As an industry professional, you're eligible to receive a printed copy of the journal.

Fill out your address below.






Please reset your password to access the new DRJ.com
Reset my password
Welcome aboard, !
You're all set. We've send you an email confirmation to
just to confirm you're you.

Welcome to DRJ

Already registered user? Please login here

Existing Users Log In
   

Create new account
(it's completely free). Subscribe

EDITOR’S NOTE: The DRJ Career Development Committee is supporting this series of articles featuring the career paths of industry professionals. Throughout this series of candid interviews, we hope to provide career advice to our readers by highlighting lessons learned, highs and lows, opportunities and challenges. The DRJ Career Development Committee promotes education, opportunity, inclusion, and excellence surrounding the exploration and evolution of career paths in all aspects of business continuity and risk management. Key elements of our mission include promoting open and candid discussions of career opportunities, providing mentorship, resources, and guidance to equip our membership with the necessary knowledge, best practices, and tools to succeed in their chosen career path.

Mark Kern’s first job out of college was assistant manager at Roy Rogers fast-food restaurant in Philadelphia. He was up at 5 a.m. and cleaning out grease traps in a suit by 6 p.m. He worked at this job for eight months.

A vice president for Continental Bank came into the restaurant almost daily. Occasionally, Kern gave him a free meal. They became acquaintances. One day he asked Kern, “Do you have your college degree?” When Kern told him he did, the man then asked, “Why don’t you come work for the bank?”

Kern inquired what the position would be, to which the man responded by saying they had just created a new position called contingency planning specialist. When Kern was unsure what that position was, the man told him not to worry. “Nobody knows what it is, but we will send you for training.” The rest is history.

Now, Kern is business continuity manager at Booz Allen Hamilton. He leads and directs the organization’s formal business continuity program designed to enable the firm to sustain critical business operations in the event of a business disruption, so they can continue to service their clients.

Some of Kern’s responsibilities include managing internal emergency or crisis management activities. He also designs and conducts business impact analyses and maps critical business processes to interdependencies. He provides the tools, training, methodology, and framework to internal corporate departments to enable for the development, maintenance, and continuous improvement of comprehensive business continuity plans. He also develops and manages corporate business continuity testing, training, and exercise programs and works with internal offices and teams globally to respond to and manage disasters, crises, and disruptive incidents affecting Booz Allen staff or operations.

Kern has overcome many challenges over the years. In 1996, he was the director of business continuity at GMAC Mortgage. He had just completed an enterprise-wide BIA. After confirming the results with the business leaders, process owners, and the IT DR team, they defined the appropriate recovery strategies.

Because Kern and his team did identify some single points of failure, the BIA results led the group to select some vendor provided recovery services. Kern presented the findings, recovery strategy selections, and necessary budget in a face-to-face meeting. The budget was estimated at $125,000 per month for the data center hotsite and work area recovery solutions. The BIA findings and selected recovery strategies were agreed upon. However, a budget of only $75,000 was provided per month.

“I was not going to turn the budget down,” says Kern. “I procured as many of the recovery services I could get for the money, knowing we would be undersubscribed, but at least we would be recoverable, just not within our established recovery time or recovery point objectives.”

Six months later the corporate headquarters and data center were literally under water due to the worst flood in the history of Horsham, Pa.

At that point the same leadership that gave him a $75,000 budget all met in the crisis management command center. They began recovery efforts, but it was not fast enough. They were losing hundreds of thousands of dollars in servicing fees per hour.

“The good thing is that leadership knew we were at risk due to all the hard work our BC team did with performing a thorough BIA,” says Kern. “So, here I am, 34 years old being asked to get our organization’s most critical business processes recovered within the next 24 hours.”

Knowing this would be impossible with the current level of recovery services, Kern had to make more than 20 phone calls to recovery vendors to ask for at-time-of-disaster upgrades. “I had to make all those calls because that’s how long it took me to get through to decisionmakers.”

After some maneuvering, the upgrades were granted because of the existing relationship they had with vendors.

“To make a long story short, we got the ATOD upgrades we needed and we were fully recovered within 16 hours following the disaster declaration,” says Kern. Those ATOD upgrades took their current three-year term to a five-year term at $200,000 per month. On top of that, they had to agree to purchase the vendors’ equipment as they restored their facilities and data center at market price, not market value. All in all, if they had not agreed to those terms, there was a very good chance that GMAC Mortgage would have went out of business in 1996. Following that year, they went on to have their most profitable year ever between 1997-2001.

