The astonishing piece that is often left out of recovery plans

It’s astonishing in it’s simplicity.  The business often gets left out of disaster recovery and the resilience picture.  Disaster recovery is the continuity of your information systems but you certainly can’t recreate your business with simply a server.  That server has to live somewhere, it needs people to love and care for it and it needs a purpose.  Your IT manager cannot determine your purpose.  It must be held in the core vision of the organization.  Your plan needs the core competencies of your organization – how you create value.  This is the deliverable for the Business Impact Analysis process.  Don’t leave yours out!

Is risky the new safe?

With all the market crash and the down economy and the double dip recession is risky the new safe?  Can “knowing” your risks be tantamount to being safe from them?

REM calls it a day; When is the End of the World as We Know It?

As the popular song goes, “It’s the end of the world as we know it”.  REM is calling it a day, see here for the full story.  Crisis or no, what information do you need to know it’s the end for your group?  How will you feel fine?

Emergency Response Handbook

I’d like to hear what everyone is including in their emergency response handbooks – Let’s make a list we can refer to for updates.  Here’s a start.  We include basic emergency response items in our handbook:

evacuation/ shelter,
seismic activity (earthquake),
power failure,
hazardous materials spill,
medical emergency (first aid)
chemical & bio warfare exposure,
suspicious packages and bomb threats,
violence (including robbery),
pandemic health threat,
civil disturbance,
wind (tornado),
water contamination,
winter storm,
cyberterrorism/ identity theft/ data breach

we also include basics around:
incident command systems
crisis communications
We are in OK so there are doubtless more regionally specific threats. We do a high level risk assessment over all, then a more detailed assessment and monitoring for high risks. Response procedures are in a handbook for everyone that is separate from the BCM. This way we can educate and train without concern for strategy leaking or over-education. What are you including?

2010 Cost of a Data Breach

The Ponemon Institute presents the 2010 U.S. Cost of a Data Breach, the sixth annual study about the cost of data breach incidents for U.S.-based companies sponsored by Symantec Corporation. The average organizational cost of a data breach increased to $7.2 million and cost companies an average of $214 per compromised record, markedly higher when compared to $204 in 2009. The study also found that for the second straight year organizations’ need to respond rapidly to data breaches drove the associated costs higher. The sixth annual Ponemon Cost of a Data Breach report based on the real data breach experiences of 51 U.S. companies from 15 different industry sectors. Here’s their 2010 slide share.