volunteer generosity helps impacted communities heal from the tragic consequences of disasters, but recovery lasts much longer than today. There will be volunteer needs for many months, and years, after the disaster, so sign up now.

Tropical Storm Harvey is still dangerous, with the potential to impact additional areas of Texas and Louisiana. As the situation changes, needs may also change in these areas. Continue monitoring traditional and social media channels to learn more.

###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

This has been quite the extraordinary week with the solar eclipse (amazing) on August 21 followed only a few days later by Hurricane Harvey (horrific), which is causing "epic, catastrophic" flooding in Houston, Texas,  the 4th most populated city in the US. 

The path of the hurricane can be viewed here. 

To emphasize the significance of this natural disaster, which has been called a one in a 500 year flood, major news sites such as The Washington Post, The Wall Street Journal, and The New York Times, have all removed their paywalls, which is also being already referred to as the worst natural disaster to ever hit Texas.

You may ask, why worry about what is happening in Texas? First of all, this natural disaster hits "close to home." As an academic,  I know many faculty at universities in Texas and to see some closing down, making tough decisions as to what to do with students, and when to reopen,  reminds me of Hurricane Sandy back in October 2012 when my daughter was a college freshman and her college (as did many in the affected areas of the Northeast) closed, and she could not even make it back to Amherst because there was no public transportation due to fuel shortages. A niece of mine had just started her freshman year at Tulane University in New Orleans when Hurricane Katrina struck but she had had sufficient warning that she was able to get a flight back to Kansas and that university was closed for an entire semester. And my daughter had spent the summer before her senior year of college as an intern researcher at the marvelous Lunar and Planetary Institute, which is located in Houston. I remember her flying from Sweden where she was visiting me when I had an appointment as a Visiting Professor at the University of Gothenburg and flying then to Houston, which had had some rain, and I was worried at that point about flooding. Now, because of Hurricane Harvey, there are very few passable roads in the surrounding Houston area, flights are halted at both Houston airports (how would crews and workers even make it there?), hospitals are without power and running water, and folks are being told to shelter in place and to bring axes to their attics so that they can break through attics to the rooftops to be rescued. 911 operators are overwhelmed with calls.

...

http://annanagurney.blogspot.com/2017/08/hurricane-harvey-texas-and-all-of-us.html

Tuesday, 29 August 2017 16:51

Hurricane Harvey, Texas, and All of Us

Protect your health and safety, follow state, local and tribal official instructions to shelter in place or evacuate

WASHINGTON – The federal government’s emergency responders continue to respond to states, local communities, and tribes as impacts continue across southeast Texas.

FEMA’s priority continues to be protecting the lives and well-being of those in affected areas; the federal government is focusing on search and rescue and first responder operations to ensure people who need help get assistance.   

FEMA urges those in the affected areas to follow the instructions of state, local, and tribal officials, including instructions to shelter in place or evacuate. Evacuees should not return to evacuated areas until they are told by local officials that it is safe to do so.

Federal resources are positioned closer to the impacted areas of Texas and Louisiana, and are ready to provide assistance as needed and requested by federal, state, local and tribal partners.

As of last night, FEMA had more than 900 Urban Search and Rescue (US&R) personnel working to save lives in south Texas.

Commodities are being strategically located at Incident Support Bases (ISB) near the impacted areas. As of yesterday, more than 1,000,000 liters of water, 1,000,000 meals, 20,520 tarps, and 70 generators are at the ISBs and staging areas in Texas and Louisiana. FEMA is providing around-the-clock staffing at its distribution center in Fort Worth, Texas, and is shipping additional commodities to ISBs and staging areas.

The overall federal response includes:

  • The National Emergency Medical Services activated a contract for 100 ambulances and 15 air ambulances for advanced and basic life support, and are staged in San Antonio, Texas.
  • Mobile Emergency Response Support (MERS) personnel and equipment are on the ground in Texas and Louisiana to support the states with secure and non-secure voice, video and information services for emergency response communications needs. The following teams and assets are on the ground in Texas:
    • 65 MERS personnel
    • 10 mobile communication office vehicles in support of US&R, IMAT, ISB, and survivor assistance.
  • The Incident Management Assistance Teams are in place at the Texas and Louisiana state emergency operations centers in Austin, Texas and Baton Rouge, Louisiana, to support requests for federal assistance. Additional teams continue to deploy as the response continues.
  • The National Business Emergency Operations Center remains activated and is facilitating critical life-saving and life-safety information to private sector stakeholders as they are communicating with employees in the impacted area and preparing to send additional relief supplies.
  • The National Flood Insurance Program has General Adjusters situated in Texas and Louisiana to support initial damage assessments and assist with positioning adjuster resources.
  • FEMA has more than 1,800 FEMA employees deployed in support of the response. They are supplemented by an additional 341 U.S. Department of Homeland Security (DHS) employees deployed as part of our surge capacity force. These surge capacity individuals begin rapid strike training today, and will be in the field shortly.

Ongoing Support and Preparedness Efforts:

The American Red Cross (ARC) continues to mobilize massive relief efforts to provide shelter, food and comfort. More than 1,800 people took refuge Saturday night in 34 Red Cross and community shelters in Texas.  In Louisiana, one shelter is open with 8 people there Saturday night.  Red Cross is directing people in need of shelter to call 1-800-REDCROSS (1-800-733-2767), visit http://www.redcross.org or download the Red Cross App.  Local officials can also provide information on shelters. Anyone who plans to stay in a Red Cross shelter should bring prescription medications, extra clothing, pillows, blankets, hygiene supplies, other comfort items and important documents. Bring any special items for children, such as diapers, formula and toys, or for family members who have unique needs. Red Cross is also directing people in life-threatening situations who need rescue to call 9-1-1 or the U.S. Coast Guard at (281) 464-4851.

The U.S. Army Corps of Engineers (USACE) has three divisions and five districts actively involved in the response. USACE has deployed liaison officers and subject matter experts to state and FEMA facilities to provide technical assistance, and a Prime Power Planning and Response Team, which includes temporary power restoration assets to the immediate vicinity. Additionally, USACE districts in affected areas continue flood-fighting activities such as stockpiling and issuing flood-fighting materials (sandbags and materials/fabrics that keep soil in place) to local government entities, and monitoring flood risk reduction projects in an effort to mitigate the effects of flooding in the area.

The Bureau of Safety and Environmental Enforcement is working with industry and state and federal agencies, to report the evacuation of offshore oil and gas platforms and rigs due to the storm. Personnel have been evacuated from 89 production platforms and four drilling rigs.

The U.S. Coast Guard (USCG) has over 420 personnel conducting operations in South Texas.  The Coast Guard had confirmed rescues of 2,000 multi-person cases in the Houston and Galveston area, with 16 helicopters in the air and 8 more inbound. The Coast Guard also has an additional nine teams onsite doing shallow water rescues. More information on USCG rescue operations is available on their website at:  http://www.news.uscg.mil/.