Kern says being nominated for GMAC Mortgage Leader of the Quarter and being told by the CEO that he would never be underfunded again are only a couple highlights in his career.

He has learned a few lessons he still leverages today:

  • You get what you pay for.
  • Testing, training, and exercising is probably the most important phase of the BC lifecycle.
  • Get a BC policy in place if your organization does not have one.
  • View internal audit as your partner.
  • Hire great people (not the easiest thing) and procure great tools to make BC planning activities as easy as possible for your business areas.
  • Mature your BC program to the point where the business areas understand that they own their BC plans (just like they own their homes), not the BC SME or the BC team.
  • Develop, use, and distribute BC performance metrics to your plan owners and leadership teams so that there is no misunderstanding between perceived recovery capabilities and reality.
  • Try as hard as you can to do things right the first time.
  • Don’t sit behind your computer all day; get out and form those relationships.
  • Reward people as much as possible and treat custodians just as well as you treat your boss, CEO, or your parents.

Kern also offers advice to those who are embarking on new careers in the industry. “Don’t be a jerk,” he says. “If you were always told ‘yes’ growing up – and were given a brand-new BMW when you graduated high school, then complained about the color – this industry is probably not the right fit for you.”

He says forming strong and trusted relationships is key to success, so work very hard on interpersonal skills. “Be somebody people want to be around and always be approachable.”

Continued learning to be the best at one’s craft is also key to success. He suggests professionals purchase and read the ISO 22301 standard 27 times and to work hard to seek out learning opportunities. “When you do become a BC subject matter expert, don’t act all superior when you are trying to implement BC best practices with any organization you choose to work for. That won’t work. Be willing to roll up your sleeves. If you are lucky enough to have a full-time staff, don’t ever ask them to do something you are not willing to do yourself. Lead by example!”

“This is noble work, so you need to have tough skin,” says Kern. “No matter how important BC is to any business – and as a BC pro, you should truly believe in its importance – there will always be some people who will just not get it. It is up to you to show them ‘what’s in it for them’ (and you need to do that gracefully, don’t shove it down their throats.”

For more information on the DRJ Career Development Committee, contact Tracey Forbes Rice. Rice is a member of the Disaster Recovery Journal Editorial Advisory Board (EAB) and chairperson of the Career Development Committee. Rice has 20 years of experience in business continuity and risk management. As vice president of customer engagement at Fusion Risk Management, Rice brings customers together, partnering with them to develop innovative solutions and to achieve new levels of program success. Rice welcomes your feedback at [email protected].

April 8, 2020 – Managing Crisis in an Interconnected World

WATCH NOW

April 14, 2020 – Pandemic Resilience: A Business Continuity and Medical Perspective

WATCH NOW

April 15, 2020 – Ask the Experts: COVID-19 Preparedness and Response

WATCH NOW

April 15, 2020 – Preparing for Panic: Building a Resilient Organization during COVID-19

WATCH NOW

April 22, 2020 – Evolving BCM Trends & Challenges in the Wake of COVID-19

WATCH NOW

April 29, 2020 – Workplace Violence: Prevention & Response

WATCH NOW

ABOUT THE AUTHOR

STAFF REPORTS

What are the risks of backing up your business data in the cloud?
Accidents happen. Users delete files, change files and then want an old version, software crashes and corrupts open files, and...
READ MORE
An Update on TC 223 and ISO 22301 (April 4, 2012)
[EDITOR'S NOTE – Brian Zawada is a member of the US Technical Advisory Group to ISO Technical Committee 223. Zawada...
READ MORE
Preventing and Responding to Workplace Violence

The Occupational Safety and Health Administration (OSHA) estimates more than two million American workers are affected by workplace violence each year. In 2016 alone, there were 500 workplace homicides according to the Bureau of Labor Statistics and an estimated 18,000 people suffered nonfatal injuries. The National Safety Council reports approximately 823 people died as a result of workplace violence in 2017.

And as alarming as these statistics may be, what is even more so is that OSHA believes many more cases go unreported. Therefore, we don’t even have any realistic statistics as to how many Americans are victimized by workplace violence. 

