Continuity Insights Conferences

 

Legend:

A - Case Study

B - Crisis Management

C - Emerging Issues

D - Measuring Program Effectiveness

E - Program Development and Methodology

F - Professional Development

G - Public/Private

H - Enterprise Risk Management

P – Plenary

 

Nearly five years after Hurricane Katrina devastated New Orleans, the reminders of a continuing recovery are evident throughout the city. As President Obama noted in a recent visit, “It's clear how far we have to go before we can call this recovery a success.”

 

By now we’ve all heard from the Katrina celebrities – the Michael “Brownie” Brown types of public figures that came (during the crisis) and went (shortly thereafter). Trotting out yet another figurehead to rehash war stories isn’t CI’s approach to telling the tale and revealing its lessons. What we’re committed to doing is providing a “ground-level” post-Katrina session that features civic leaders, first responders, and a local media who lived through the crisis and remain focused on New Orleans’ continued recovery. We’re bring you the people who made the tough calls while floods waters rose and continue to search for answers to complex questions.

 

In preparation for this informative, first-hand session, conference attendees are invited to participate in the Road to Recovery bus tour (see page xx) on Sunday afternoon, April 11, 2010, an experience that will yield sentiments ranging from encouragement to disappointment, inspiration to despair. The tour provides a foundation and frame of reference the plenary session.  

 

 

Richard Cocchiara, IBM Corporation

Attend this presentation and walk away with a better understanding of the potential resilience stressors your company may be facing, as well as the available technology, methods, or tools that may help mitigate negative risks and enhance positive ones. Included as part of this session is a suggested methodology for transforming a resilience strategy and architecture and potential pitfalls to avoid. The session will conclude with a discussion on future trends and directions for business resilience.

 

Michael Janko, The Goodyear Tire & Rubber Company

Hurricanes, tsunamis, earthquakes, flooding, political incidents, utility interruptions, pandemics, supply chain disruptions... As if it is not difficult enough to roll out an effective business continuity process globally that reaches nearly 70,000 employees, 100 major facilities, and over a thousand other retail stores and offices around the world, how does Goodyear's BCP team decide whether it has done enough, done it well, and what to do next? Goodyear's global teams conduct self evaluations of their process called "Business Continuity Excellence." If you can measure it, you can improve it. If you have a baseline, you can set goals, determine gaps and make it part of a continuous improvement process. Join us for a review of how this process was developed and what the evaluation entails. In addition, you'll hear how it helped the entire organization focus on helping to meet the needs of its customers and showing business value.

 

Brian Zawada, Avalution Consulting

Regardless of the size or purpose of your organization, there are business continuity strategies and practices that just plain work. What are these universal truths? Attend this session to find out. You’ll learn how to be successful during a crisis and the must-haves for your BCP Toolbox.

 

            Bill Lowe, Jacksonville State University

Leadership is the method by which leaders exert influence over subordinates, supervisors, and peers. Leadership inspires, motivates, and directs others in activities to accomplish group or organizational goals. When leaders are effective, the influence they exert helps the group achieve its performance goals. When leaders are ineffective, their influence does not contribute to, and often hinders, goal attainment because of the lack of commitment and motivation of group members. Effective leadership will increase your ability to meet business continuity challenges. During this session, we’ll review business continuity’s history of operational changes, describe challenges likely to impact us in coming years, and articulate effective and ineffective leadership approaches.

 

            Dan Hahn, Santa Rosa County

Public/private partnerships are real relationships, not the kind seen in soap operas. Trust must be established and mutual respect earned. Personal relationships usually involve give and take. So do these types of partnerships. In this session we'll explore initial attraction (Why does the private sector care about the public sector, and vice versa?) as well as motivation for continued commitment and tips for establishing and maintaining a healthy marriage of these two diverse groups. Good relationships can lead to strong families. Strong public/private partnerships can lead to strong communities.

 

            Alan Berman, DRI International

This workshop will provide a pragmatic view of integration of supply chain management within business continuity. It will emphasize the inclusion of supply chain within the business impact analysis. Additionally it will provide references to regulations that mandate including key suppliers and critical infrastructure providers into the business continuity process. The discussion of the effects that actual supply chain failures have contributed to the change in the business environment will be discussed to show how effective organizations successfully managed when a key supplier failed.

 

 

            Michael Keating, Navigant Consulting

For decades business leaders have sought to uncover the mystery of the relationship between business interruption insurance and business continuity. Adding to the shroud of darkness was the inability for most business interruption insurance policies to be understood by the mere mortal. Gratefully, brave men and women have trod where few have dared to tread and combined organizational resilience with the insurance coverage that is supposed to supplement it to produce cost savings and performance improvement. This session will feature how those experts have assisted actual companies.

 

            Terri Howard, FEI Behavioral Health

Often disaster recovery focuses on infrastructure, IT, and financial resiliency. But the reality is people are your business. The purpose of this session is to detail key elements of people support including psychological first aid, family assistance, and employee debriefing. Participants, through an interactive format, will explore the following:

•           Setting up psychological first aid "stations" both onsite and remotely

•           Establishing a family assistance center

•           Coordinating staff debriefing sessions

In addition, participants also will explore ways to prepare the workforce before an incident occurs. Being prepared through information, training, drills, and exercises helps employees to respond according to plan when needed.