The Corporation for National and Community Service (CNCS) deployed more than 225 AmeriCorps members to the region to support American Red Cross shelter and feeding operations, and FEMA’s disaster damage assessments and logistics. These teams are trained to provide expert manpower for shelter operations, debris removal, and volunteer and donations management.

The Department of Defense (DoD) Defense Logistics Agency (DLA) is deploying the DLA Distribution Expeditionary depot package to FEMA’s ISB at Randolph Air Force Base, near Seguin, Texas.  DoD will provide a Search and Rescue (SAR) package to include two SAR planners, nine SAR rotary wing aircraft, two fixed wing aircraft, pararescue teams, and associated command and control elements. These SAR assets are deploying to Joint Reserve Base, Fort Worth, Texas. The DoD Defense Logistics Agency provided Logistics Management and Resource Support to include 11 generators, 50,000 gallons of motor fuel, and 50,000 gallons of diesel fuel.

The U.S. Northern Command is providing a Defense Coordinating Officer with supporting staff element (DCO/DCE) to support DoD regional knowledge, requirements validation, and liaison services, including State/Emergency Preparedness Liaison SEPLO/EPLO Teams as necessary.  DoD also provided Randolph-Seguin as an ISB/Federal Staging Area to support forward distribution of supplies/equipment to the affected area.

The U.S. Department of Energy (DOE) responders remain active at its sites in Washington D.C. and Texas. DOE is continuing to assess the situation, impact and needs in affected areas, and is continuing to provide situation reports at https://www.energy.gov/oe/downloads/hurricane-harvey-situation-reports-august-2017. Patience will be essential, since it may take time to both complete damage assessments, and for energy repair crews to begin their critical work of restoring energy supplies to affected communities. DOE is also working closely with the Energy Information Administration to assess any potential impacts to oil and natural gas from Tropical Storm Harvey.

The U.S. Environmental Protection Agency (EPA) Administrator Scott Pruitt, in coordination with DOE’s Secretary Rick Perry, yesterday requested to expand Texas’s emergency fuel waiver signed on Saturday. The waiver now includes the four-county Dallas-Fort Worth reformulated gasoline (RFG) area, the 98-county area required to use low volatility fuel, and the 110-county area required to use Texas Low Emission Diesel (TxLED).  The waiver helps ensure an adequate supply of gasoline is available in the affected areas until normal supply to the region can be restored.  EPA is continuing to actively monitor the fuel supply situation as a result of the storm, and is ready to act expeditiously if extreme and unusual supply circumstances exist in other areas.

The Federal Communications Commission (FCC) continues to monitor the status of communications networks and is coordinating with providers and government partners on communications status and restoration in the affected areas. The FCC released its first communication status report for areas impacted, the information is available at www.fcc.gov/harvey.

U.S. Department of Health and Human Services (HHS) Secretary Tom Price declared a public health emergency for Texas on Saturday to allow health care facilities to provide care unimpeded. In addition, HHS has more than 500 personnel on the ground in Texas and Louisiana and more than 1,000 on alert. They deployed approximately 53,000 pounds of medical equipment and supplies to support medical and public health needs in the affected areas. HHS helped arrange for evacuation of three Texas hospitals Saturday, and has begun working with state and local agencies to assess damage and needs of mental health centers, dialysis centers, pharmacies, and other critical health infrastructure.

The Department of the Interior (DOI) is expanding its support activities through six mission assignments, including the U.S. Geological Survey providing advance support, real-time field measurements, and daily reporting of water heights via deployed storm-tide sensors to help public officials assess storm damage, discern between wind and flood damage, and improve computer models used to forecast future floods. USGS is also supporting collection of remote-sensed imagery, updating coastal change forecasts based on storm surge forecasts, and liaising with the Texas State Emergency Operations Center.

The National Park Service (NPS) and Office of Aviation Services are expanding search and rescue activities, including use of Unmanned Aerial Systems (drones) for search and rescue operations and to provide imagery for identifying high priority search areas.

The National Guard Bureau (NGB) has over 1,000 service members in the region ready to move in for various assessment, search and rescue, and recovery missions, with approximately 3,000 service members activated last night.  NGB is closely coordinating with the Texas and Louisiana National Guard to ensure all requirements are met for forces and equipment. Guard members in Texas are prepared to support civil authorities by saving lives, preventing injuries and protecting property. NGB has also been messaging safety on social media at https://twitter.com/ChiefNGB.

The U.S. Postal Service is updating employees, residential and commercial customers through telephone call centers, traditional and social media. They are maintaining emergency operations centers to assess and direct resources and assets for mail support.  They have security and damage assessment of facilities underway, and are reviewing conditions for restoration of service on a case by case basis.  

The U.S. Department of Transportation (DOT) Operating Administrations are actively monitoring Hurricane Harvey and its impacts.   DOT has proactively issued emergency declarations to remove restrictions in order to hasten the delivery of emergency equipment and supplies to the region.   All of the Department’s administrations are poised to support the State of Texas with post storm recovery efforts.

The USA.gov and GobiernoUSA.gov are supporting federal agency messaging efforts on the USA.gov & GobiernoUSA.gov home pages and compiling federal agency updates and messaging on Tropical Storm Harvey pages, found at https://www.usa.gov/hurricane-harvey and https://gobierno.usa.gov/huracan-harvey.


 ###

FEMA's mission is to support our citizens and first responders to ensure that as a nation we work together to build, sustain and improve our capability to prepare for, protect against, respond to, recover from and mitigate all hazards.

Follow FEMA online at www.fema.gov/blog, www.twitter.com/fema, www.twitter.com/femaspox, www.facebook.com/fema and www.youtube.com/fema.  Also, follow Administrator Brock Long’s activities at www.twitter.com/fema_brock.

The social media links provided are for reference only. FEMA does not endorse any non-government websites, companies or applications.

(TNS) - Bobby Lopez first tried calling 911 at about 3 a.m. Sunday.

The floodwaters that had gushed into his parents’ Houston garage were rising. The table where his mother, a partially blind and diabetic 60-year-old, sat with Lopez’s father and their 3-year-old grandchild would soon be engulfed.

He’d tried driving to them in his truck, but the roads were impassable.

Lopez said he tried calling again, and each time, he was told that dozens of people were ahead in line for help. His parents, too, had dialed 911.

So Lopez did what countless others have done in the wake of a storm that has devastated a region and overwhelmed emergency dispatchers: He took to social media in hopes that someone — anyone — would see the plea and come to his family’s rescue.

...

http://www.govtech.com/em/disaster/When-911-Failed-Them-Desperate-Harvey-Victims-Turned-to-Social-Media-for-Help.html

How would you rate your organization’s GDPR readiness? Hanzo CEO and Chairman Kevin Gibson offers five questions every compliance officer should be considering ahead of next May’s deadline for GDPR compliance. Specializing in heavily regulated industries, Hanzo is the world leader in the legally defensible capture, preservation and analysis of web and social content. Herein Kevin provides some concrete guidance on compliance in the face of the data protection regulations.