READ MORE
On the Road Again

Raising Employee Awareness, Mitigating Risks While Travelling

"Marcella1Corporate risk managers take note. According to research conducted by Carlson Wagonlit Travel, a global business travel management organization, 47 percent – nearly half – of business travelers from the U.S. said they would choose points over personal safety.

“The challenge for travel managers is to ensure people don’t go off-program in search of points,” said David Falter, president of RoomIt by CWT. “The safety of travelers should be the top priority in any travel program.”

Risk management and maintaining employee workplace safety is not limited to the company’s premises. Management must consider the risks, which their employees may be exposed to, when traveling away from the office. 

Proactively and effectively assessing risks and educating employees on the means to mitigate these risks is essential to good corporate policy and overall employee well-being and safety.

Educating employees on basic travel safety and security procedures can transfer to changing employee’s habits even when traveling on non-company time.

"Marcella2The number of people traveling for business, leisure, or educational purposes is increasing. 

  • Direct spending on business travel by domestic and international travelers, including expenditures on meetings, events, and incentive programs, totaled $327.3 billion in 2018.
  • Solo travel is on the rise as nearly half of Americans surveyed (44 percent) said they are likely to do a lot more solo travel in the future.
  • Safety is the top concern for Americans traveling alone with 52 percent believing solo travel is a lot less safe.
  • More than a third (35 percent) of business travelers from the United States expressed concerns about safety at hotels, in contrast to 25 percent of Canadian travelers and 23 percent of travelers in Mexico.
  • More than half (53 percent) of business travelers from the U.S. say the physical location of their hotel alone has made them feel unsafe while traveling for business.
  • When asked what makes them feel unsafe, nearly half of U.S. travelers surveyed said they worry about an intruder breaking into their hotel room (44 percent) and hotel staff inadvertently giving their room key or information to a stranger (37 percent).

"Marcella3These travelers will spend a majority of their pre-trip planning process identifying and booking airline flight schedules, hotel accommodations, and scheduling on-site activities. Once arriving at their destination, it is off to the business meeting, conference, beach, mountain trail, or specialty cooking class.

Very few travelers (business travelers or those on holiday) will spend time considering and planning for their safety when traveling to or arriving at their final destination. While most every hotel property will place guest safety at the top of their list, guest safety begins with the guest.

According to the International SOS (MORI Global Business Resilience Trends Watch 2018), 53 percent of survey respondents indicated the biggest challenges in ensuring the health and security of a mobile workforce is educating employees about travel risks.

The Occupational Safety & Health Administration (OSHA) establishes baselines for workplace safety and health. Specifically stating, in part:

(a) Each employer shall:

  1. furnish to each of his employees’ employment and a place of employment which are free from recognized hazards causing or are likely to cause death or serious physical harm to his employees;
  2. comply with occupational safety and health standards promulgated under this chapter.

OSHA cannot cite employers for hazards to which employees are exposed abroad, although other courts and tribunals may consider what duties OSHA would have imposed on those workers in the U.S. or recommended as part of OSHA’s guidelines and recommendations.

With regard to international business travelers and assignees traveling in furtherance of the employer’s business, a United States employer would be remiss if it did not understand the potential for a negligence action to be filed and the costly ramifications of such a suit. Unfortunately, there is no clear line of case law on which an employer can rely when evaluating the risks of sending its employees abroad.

Therefore, employers must recognize what has come to be known as their “duty of care” obligations – in other words, employers have an obligation to their employees, to act in a prudent and cautious manner to avoid the risk of reasonably, foreseeable injury to their employees. This obligation may apply both to acts of commission and omission.

In addition, employers are due to build a broad culture within their organization addressing the health, safety, security and well-being of their employees and other related collaborators to the business. To do so, they are expected to develop and deploy appropriate travel risk management approaches to protect people from possible harm.

In a sense, employers have a moral, as well as a legal, responsibility and obligation for the health, safety, and security of their employees. Breaching duty of care may give rise to an action alleging negligence and may result in damages or in the criminal prosecution of the employer.

Whether you are an employer or employee, traveling for business, or you are taking that well-deserved holiday vacation, reviewing the following recommendations prior to leaving home will contribute to reducing your risk and increasing your personal safety.