 

 

            Nathaniel Forbes, Forbes Calamity Prevention

Water, disease, and civil unrest: these are the "Big Three" business continuity, emergency, and crisis management issues of the 21st Century. This presentation shows pictures of the current environment in the developing world, forecasts the impact on American companies, and suggests (possibly controversial) steps managers should be taking to prepare, mitigate, respond, and recover.

 

            Brian Strong, Blue Cross Blue Shield of Florida

Measuring program effectiveness is often considered the holy grail of business continuity. Learn how one company undertook a fearless journey into this nebulous terrain by viewing its program as a business process and embracing continuous improvement methodology. By utilizing a similar model, you can create metrics that will add value to your business continuity program and raise the level of awareness in your organization.

 

            Scot Phelps, Southern Connecticut State University

Business continuity is in the process of evolving away from plans and training toward systems that will utilize intuitive design (to simplify instructions, encourage good decisions, and discourage bad decisions) and focus on improving organizational resilience (moving from "how" to "why" organizations, "work from anywhere" using portable technology.) In this presentation, we will discuss the theories behind both concepts as well as the practical applications of each.

 

 

            Doug Sievers, Kroll Ontrack

It is not uncommon for a business continuity planner to be asked to perform a business impact analysis (BIA). Indeed, the BIA constitutes the first step in developing a sound continuity planning program. Without knowing how your organization might be impacted by a disaster, it is impossible to know whether, in the development and administration of your program, you are allocating time, budget, and resources to the areas most critical to the business. In this session, the speaker will share the approach he has developed and used to conduct numerous BIAs. The presentation will consist of reviewing each section of a five-part BIA questionnaire, discussing the face-to-face interview, addressing how to perform the analysis of data gathered, and illustrating the form of the deliverables the BIA ultimately yields. The speaker will make his questionnaire and deliverable templates available to the audience, as takeaways, and share methods for establishing a deadline-oriented BIA completion schedule.

 

            Geary Sikich, Logical Management Systems

            Bob Mellinger, Attainium

This intensive practical workshop addresses the confusion within the private and public sectors with planning, coordination, measuring, monitoring, responding to and managing the ever growing threats we face. The facilitated workshop will present a realistic scenario that focuses on critical thinking, issues identification, overcoming diagnostic biases, public/private sector partnerships that work and executive decision making.

1:00 p.m. - 5:00 p.m. Workshop (This is a four-hour session that overlaps breakout sessions from 1:00 p.m. to 5:00 p.m.)

            Tanya Raso, Medtronic

How do you ensure your organization is addressing its most critical continuity exposures? How do you know if you’ve reached your goal of resilience? If you’re challenged with implementing a business continuity program across a global organization, you may often feel as if you’re trying to boil an ocean with little result and no end in sight. This session will showcase how Medtronic, a global leader in the medical technology industry, conducted a company-wide business impact analysis and deployed a new scorecard in order to highlight its key exposures and bring management focus to its resilience efforts. The result: strong management commitment and specific action plans to create a more resilient organization. The presentation will describe the simple and pragmatic approach that was followed, review the tools and metrics that were developed, and, most importantly, highlight the lessons learned and key points you need to know to successfully bring focus and results to your company’s continuity program.

 

            Mike Jennings, RSM McGladrey

Climate change is having, and will continue to have, a large impact on many organizations. The effects of climate change can be seen in severe flooding, storms, heat waves, and droughts. Climate change represents a risk that can not be mitigated easily and will, in some way, impact your organization. During this session, you will learn about the effects of climate change on your people, operations, suppliers, and critical vendors. You will be compelled to think about your organization and the impacts of climate change as it relates to your ability to deliver goods and services.

 

            Scott Shaw, Aflac Insurance

This exploration of integrating security and business continuity will include discussion of developing a value-added risk mitigation model, tips for integration, and five-step recommendations for a business continuity plan. We'll also cover case studies and how to get security and BCP speaking the same language.

 

            Tim Mathews, ETS

A successful corporate strategy must consider and include elements of business continuity, disaster recovery, emergency response, and security. Today's global business environment mandates flexibility and insight into the overall marketplace, including risks, where business is conducted. The business must be able to adapt to adverse conditions and proactively respond to opportunities. Topics discussed will include: operational risk management, technology enablement, supply chain risk and leverage, strategic competitive advantage, an investment versus expense perspective, as well as the pros and cons of BC/DR standards.

Karen Dye Oakley, Sun Microsystems

Industry trends indicate business continuity planning is moving in the direction of ensuring business resiliency. The connection to operational risk management however is not always present within organizations. Risks need to be tied to an organization's mission and strategy. Risk profiles can be defined at both the enterprise and the functional level. The key to efficiency and effectiveness is a functionally-integrated solution, with all key stakeholders at the table. This workshop will present an overview of risk classifications, risk mitigation, as well as a practical process of connecting these risks to crisis management, business continuity, and business resiliency. Participants will be provided with tools to identify the current state of risk treatment and control mechanisms within their organizations. Potential actions for improvement will be discussed in a workshop format.