On May 25, 2018, the European Union (EU) will see a seismic shift in data security practices as the General Data Protection Regulation (GDPR) takes effect. Proactively working toward GDPR compliance before the deadline may be the difference between smooth or choppy waters, as any failure to comply with GDPR exposes organizations to fines of up to €20 million (US $23.5 million) or 4 percent of global revenue — whichever is higher. This is true not only for organizations headquartered in the EU, but also for any entity around the world whose business involves providing goods and services to EU citizens and therefore is privy to their personally identifiable information (PII).

Knowing the answers to five key questions will prove essential to becoming and remaining GDPR compliant and avoiding both fines and potential loss of business.

...

http://www.corporatecomplianceinsights.com/5-questions-compliance-asking-gdpr/

In theory, IT should be a boon for business continuity. Speed, reliability, automation, efficiency, productivity, all these things are positive effects available by moving to a digital environment driven by information technology.

However, IT also brings its own risks of interruption and breakdown. These can then compromise the continuity of an entire organisation.

Consultancy firm EY published a report a little while back. Here’s an overview of some of the main drawbacks in using IT, with a few pertinent updates:

...

http://www.opscentre.com/is-it-getting-in-the-way-of-business-continuity/

Industry experts assert that because the manipulation and communication of information is now a core function of most organizations, comprehensive data management strategies are vital. But despite being mission critical, the data center often remains siloed –  a necessary, but not strategic, business service.

However, in an economic landscape defined by digital disruption, and where businesses are transforming at lightning speed, this is finally set to change. The innovations revolutionizing business – cloud computing, social media, mobile apps, the “big data” explosion and on-demand services – can only be delivered from purpose-built highly efficient data centers.

Getting the data center strategy right means that companies have an intelligent and scalable asset that enables choice and growth. But getting it wrong means their entire business could fail. For data center managers across the world, the pressure is unprecedented.

...

http://www.datacenterknowledge.com/archives/2017/08/24/why-business-continuity-is-the-final-word-in-the-build-vs-buy-debate/

 

Tropical Storm Harvey could be a hurricane with wind speeds of at least 111 mph and is expected to hit Texas Friday. Widespread flooding is a risk for Texas and neighboring states as public safety groups and communities prepare.

Esri, the leader in spatial analytics and mapping, has created a new Hurricanes and Tropical Cyclones Story Map that identifies the potential impact of the storm through a variety maps, including:

  • Public Information Map - identifies the current and recent location of Harvey as well as forecast positions and probable track; additionally, the shaded area is called the "cone of uncertainty," the likely path of the center of Harvey.
  • Impact Summary Map - shows the storm surge by identifying locations most at risk for life-threatening inundation from storm surge; accordingly, to Esri's data, the total population at risk is 248k people, 99k households, and 10k businesses.
  • Forecast Precipitation Map – forecasts the amount of rain expected within the next 72-hour period

This map is provided by the Esri Disaster Response Program.

The Business Continuity Institute

More of us are moving to cities than ever before, especially in the developing world, and this migration to urban centres and the growth of cities results in more complex challenges in urban planning such as traffic management, sanitation and healthcare, thus requiring smarter management. In the latest edition of the Business Continuity Institute's Working Paper Series, Gianluca Riglietti offers an overview of smart cities today, exploring the opportunities as well as the challenges they bring.

In the paper, Gianluca concludes that cyber resilience strategies will have to be implemented in order to mitigate the risks that could disrupt a smart city, and that business continuity is also necessary, alongside other management disciplines such as information security, to ensure ensure they operate smoothly. The analysis has shown that there is ground for collaboration and an overlap in terms of good practice across disciplines.

"This technology-driven approach is not always well received," says Patrick Alcantara, Research & Insight Lead at the Business Continuity Institute. "The reliance on connective technology raises questions related to resilience given its susceptibility to outage, failure or breach. Gianluca Riglietti’s paper addresses these concerns and provides an excellent foundation to explore how smart cities can change our lives. Using business continuity principles as a framework for building cyber resilience, he suggests a way forward for managing these smart cities."

Download your free copy of 'Exploring business continuity implications of smart cities vulnerable to cyber attack' to understand more about smart cities and the complexity of making them more cyber resilient.

The Business Continuity Institute

The Association of Banks in Singapore (ABS) recently conducted a large-scale industry-wide exercise for the financial sector involving simulated terrorist and cyber attacks (code-named Exercise Raffles) to test their business continuity arrangements.

The exercise was the fifth in the Exercise Raffles series with 139 financial institutions including banks, finance companies, insurers, asset management firms, securities and brokerage firms, financial market infrastructures, industry associations, the Singapore Exchange as well as the Monetary Authority of Singapore (MAS) participating in the Exercise.

The Exercise was also conducted with the support of the Ministry of Home Affairs, the Singapore Police Force, the Ministry of Communications and Information, the Cyber Security Agency of Singapore and the building and facilities management from approximately 50 buildings.

Mr Ho Kai Weng, Chief Executive of the General Insurance Association, said: “Recent developments in many countries around the world have highlighted the danger from cyber and physical threats. This exercise has emphasised the importance for the general insurance industry to collaborate in sharing information, undertaking active discussions and testing threat response and business continuity plans.”

During the Exercise, financial institutions practised established crisis management and contingency plans in response to simulated scenarios on terrorist attacks and cyber attacks that had disrupted operations and resulted in the unavailability of financial services.

Mrs Ong-Ang Ai Boon, Director of ABS, said: “The Exercise was valuable and provided an opportunity to practise coordination amongst the financial institutions, including crisis responses and sharing of information. The exercising of communication and co-ordination between financial institutions and authorities was intense and challenging. There are good lessons that the industry gained which will contribute towards enhancing the responsiveness and resilience of Singapore’s financial sector.”

Validation is one of the six main stages of the BCM Lifecycle according to the Business Continuity Institute's Good Practice Guidelines, and is essential for ensuring an effective business continuity programme. By regularly exercising your programme, you can find out where any vulnerabilities are and make improvements, and you can help ensure that people know what is expected of them.

Ms Pauline Lim, Executive Director of LIA Singapore added that, “As Singapore strives towards achieving our Smart Nation ambition, it also becomes increasingly critical for us to ensure that the level of protection we provide members of the community, and the integrity of our systems are not compromised. Today’s exercise highlights the importance of being crisis response-ready, and it is heartening to note the level of preparedness and swift actions of life insurers in effectively tackling the simulated crisis.”

thunderstorm 1761849 1920

You’ve finally got the right executive management team in place. Sales are at all all-time high, projections are better, and you’re running on all cylinders. Your CIO has provided an efficient platform to support the business. You are prepared to stifle the competition.