Pre-trip

Don’t:

  1. Post your itinerary, travel plans, destination, arrival hotel, or any other personally identifiable information related to you or your travel plans to any social media outlet (save it for when you return, then you can share some photos).
  2. Take any items (photos, jewelry, credit cards, mementos, etc.,) you won’t want to lose. Things happen and if you lost any of these items, would you be okay with that?
    1. Empty your purse or wallet onto your bed. See anything in this pile that you could simply not afford (personally, psychologically, or financially) to lose? Yes! Then leave it home!

Do:

  1. Provide a family member, trusted friend, or if traveling on business, your company’s HR department, with a copy of your planned itinerary. This may include information regarding local contact numbers, hotels, tourist sights you plan to visit, local tours which have been booked, etc. Think! Will anyone know where I am, where to look for me, how to reach me in an emergency, or reach me at in general?
  2. If you have children (any age capable of and familiar with the use of social media) explain the risk of posting your travel plans to social media and then re-explain it again.
  3. Pack clearly written copies of prescriptions for any medications you take regularly or need in case of a “flare up.” 
  4. Bring with you in your carry-on luggage any medications you take regularly and include an extra two days’ supply. The extra supply may be needed in case you cannot obtain immediate refills locally or if your luggage is delayed, misrouted, or lost. It may be wise to give the extra supply to a travel partner so as not to have all medications in one bag if that bag is lost or stolen.
  5. Take duplicate copies of eyeglass or contact prescriptions or take an extra pair. Even an old pair will be helpful if your primary pair is broken or lost.
  6. Make copies of all of your travel documents, itineraries, and IDs. Keep several hard-copies with you (one in your carry-on luggage, one tucked into your checked luggage).
  7. Scan your most important travel documents: your passport, federal (U.S.) travel card, visas for countries you will be visiting if you are a foreign resident, any official documents you need for travel and re-entry into the U.S., etc. 
    1. If your passport is lost or stolen, you can go to the nearest U.S. embassy or consulate and seek an emergency replacement. Having electronic access to a color copy of your passport may help expatiate the issuance process as well as validate your identity.
  8. Pack a roll of duct tape, flashlight (with fully charged batteries), and a “storm” whistle. The flashlight will be invaluable if the power fails in your hotel and you need to move around your room or evacuate. The duct tape well, it has a thousand uses beyond sealing doors to mitigate exterior hallway smoke from entering your room. The storm whistle is the world’s loudest outdoor, emergency, safety, survival whistle. Helpful for sounding an alarm, summoning taxis, deterring muggers, and assisting others to find you if you are lost, hurt, or trapped in unfamiliar surroundings.
  9. Contact your bank or credit card issuer and advise them of your planned travel itinerary, travel dates, and if you anticipate making any unusual expenditures (think jewelry, electronics, special excursions not paid for in advance, etc.).
  10. Apply for and take a separate credit card you will only use for travel. Most business travelers have this nailed down since they either have a company card or already have separate travel vs personal cards. Leisure and infrequent travels most often use the same card for daily purchases as well as when they travel.
    1. Having a separate credit card to be used only when you travel will help to keep your travel expenditures separate from your personal day-to-day purchases. This will allow easier verification and identification of potentially fraudulent or mis-applied charges when you receive your statement.
  11. If you are traveling internationally, check with your bank or credit card issuer. You may be able to obtain a separate credit card that will not charge you a currency exchange fee when making purchases charged in the local currency.
  12. International travelers should research and consider local customs and dress etiquette before packing appropriate clothing with this in mind.
  13. Plan ahead for international travel and arrive with local currency (small denominations). The amount will depend on your destination.
    1. Typically, you should arrive with enough local currency to pay for public transportation from your arrival airport to your hotel, business meeting, conference venue, or for transfer to an inter-country, regional airport if you have onward flight plans (don’t forget the driver’s tip). 
    2. You should also have an additional amount of local currency on hand for a meal upon arrival. Room service may not be available for a variety of unanticipated reasons, upon your arrival, and you may need to eat locally or order delivery.
  14. Become familiar with the local currency before you arrive. Know the coins and paper money and how to distinguish various dominations. Fumbling with change or looking inquisitively at paper notes signals your “tourist status” and may alert thieves to offer their assistance while helping themselves to your cash or belongings.
  15. Check your phone provider’s international roaming policy. It may be more costly than you think. If you are planning travel to several countries and will not be spending a long time in each, you might want to consider a multi-country SIM Card.
  16. Be sure the area where you’re traveling (foreign country or even a domestic location) has the right type of medical care available, in reasonable proximity to your location, to take care of any possible more significant health issues, which may present themselves.
  17. Advise trusted neighbors of your travel plans. They may provide a watchful eye over your residence in your absence. Advise these same neighbors of any renovations, remodeling, landscaping, etc. projects you have scheduled during your absence. If none, then any activity should be considered suspicious and warrant a call to local authorities.
  18. Leave spare keys with a trusted neighbor (home and auto) in case either had to be accessed in an emergency. Would opening a door be a better option than breaking in one?
  19. Contact your local patrol district’s or police citizen’s representative. Ask if additional drive-bys of your house could be incorporated into the local patrol officer’s schedule while you are away.