You and your team have thought of everything. However, there may be one consideration that you are missing. How will you deal with the inevitable discontinuity that may confront your business? Terrorism, weather conditions, civil disturbances, and fire are among the considerations that may force you to have alternate plans in place. If you leave the office at the end of business on Monday evening, and the workplace is not available on Tuesday morning, how will you conduct business? How will you interface with your customers, and more importantly, how will you prevent them from directing themselves to your competition? The answer is obvious, and rather simple. You need to have a business continuity plan, and to maintain an alternate site to do business in the event of a disruption. If you’re not doing the following, you are putting your company in real jeopardy.

During more than a dozen years in which I served as senior vice president of operational risk management at AXA Equitable, an insurance giant, we were faced with eight significant crises. Five of these involved loss of use of a principal facility. The major culprit was weather, but I was sure that we had appropriate plans in place to deal with any eventuality. Fortunately, we were able to sustain the business with no interruption in all these instances due to extensive prior planning.

Here are five key considerations to building a strong business continuity plan:

1. Conduct a business impact analysis

What are the core functions of your firm that have little or no tolerance for downtime? Obviously, your customer-facing functions fall within this category, but there are also a host of financial functions which do as well. At the conclusion of this analysis you should determine the number of “seats” to allocate to each critical business area. Remember that support functions such as Procurement, Facilities, and Human Resources can be critical in sustaining business operations, and also in the process of getting you back on your feet.

2. Identify a business continuity plan (BCP) strategy

You’ve identified the critical pieces of your operation. Now it’s time to be able to staff these functions at an alternate location. For example, if you’ve determined that your treasurers department needs to be allocated 24 workstations, you’ve got to build these “seats” at an alternate location, appropriately geographically dispersed from your primary location. The desktop at each seat must be individually imaged with the applications and software to enable that function to perform.

Determine whether you want to host your own BCP plan, or outsource. Outsourcing is generally more expensive. We hosted our own plan. I preferred self-hosting because we were operating in a company owned facility, with our own equipment. We had complete control of the space, and also the quality of the data residing on the desktops. I felt that we controlled our own destiny.

Again, ensure that your BCP site is a proper distance from your primary site. It should also be supported by a generator. On 9/11, a number of Wall Street firms found that their BCP sites, also located in Downtown NYC locations, were not inhabitable due to an area-wide lockdown in the aftermath of the tragedy. Ensure that you have a transportation plan to get employees to the recovery site.

3. Practice, practice, practice ...

The only thing worse than not having a plan, is having one, and not being able to properly execute. In 2004, NYC hosted the Republican National Convention. The two largest hotels in the city were occupied by a large number of convention delegates. Based upon reports that the delegates may be targeted at these locations, and the residual impact due to our proximity, a determination was made to run the business for two weeks from our recovery site. The feared protests never materialized, but in the end, we conducted an exercise which validated our crisis management and BCP programs. On an annual basis, we conducted an all-hands BCP drill. This continued to validate the functionality of our plan, and contributed to the overall “buy-in.”

I’ve often told my employees that we were in the business of sales. Our job was to convince our internal business folks to supporta mandate of preparedness in addition to their core responsibilities. This mindset ultimately became part of our culture.

4. Develop a remote access program

This is a great complement to your recovery site. It enables you to bring more people back to work quickly. Do an inventory of those employees who are assigned laptops. For employees not assigned laptops, remote access software enables employees to mirror a workplace computer via their home desktop. This is also a useful strategy for instances where employees are not able to travel due to weather or other conditions.

5. Communications

I believe that communication is the single most important aspect of crisis management. Effective communication helps to control the intensity of a crisis. Employees can be directed, and kept in the loop with an automated notification system, such as Onsolve or Everbridge. Crisis managers, who previously depended on manual process, can now use a tool, GroupDoLists, which serves as a repository for all BCP and CM documentation. It pushes out tasking to team members during a crisis, and reports their progress in real time. An effective way to keep executive management in the loop on their smartphone or laptop.


A 26-year career in the Secret Service has infused a mindset of preparedness. The keys to success in this discipline are advanced preparations, training, and the smart use of technology. I strongly believe that companies seeking a competitive edge must be prepared to deal with unforeseen events. Every move a business makes is transparent today. Customers watch how your company is handled in a crisis. If your company fumbles a disaster, your customer may decide to shop elsewhere.

Author Info:
Dowling PeterPeter Dowling, 26-year veteran of the Secret Service, 12 years in operations risk management with AXA. Today, Dowling works as a special advisor to the CEO for GroupDoLists, Powered By Centrallo.

The Business Continuity Institute

Employer confidence in the UK economy has moved into negative territory, according to the latest JobsOutlook survey by the Recruitment and Employment Confederation (REC). The net balance fell from +6% last month to -3% in the latest report, as a third of employers (31%) now expect the economy to worsen, while only 28% expect it to improve.

On a positive note, employers are still looking to hire, with one in five (19%) planning to increase their permanent headcount in the next three months. Confidence in making hiring and investment decisions remains positive with a net balance of 10%, but is at its lowest for the past year. The study also showed that four in ten (40%) employers have no spare capacity and would need to recruit to meet additional demand.

Kevin Green, Chief Executive at REC, commented: “This drop in employer confidence should raise a red flag. Businesses are continuing to hire to meet demand, but issues like access to labour, Brexit negotiations and political uncertainty are creating nervousness. Employers in the construction sector are especially concerned as they rely heavily on EU workers to meet the growing demand for housing and to support the government’s infrastructure plans.

"The added factor of dropping consumer confidence is putting some businesses on edge. If people reduce their spending, businesses will be impacted. The government must do more to create an environment where businesses have clarity. That means clearly laying out what Brexit plans look like and how employers can keep recruiting the people they need from the EU.”

Cisco partners will be able to resell Veeam backup products beginning this fall, Veeam announced in a new blog post.

The move is set to become official in early October, when Veeam is added to the Cisco Global Price List.

“This will enable Cisco and its resellers to deliver Veeam Availability solutions as easily and simply as any Cisco hardware or software product,” Veeam co-president and CEO Peter McKay wrote in the blog post.

...

http://mspmentor.net/vendor-relations/cisco-adding-veeam-global-price-list-october

Although it seems that enterprises are flocking to the cloud for their IT needs, data storage in particular, a new survey from DataCore Software suggests that a good number of organizations are running into trouble during the transition.

"Challenges and false starts with technologies have introduced reluctance in the industry to fully commit to software-defined, hyperconverged or a hybrid data storage infrastructure," wrote Paul Nashawaty, product evangelist and director of Technical Marketing at DataCore Software, in a blog post. "Until recently, the promise of cloud, ease of use, and faster application performance have fallen short of expectations."

Some of those expectations include storage services that don't break the budget.

...

http://www.enterprisestorageforum.com/storage-management/enterprises-encounter-cloud-storage-cost-and-management-challenges.html

According to Webster, resiliency is:

1. the capability of a strained body to recover its size and shape after deformation caused especially by compressive stress
2. an ability to recover from or adjust easily to misfortune or change

I think that the word has more depth to it which can best be seen by looking at some examples that history provides us with.

To me, resiliency is defined as General Washington and his exhausted men, many of which didn’t even have shoes, dealing with brutal winters and endless setbacks and still managing to defeat the British in the decisive battle at Yorktown to win the Revolutionary War. Washington and his men’s’ resiliency won that war.

...

http://resqdr.com/resiliency/

Thursday, 24 August 2017 14:41

Resiliency

The Business Continuity Institute

There is considerable room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters, according to a study conducted across Austria, England and Romania. The study, published in the journal Risk Analysis, provides a detailed look at different public and private incentives for risk reduction and their association with actual risk reduction behaviour.

"Currently neither insurance nor governments successfully encourage risk reduction. Increased and more targeted efforts particularly from local authorities will be important, and have the capacity to change the picture. This will be exceedingly important considering extreme events from climate change," says IIASA researcher Susanne Hanger, who led the study. "This in turn is important for insurance to remain viable and for governments to not overspend on disaster aid."

The study also finds little support for the idea that compensation for flood damage make people less likely to take personal risk reduction measures, such as taking actions to prepare for an eventual flood or installing structures or technologies that can help protect homes from damage. Instead, the study finds that neither private insurance nor public compensation after a disaster is linked to less risk reduction at an individual level.

In Austria for instance, post-disaster relief is available from the government in the form of a catastrophe fund. Yet Austrians had taken more structural measures to protect their homes (45%) than Romanians (23%) or the English (19%), who have less access to public assistance after disasters. For awareness and preparedness measures, Austrians were equally likely to have taken awareness and preparedness measures compared to the English and Romanians.

While the researchers found no link between post-disaster compensation and reduced individual preparation, they did find a connection between public infrastructure measures such as flood dams, which may be linked to a sense of increased safety. In both England and Austria, the researchers found that public risk reduction infrastructure, such as dams and levees, were associated with a lower rate of individual investment in risk reduction measures.

Interestingly, in Romania neither insurer nor government efforts showed any effect on household risk reduction behaviour. Hanger speculates that this may be a result of insufficient public capacity to provide this kind of support. In England, the study shows that national efforts by the UK government to inform the public about disaster risk reduction have reached many households, which is positively associated with preparedness. In Austria, where national level information efforts are limited, households respond almost exclusively to local awareness raising and support.

Across all countries, the researchers find room for improvement in both public and private schemes that could help encourage risk reduction behaviours and reduce losses in future disasters. Instead of increasing efforts to privatize all flood risk insurance, Hanger says, "We need to better coordinate public and private schemes in order to design not only efficient, but also socially just and politically feasible solutions."

Key Considerations to Facilitate Smooth M&As

As the list of cybersecurity breaches grows daily and headlines grow more shocking – think Home Depot, Target, Anthem, Yahoo!, WannaCry – the importance of cybersecurity in M&A due diligence has correspondingly increased. Do you want to purchase a company that’s been compromised? How would you know even know if it’s been breached? 

Corporate directors have cited the importance of cybersecurity for M&A targets as increasingly significant, according to 77 percent of a recent study’s respondents, but it continues to be treated generally, putting companies at risk.

At the highest level, buyers should ask the following questions as it relates to cybersecurity during the due diligence process:

...

http://www.corporatecomplianceinsights.com/5-hidden-pitfalls-cybersecurity-due-diligence/

In last week’s blog, we discussed why you should invest in a business continuity (BC) program. One point we made was that insurance against loss is typically not enough, so the additional value provided by a business continuity plan and program are needed. It’s important to know the differences between business continuity and insurance, and why insurance should be a part, but not the entirety of your business continuity plan.

The Difference Between Business Continuity and Insurance

Before we consider the differences, it is relevant to understand that business continuity is a form of insurance. The insurance we are comparing BC to is a contract of coverage where a party agrees to indemnify or reimburse another party for a defined loss under specific and defined conditions.

...

https://www.mha-it.com/2017/08/business-continuity-and-insurance/

Rackspace, one of the major forces behind the open source cloud infrastructure project OpenStack, this week announced general availability of its new Rackspace Private Cloud, which is built on the VMware Cloud Foundation virtual stack.

The new Rackspace Private Cloud enables scalable, software-defined data center (SDDC) capabilities, including compute, storage networking and security.

A hosted model allows customers to hand off their IT infrastructure operations and take advantage of around the clock Rackspace support for help with migration, architecture, security and overall operation.

...

http://www.datacenterknowledge.com/archives/2017/08/22/rackspaces-private-cloud-built-on-vmware-now-in-ga/

(TNS) — In 1992, we were glued to our transistor radios or battery-powered TVs as weatherman Bryan Norcross guided us during and in the aftermath of the devastating Hurricane Andrew. Old school? You bet. Now, when another hurricane strikes, a whole army of technology will attempt to take his place.

In the early 1990s, the World Wide Web was in its infancy and the Miami Herald and other media companies weren’t online yet. Cellphones weren’t prevalent, and they sure weren’t smart. And social media? Facebook and Twitter weren’t even around for a test drive in the 2004-05 hurricanes.

Today, the experts get the lights back on, the cellphones ringing and the internet connections restored with the help of COWS (Cell on Wheels), drones and other smart technology to pinpoint problems and speed recovery.

...

http://www.govtech.com/em/disaster/When-the-Next-Hurricane-Strikes-Much-More-Technology-Will-be-on-Our-Side.html

Many companies boast about having a culture of innovation, but, as Cutter Consortium Fellow Steve Andriole writes, they in fact don’t. Instead of breaking free of their cultural constraints to truly innovate, they continue innovate in the past; that is, toward business models, processes, and technologies that are anchored solidly in the 20th century. To break through and become truly innovative Andriole advises organizations study what the best innovators have done and try to repeat their successes by following the formulas that have worked for the most successful innovators.

So what do the best companies do? How do they make the list of most innovative companies? In The Heart of Innovation: Best Practices from the Best Companies, Andriole offers a list of some of the best practices, especially as they apply to digital transformation:

...

http://blog.cutter.com/2017/08/22/wondering-what-are-the-best-innovation-practices/

Investing in private data centers isn’t as much of a priority for IT organizations as it was just several years back. That’s a takeaway from IT researcher Computer Economics’ annual IT Spending and Staffing Benchmarks report, which for 28 years has taken a deep-dive into the financial and strategic management of information technology. For this year’s study, more than 200 IT organizations were surveyed during the first half of 2017.

According to the report, data centers now have the lowest priority for new spending among a list of five categories. Top priority is given to the development of business applications, a category in which 54 percent of respondents plan increased spending. However, only 9 percent have plans to increase data center spending, which the study attributes to increasing reliance on cloud infrastructure, cloud storage, and SaaS, a conclusion borne out by 32 percent of respondents indicating they plan increased spending on network infrastructure.