While not often considered by many travelers, medical and emergency evacuation insurance may be a prudent investment. Policies and providers differ. Prior to purchasing such insurance, travelers should perform due diligence and conduct research on exactly what the provider’s policy does and does not cover for the premium paid.

What is your Plan B? Don’t have one? Think again about that upcoming trip and make one prior to stepping out the door.

Plan B consists of the actions you will take, routes you will travel, transportation modes you will use, places you will stay, if you have to evacuate a location (domestic or international), in an emergency – think typhoon, active shooter, chemical leak, terrorist attack, labor strike, etc.

Nothing speaks more loudly to managing risk in an uncertain world than being prepared to leave a location immediately, when normal means of doing so, are unavailable. How would you leave? Where would you go?

Does your organization have an employee extraction plan? If yes, has this plan been tested? Under what conditions is the plan put into motion? Who authorizes this action? How are employees notified as to a confirmed extraction point? If not, are you on your own? What is your Plan B?

Arriving at Your Hotel
  1. In a multi-storied property, ask for a room on the third floor or higher. Lower floors may make you susceptible to someone attempting to gain easier entry. 
    1. More than a quarter of United States travelers surveyed (29 percent) believe their room floor can impact their safety and security and opted for a higher floor when possible. Nearly a third of travelers (32 percent) said they avoid staying on the ground floor.
  2. If at any time (during check-in or throughout your stay), hotel personnel mention your room number with others around, request a room change. Someone overhearing your room number could compromise your safety or potentially allow someone to attempt to charge something to your room account.
  3. If you drive your personal car and plan on using the hotel’s onsite parking garage, look for a parking space in a well-lit area and attempt to park as close as possible to the hotel entrance, lobby, or ground-floor access. 
  4. Regardless if you park in a hotel parking facility, private municipality, or a contractor-owned facility, each can pose security and safety vulnerabilities to the traveler. Pre-plan and research your parking options/alternatives. If you must use an off-property parking lot, select a facility that is as close to your hotel as possible, provides on-site security, and has enclosed perimeter protection.
  5. Before leaving your car, check your surroundings and take notice of anyone outside of hotel employees hanging around. Be vigilant at all times. Lock your car and do not leave any valuables inside.
  6. If you must park your car a distance from the hotel’s entrance, phone the hotel’s front desk and ask a security team member to meet you in the garage and accompany you to the check-in desk.
  7. Use valet parking when in doubt. You can always move the car later.
  8. When asking for a duplicate or replacement key, if hotel personnel fail to ask for substantiation identification, immediately ask to speak with the manager on duty and report the oversight. Your objective is not to get the employee in trouble bu to protect your safety and security.
Arrival at Your Room

Don’t:

  1. Enter an elevator if you are alone with another occupant that seems suspicious. Wait for another elevator.
  2. Go to your room if someone is following you and slows or waits for you to proceed to a specific room. Such individuals may be waiting for you to open your door and then rush you and force themselves and you inside.
  3. Open the door to anyone whom you do not know or are not expecting. If the person claims to be from the hotel, contact the front desk first and ask for confirmation.
  4. Leave valuables (camera, jewelry, electronics, etc.) visible, unsecured, and potentially subject to misuse, destruction, or possibly theft.
  5. Just drop your bags, change, and head for the beach, meeting, dinner, etc.