“As a sign of the data center’s demise as a priority, end-user technology, including PCs and printers, has passed the data center, and for the first time data center is the spending category with the lowest priority,” the report said.

...

http://www.datacenterknowledge.com/archives/2017/08/22/survey-on-prem-data-centers-lowest-investment-priority-for-it-shops/

If you’re a business owner, you have a lot on your plate. Managing day-to-day business operations along with strategy for growth can leave you spent. Adding concern about infrastructure capabilities to your list of to-dos can be overwhelming. Simply put, is time spent worrying about changing infrastructure needs the most productive use of your time?

Utilizing an MSP who specializes in infrastructure as a service can minimize technology spend, provide scalability and agility, and enhance your business offerings. When your business grows, you should be able to enjoy the fruits of your labor rather than worry about whether or not your technology can keep up with demand. Trusting your infrastructure needs to a team of experts who are well versed in scalability allows you freedom to focus on growth.

What motivates you to consider trusting an MSP with your infrastructure needs? Most commonly, companies look to an MSP to cut costs, manage capacity, scale solutions, and provide disaster recovery and business continuity.

...

https://continuitycenters.com/use-managed-infrastructure-reach-new-heights/

The Business Continuity Institute

The UK's top firms and charities urgently need to do more to protect themselves from online threats, with 1 in 10 FTSE 350 companies operating without a response plan for a cyber incident, and only 6% of businesses completely prepared for new data protection rules, according to the UK Government's FTSE 350 Cyber Governance Health Check.

Undertaken in the wake of recent high profile cyber attacks, the survey of the UK’s biggest 350 companies found more than two thirds of boards had not received training to deal with a cyber incident (68%) despite more than half saying cyber threats were a top risk to their business (54%).

There has been progress in some areas when compared with last year’s health check, with more than half of company boards now setting out their approach to cyber risks (53% up from 33%) and more than half of businesses having a clear understanding of the impact of a cyber attack (57% up from 49%).

Separate research which looked at cyber security in charities has found that third sector organizations are just as susceptible to cyber attacks as those in the private sector, with many staff not well informed about the topic and awareness and knowledge varying considerably across different charities. Other findings show those in charge of cyber security, especially in smaller charities, are often not proactively seeking information and relying on outsourced IT providers to deal with threats.

Minister for Digital Matt Hancock said: "We have world leading businesses and a thriving charity sector but recent cyber attacks have shown the devastating effects of not getting our approach to cyber security right. These new reports show we have a long way to go until all our organizations are adopting best practice and I urge all senior executives to work with the National Cyber Security Centre and take up the Government’s advice and training. Charities must do better to protect the sensitive data they hold and I encourage them to access a tailored programme of support we are developing alongside the Charity Commission and the National Cyber Security Centre."

Where charities recognised the importance of cyber security, this was often due to holding personal data on donors or service users, or having trustees and staff with private sector experience of the issue. Charities also recognised those responsible for cyber security need new skills and general awareness among staff needs to raise.

Helen Stephenson CBE, Chief Executive at the Charity Commission for England and Wales, said: "Charities have lots of competing priorities but the potential damage of a cyber attack is too serious to ignore. It can result in the loss of funds or sensitive data, affect a charity’s ability to help those in need, and damage its precious reputation. Charities need to do more to educate their staff about this threat and ensure they dedicate enough time and resources to improving cyber security."

The Horizon Scan Report, published by the Business Continuity Institute, showed that it didn't matter whether an organization was private, public or third sector, by and large they will all share the same risks, and the greatest of those being cyber attacks.

Risk assessment is already a vast subject and the pitfalls of risk assessment alone would probably fill a good-sized book.

Between cognitive biases, errors in processes, and poor enterprise alignment, there’s lots to get wrong!

We can’t claim to be encyclopaedic on the subject, but if you’re a risk manager, a business continuity manager or just a manager trying to avoid accidents, here are three categories of pitfalls to watch out for.

...

http://www.opscentre.com/risk-assessment-pitfalls-watch/

Tuesday, 22 August 2017 15:08

Risk Assessment Pitfalls to Watch Out For

I’ve spent much of my career focused on enterprise backup, recovery and disaster recovery. Two big shifts in the market have taken many vendors and IT professionals by surprise: First, new application platforms are not just cloud-first, but often touch multiple clouds. Second, ransomware attacks against these same platforms are emerging as a very significant threat.

Prevention is a critical part of an overall protection strategy to combat ransomware. But given the rapidly evolving threat, it’s likely that even organizations with strong security technology and policies will be affected.

While CIOs and IT administrators evaluate the strategies and dangers posed by these attacks, there are additional steps to help ensure protection through data backup. Backup strategies won’t necessarily prevent an attack from occurring, but can serve as a crucial last line of defense enabling organizations to destroy all affected data and then restore it from a backup taken before the data was infected.

...

http://www.datacenterknowledge.com/archives/2017/08/21/face-ransomware-cloud-data-safe/

In a 2017 survey across six major industries, 51% of executive leadership and IT managers rated ransomware as the biggest security threat to their organizations. Why is this?

A single ransomware attack can halt an organization with sophisticated encryption methods that lock computers and make data inaccessible. When IT departments and business leaders don’t act fast in this scenario, they risk losing sensitive information and assuming a significant reputational impact if news of the breach leaks to the public.

So how does Disaster Recovery-as-a-Service (DRaaS) fit into ransomware mitigation? Bluelock has created a white paper on the subject that explains how. With tips to recover from any cybersecurity breach, readers will learn how to manage risk, ensure recovery and—most importantly—establish a strategy to secure data for the future. Read it here.

...

https://www.bluelock.com/blog/resolve-ransomware-draas/

Monday, 21 August 2017 20:44

How Do You Resolve Ransomware with DRaaS?

In our Data Center Destinations series, From the Racks takes a look at locations that are thriving hubs for data center innovation and construction. These places are grabbing the attention of data center providers and enterprises.

Previously, we’ve discussed the data center draw to Toronto and Ashburn, Virginia. For this spotlight, we’re looking at Chicago – one of the liveliest and most active data center markets in the U.S. 

What’s Driving Demand?

Because it is the third largest city in the U.S. and serves as headquarters for several Fortune 500 companies, it’s not a surprise that Chicago is a featured data center destination. And with so many large industries thriving in the area (e.g. financial services, telecom, healthcare, insurance, tech, etc.), minimal latency is a necessity. This, in turn, is driving both downtown and suburban expansion for data centers.

...

http://blog.dft.com/spotlight-on-the-dynamic-chicago-data-center-ecosystem-data-center-destinations

The Business Continuity Institute

The risk of a data breach is increasing in the retail industry as retailers accumulate more and more personal information on their customers as part of their ‘Big Data’ initiatives. As such, the number of retail businesses reporting data breaches to the Information Commissioner's Office has doubled in just one year, jumping from 19 in 2015/16 to 38 in 2016/17, says law firm, RPC.

The rise of online shopping, loyalty programmes, digital marketing and offering electronic receipts in store mean that even a small multiple retailer will be gathering exactly the kind of data that hackers will be looking for, and the retail industry is beginning to feel the pressure to invest more heavily in cyber security.

The regulatory burden and financial risks involved in a data breach will increase substantially when the General Data Protection Regulation (GDPR) comes into force in May 2018. These rules will make reporting breaches mandatory. As companies are not currently required to report every attack they suffer, the actual number of data breaches in the retail sector is likely to be even higher.

Jeremy Drew, Partner at RPC, comments: “Retailers are a goldmine of personal data but their high profile nature and sometimes ageing complex systems make them a popular target for hackers. There are so many competing pressures on a retailer’s costs at the moment – a rise in the national minimum wage, rates increases, exchange rate falls, as well as trying to keep ahead of technology improvements – that a proper overhaul of cyber defences can get pushed onto the back burner.”

Data breaches are already the second greatest cause of concern for business continuity professionals, according to the Business Continuity Institute's latest Horizon Scan Report, and once this legislation comes into force, bringing with it higher penalties than already exist, this level of concern is only likely to increase. Organizations need to make sure they are aware of the requirements of the GDPR, and ensure that their data protection processes are robust enough to meet these requirements.

Jeremy Drew added: “As the GDPR threatens a massive increase in fines for companies that fail to deal with data security, we do expect investment to increase both in stopping breaches occurring in the first place and ensuring that if they do happen they are found quickly and contained. No UK retailer wants to be in the position of some public examples who were forced to confirm that it took them nearly a year to close a data security breach.”

(TNS) - In anticipation of a large influx of visitors through the solar eclipse Monday, area emergency response organizations and health-care providers are finalizing areawide plans to respond to potential emergency situations.

“This is fairly unprecedented, uncharted territory,” said Brady Dubois, Mosaic Life Care medical center president. “We are absolutely hopeful that it’s a Y2K-type event and nothing ends up happening, but we know that if we don’t prepare for it, then we are not going to be able to handle it if it happens.”

Mosaic Life Care, Buchanan County, Mo., Emergency Management and other area health-care providers have spent almost the last year coordinating large-scale plans to respond to emergency medical situations through the end of the solar eclipse Aug. 21. Much of the additional response will start over the weekend.

...

http://www.govtech.com/em/disaster/Eclipse-Emergency-Response-a-Region-Wide-Effort.html

The Business Continuity Institute

By 2100, two in three people living in Europe may be affected by weather-related disasters, according to a study published in The Lancet Planetary Health which sheds light on the expected burden of climate change on societies across Europe.

The study analyses the effects of the seven most harmful types of weather-related disaster - heatwaves, cold snaps, wildfires, droughts, river and coastal floods, and windstorms - in 28 European Union countries, as well as Switzerland, Norway and Iceland. The projected increases were calculated on the assumption of there being no reduction in greenhouse gas emissions and no improvements to policies helping to reduce the impact of extreme weather events (such as medical technology, air conditioning, and thermal insulation in houses).

"Climate change is one of the biggest global threats to human health of the 21st century, and its peril to society will be increasingly connected to weather-driven hazards," says lead author Dr Giovanni Forzieri of European Commission Joint Research Centre in Italy. "Unless global warming is curbed as a matter of urgency and appropriate measures are taken, about 350 million Europeans could be exposed to harmful climate extremes on an annual basis by the end of the century."

The study estimates that heatwaves would be the most lethal weather-related disaster, and could cause 99% of all future weather-related deaths, increasing from 2,700 deaths a year between 1981-2010 to 151,500 deaths a year in 2071-2100.

It also projects substantial increases in deaths from coastal flooding, which could increase from six deaths a year at the start of the century to 233 a year by the end of the century.

Comparatively, wildfires, river floods, windstorms and droughts showed smaller projected increases overall, but these types of weather-related disaster could affect some countries more than others. Cold snaps could decline as a result of global warming, however the effect of this decline will not be sufficient to compensate for the other increases.

Due to projected increases in heatwaves and droughts, the effect is likely to be greatest in southern Europe where almost all people could be affected by a weather-related disaster each year by 2100, projected to cause around 700 deaths per every million people each year.

Comparatively, in northern Europe, one in three people could be affected by a weather-related disaster each year, resulting in three deaths per every million people each year.

Climate change is likely to be the main driver behind the potential increases, accounting for 90% of the risk while population changes such as growth, migration and urbanisation account for the remaining 10%.

"This study contributes to the ongoing debate about the need to urgently curb climate change and minimise its consequences. The substantial projected rise in risk of weather-related hazards to human beings due to global warming, population growth, and urbanisation highlights the need for stringent climate mitigation policies and adaptation and risk reduction measures to minimise the future effect of weather-related extremes on human lives." adds Dr Forzieri.

Adverse weather, which includes such events as heatwave, featured fifth in the list of concerns that business continuity professionals have, as identified in the Business Continuity Institute's latest Horizon Scan Report. Climate change is not yet considered an issue however, as only 23% of respondents to a global survey considered it necessary to evaluate climate change for its business continuity implications.

Politics in career progression, in investments, in enterprise projects – but in business continuity as well?

You might think that business continuity was immune to such ideas – Either a business is functioning properly (BC works) or malfunctioning, possibly to the extent of breakdown (BC needs to be fixed). Yet the planning and processes of business continuity itself are subject to internal political pressure. Here are a couple of things you might reflect on, so that at least you can BC manage around them, even if you can’t prevent them.

Long-standing business continuity vulnerabilities can be difficult to handle, when their longevity is due to senior managers deliberately turning a blind eye.

Putting such risks into the spotlight can be seen as a threat to the credibility and reputation of those who chose to ignore it. The only way to address such risks correctly may be to gather suitable data, and present it to those who need to know or who should know better, being ready to take it to higher levels if necessary.

...

http://www.opscentre.com/politics-interfering-business-continuity/

(TNS) — An earthquake early warning system that could give residents up and down the West Coast precious extra seconds to prepare for impending shock waves has taken a step forward.

The U.S. Geological Survey has awarded $4.9 million to six universities and nonprofits governed by universities to support the ShakeAlert earthquake early warning system, according to a news release.

Also, the USGS purchased nearly $1 million in new equipment to expand and improve the system.

ShakeAlert is a product of the USGS Advanced National Seismic System, a federation of national and regional earthquake monitoring networks throughout the country, including networks along the West Coast and Nevada.

...

http://www.govtech.com/em/disaster/US-Geological-Survey-Makes-Moves-to-Expand-Improve-Earthquake-Early-Alert-System-EM.html

In the third piece of our Business Continuity 101 Series, we delve into why organizations invest in business continuity, dispelling common BC misconceptions, and explaining value-based BC investment.