Do:

  1. Drop your bags.
    1. Exit your room (take your key!).
    2. Find the two exits on your floor. Find the exit closest to your room. Is it to the left or right? How far down the hall? Would you remember and be able to find it in the dark, crawling on the ground to avoid smoke, or holding a screaming, disorientated child? 
    3. Check the stairwell exits. Can you re-enter the floor once you have exited? How many floors will you need to walk down to get to street level or up to a roof exit?
    4. Count the number of doors between your room and the exits. This will assist you if you need to evacuate in the dark.
    5. Find the fire alarms on your floor. Each year, there are an estimated 3,900 hotel and motel fires which cause 15 deaths, 100 injuries, and $100 million in property losses.
  2. Check the security locks on your room door. Do they work? Do the doors have multiple locks, including a deadbolt? If not contact the front desk and ask to be moved to a new room with working door safety locks. For added security, consider purchasing Items such as a door wedge, portable door lock, or a travel door alarm. Such devices are designed to provide added in-room security and peace of mind.
  3. Know how to operate the phone so it can be used effortlessly in an emergency. This may sound silly. However, not every phone in every hotel works the same. New mobile device options are springing up at hotels. Your ability to use the phone in an emergency warrants asking “how” if the operation is not logical and simple.
  4. How do you quickly obtain an outside line to reach emergency first responders? Is it zero (0), nine (9), or some other method?
  5. What is the emergency first responder number which must be dialed? In the U.S. it is 911. However, this number is not the same in all countries. Traveling internationally, do you know the country’s universal emergency telephone number? (For example: Egypt 123, Hong Kong 999, UAE 112, France 112, New Zealand 111.)
  6. If at any time you have a safety or security concern about your room, request a hotel team member or security personnel to accompany you to your room and inspect it.
Leaving Your Room
  1. Turn on the television (ESPN or a continuous news station) and set the volume low but auditable and leave on one or two lights.
    1. A potential intruder will think twice about attempting to enter if he/she believes there may be someone in the room. A light left on means you won’t walk into a dark room when you return.
  2. Hang the “Do Not Disturb” sign on your door. This in combination with No. 1 above will give the impression someone is in the room and may dissuade someone from an unauthorized access attempt.
    1. Thirty percent of travelers globally and 38 percent from the U.S. frequently adopt this cautionary method when traveling.
  3. If the hotel provides an in-room safe, use it to store valuable items. If there is no in-room safe, take valuables to the front desk and ask that they be secured in the hotel’s safe. Some hotels do provide individual, safe deposit-like boxes at the front desk for guest use to store valuables.
Take These Precautions No Matter the Destination
  1. Wash hands often with soap and water.
  2. Because motor vehicle crashes are a leading cause of injury among travelers, walk and drive defensively. Avoid travel at night if possible and always use seat belts.
  3. Don’t eat or drink dairy products unless you know they have been pasteurized.
  4. To avoid acquiring sexually transmitted diseases (AIDS, hepatitis B and C, syphilis) don’t have sexual contact with people whose health status is unknown or uncertain.
  5. Eat only thoroughly cooked food or fruits and vegetables you have peeled yourself. Remember: boil it, cook it, peel it, or forget it.
  6. Never eat undercooked ground beef and poultry, raw eggs, and unpasteurized dairy products. Raw shellfish is particularly dangerous to persons who have liver disease or compromised immune systems.
Summary

Educating all employees, especially those whose job requires frequent travel domestically or internationally, on safe travel procedures creates a safer job environment, a more aware employee, helps to reduce risk to both the employee and the organization, and contributes to a productive workplace environment.

Traveling for business or pleasure can entail certain personal risks. Being proactive and preparing yourself to mitigate these risks will help to reduce these risks along with unwanted travel related security issues and allow you to focus on the business at hand or that beautiful ocean sunset.

Safe travels!

"MarcellaAl Marcella, Ph.D., CISA, CISM, is president of Business Automation Consultants, LLC (BAC). Since 1984, BAC has been providing IT security, risk assessments, IT audit and training services to international clientele. Throughout his career Dr. Marcella has traveled extensively and worked in more than 50 foreign countries and in each of the 50 states.

 

READ MORE