A common point of confusion for new BCM practitioners is the why and how of implementing a business continuity (BC) program. What are, or should be, the drivers for implementation and on-going, continual improvement? Most organizations consider business continuity as a form of insurance or a cost to be minimized. We agree that BC is related to insurance; it is there to ensure that an organization remains whole during an emergency event. We would say that costs associated with BC should be appropriate. There is no reason to overspend on recovery solutions, but it is risky to underspend as well. BC should be implemented as any other function that is not profit generating.

...

https://www.mha-it.com/2017/08/why-organizations-invest-in-business-continuity/

BATON ROUGE, La. — A public-private partnership continues to help Louisiana communities recover from the August 2016 floods and become better prepared for future disasters.

The partnership includes members of the private sector, local and state governments and various federal agencies. Recovery accomplishments include:

  • The Louisiana Disaster Recovery Alliance created a guide of available resources to help families and communities recover from the August 2016 floods. The alliance is a group of philanthropic organizations and state and federal recovery partners.
  • The state created the Louisiana Supply Chain and Transportation Council to make the state’s transportation systems more resilient. The council consists of officials from state and federal agencies, academic institutions and private sector leaders.
  • The state also launched the Louisiana Housing Heroes initiative. This governor-championed initiative identifies landlords, property owners and managers in disaster-designated parishes who agree to make affordable homes, apartments and other housing units available to displaced flood survivors.  
  • Recovery partners continue to meet with communities to help them implement resiliency and recovery strategies.

The partnership’s various federal agencies work with communities to address recovery challenges. Specialists have coordinated with community leaders and recovery partners to find solutions to housing needs, rebuilding the economy and infrastructure, preserving heritage and maximizing resiliency.

Below are the federal agencies consulting with affected communities and what they’re helping with:

  • Community planning and capacity building, FEMA;
  • Economic recovery, U.S. Department of Commerce;
  • Health and social services issues, U.S. Department of Health and Human Services;
  • Housing, U.S. Department of Housing and Urban Development;
  • Infrastructure systems, U.S. Army Corps of Engineers; and
  • Natural and cultural resources, U.S. Department of Interior.

 

With just a few months remaining to become compliant with the Centers for Medicare and Medicaid Services (CMS) emergency preparedness regulations, healthcare providers and suppliers are ramping up their efforts to ensure their organizations will meet the CMS emergency preparedness deadline of November 15, 2017. Is your facility ready?

To be compliant with the new emergency preparedness guidelines, CMS requires that your plan consists of four integral parts:

  1. Emergency Preparedness
  2. Communications
  3. Policies and Procedures
  4. Training and Testing

This blog will focus on the communications section of these guidelines and how your organization can work towards compliance in a way that is most beneficial for your facility.

...

https://www.alertmedia.com/cms-guidelines-communications-plan

Security incidents within law firms have been growing as a threat because cybercriminals are recognizing the pivotal role firms play in housing sensitive client information for legal proceedings. Because of this, attackers have begun to target the legal industry with unprecedented force. Even the largest and most prestigious firms with best-of-breed cybersecurity solutions are no longer immune to intrusions.

Clients and auditors have recognized this increased attention on the legal industry, and have begun to pressure their law firms for more evidence of protection and recoverability. For example, a recent survey* of the legal industry found that 42% of respondents stated an increase in client concerns about IT operations and data retention, and 51% agreed that audits and regulations are an increasing pressure. Law firms must now provide proof to these constituents of a robust cybersecurity stance.

For this reason, Bluelock now offers a Cyber Threat Health Review, a professional service engagement for law firms seeking to mitigate risk from ransomware and other cyber threats. This review is a low-commitment, high-impact analysis of current data protection technology and policies designed to minimize data loss and operational downtime. It covers the core components of the firm’s threat protection, detection and recovery response strategies.

With over a decade of experience helping clients maintain and protect critical workloads, Bluelock’s expert team reviews existing security practices with a specific focus on how to respond to threats. Organizations that engage in the service receive face-to-face education and practical guidance to increase resilience and protect customer confidence.

The Cyber Threat Health Review process includes the following steps:

  1. Survey and Interviews: Relevant information is collected via surveys and phone interviews
  2. Onsite Education: Our team provides education to staff and executives for best practices
  3. Detailed Analysis: Our team reviews policies and technology for gaps and opportunities
  4. Onsite Delivery of Action Plan: Details risk profiles and action plan from our analysis

For more information, visit https://www.bluelock.com/cyber-health/.

* “2016 IT Disaster Recovery Planning and Preparedness Survey.” ALM and Bluelock, October 2016.

...

https://www.bluelock.com/blog/bluelock-now-offers-cyber-threat-health-review-law-firms/

The Business Continuity Institute

When the United Kingdom exits the European Union, the four freedoms that currently exist will be no more. The free movement of goods, services, capital and people will probably be gone, and more restrictions will be placed on their movements across borders. The free movement of people is the primary reason that many people voted to leave the European Union in the first place.

With mainland Britain, it is relatively easy to be restrictive with what comes in and out of the country as there are no borders with another country so anything or anyone coming in or out is funnelled through a specific location – airport, port or station. In Northern Ireland however, which obviously will exit the EU, the situation is slightly more problematic as the country shares a land border with the Republic of Ireland stretching over 300 miles (or 500 kilometres depending on what side of the border you are on).

There are now many different possibilities for what could happen to this border in a post-Brexit world, and these range from the status quo with people free to cross without any restriction, to a hard border with checkpoints at all the crossings, although building a wall might be a little bit extreme. With the former, this undermines the whole point of Brexit which was to end the free movement of people between the EU and the UK, and so prevent too many people from entering the UK. With the latter, it will undermine the peace process brought about by the Good Friday Agreement that sought to remove border infrastructure and checkpoints that were symbolic of threat of violence that existed during The Troubles.

A middle option that has been suggested is a soft border between the north and the south, but a hard sea border. This would effectively keep Northern Ireland within the EU, but out of the UK, so is not likely to be a preferred option for any Unionists who will see this as a stepping stone toward reunification with the south.

A hard border between the north and the south may not be an issue for big businesses who I'm sure will find an adequate solution regardless of the outcome. The issue will mostly be with the small businesses situated near the border that rely on trade with the other side of the border – a local market in which the border, for now, is an irrelevance. Figures suggested that 80% of trade across the Irish border is carried out between SMEs.

Organizations on both sides of the border need to consider how the different options would affect them and then consider what measures they could put in place to lessen the impact. Organizations need to monitor the negotiations closely to see how the potential for disruption is developing to ensure that they are ready to face any challenges that come their way.

Of course it is also worth noting that this is not just an issue for the Irish border, it will also become an issue at the border between Spain and Gibraltar where people routinely cross on a daily to trade or work on the other side of the border. Arguably it will be more problematic in this situation as tensions are slightly greater between the two countries on either side of the border.

So what steps has your organization taken to prepare itself for Brexit?

Your thoughts, as always, are welcome.

David Thorp
Executive Director of the Business Continuity Institute

Wednesday, 16 August 2017 15:39

BCI: Controlling the Irish border after Brexit

Page 1 of 3