 

Kevin Cassidy, Thomson Reuters

This session will describe one company's responsibility when dealing with an actual medical event. Attendees will learn methodologies and strategies for dealing with a possible pandemic and efforts needed to keep employees safe and the business operational. What risks should be considered by a company when dealing with a medical crisis?

 

Clyde Berger, Genesis Global Group

BCP does not need to be complicated or over studied. This presentation will provide the participant with practical and useful ideas to develop a viable and sustainable program when budgets are challenged and world disaster events are on the rise. This presentation will focus on all that you really, really need to build a winning program that doesn't overtax your time or confuse your senior leaders.

 

Panelists: TBD

Moderator: Brian Zawada, Avalution Consulting

No matter how much technology has been employed to safeguard confidential information, your organization may still have a breach. When a compromise occurs, proper planning will enable your organization to respond, comply with legal requirements, and to protect your brand and constituents.

Forty-five states now require notification in the case of a breach of personally identifiable information (PII). As well, new federal legislation enhances requirements under HIPAA for data security and data breach notification in the event of a compromise of protected health information (PHI). Business decision makers, privacy officers, and contingency planners must understand the impact of this legislation, the timeframe for legal compliance, and the ramifications of non-compliance and lack of readiness. Knowing the requirements is the key to good planning, having the right people in place is the key to good execution, and effectively managing a data breach incident is the key to brand protection and good public relations.

Learn from a panel of experts who have developed and executed data breach incident response plans to manage actual events.

 

            David Sarabacha, Deloitte & Touche LLP

Have your worst case scenario plans become huge, unmanageable, and unrealistic for use at the time of an event? Have you built pandemic plans only to look at scenario planning and believe the number of possible events will never end or that you will not plan for the event that hits you? Maybe you are starting relatively fresh with a new program and want to be on the leading edge of preparedness. BETH3 is a methodology that allows you to protect and prepare your organization to respond using a practical focus, with a reasonable level of detail to capture and maintain. It focuses on the various assets impacted by an event, rather than on the event itself. Through a combined lecture/case study approach, attendees will be able to better understand the concepts, learn and apply them in real time, and leave with the ability to develop more specific, yet focused recovery strategies and plans for anything from a large scale natural event to an information-only event and everything in between.   

 

 

            Barry Cardoza, Union Bank

The Bay Area Response Coalition (BARCfirst), one of the nation’s regional financial coalitions, has been very successful at partnering at the local, regional, state, and federal levels for enhanced crisis preparedness and response. Partnerships include public sector agencies like the California Emergency Management Agency (CalEMA), the Governor’s Emergency Partnership Advisory Workgroup (EPAW), the Federal Reserve, Department of the Treasury, local governments, and county health agencies. Private sector partnerships include Business Executives for National Security (BENS), New York University’s International Center for Enterprise Preparedness (InterCEP), the Association of Contingency Planners (ACP), the Business Recovery Managers Association (BRMA), and many more. BARCfirst has also worked to place private sector representatives in many public sector emergency operation centers to integrate private and public crisis response efforts.

 

            Rich Schiesser, RWS Enterprises, Inc.

Today’s businesses’ ever-increasing need for large amounts of online information brings with it ever-increasing challenges for data backup and recovery. As companies expand, they are under pressure to avoid downtime and safeguard expanding amounts of data, and at the same time comply with the provisions of Sarbanes-Oxley (SOX). This session consists of three separate case studies of how companies planned for, dealt with, and recovered from actual disasters. These events had direct impact on data backups and restorations, SOX compliance, outsourcing options. The responses to each event led to several valuable lessons learned including a few that may surprise you.

 

            Thomas Wagner, Marsh

Most firms, in developing their business continuity management (BCM) programs, concentrate first on known or internal risks (e.g. IT DR) over which they have control. As BCM programs mature, firms seek to better understand their external risks. This session helps business continuity practitioners enhance their BIA process by identifying and quantifying risks in their outsourced service providers, critical supply chains, critical infrastructure providers (e.g., water, power etc.), and any other third-party firms upon which your company relies upon but does not control. Through a series of case studies, BCM practitioners will learn how to approach the problem and be provided with tools and techniques to significantly improve their BIA processes.

 

            Suzanne Bernier, Toronto Hydro-Electric System

Attendees will hear the many lessons learned as a result of the recent H1N1 outbreaks across the globe. Specifically, the presenter will demonstrate how the Toronto Hydro-Electric System responded throughout the various stages to keep staff informed, monitor events and coordinate response. The presenter also will outline how lessons learned were applied during the complete review and revision of previous pandemic plans and procedures. Based on the information provided, attendees will be able to compare and assess their own level of pandemic readiness. Please note that this presentation will be modified to reflect current reality, should further H1N1 waves/mutations occur.

 

            Dan Lamorena, Symantec Corporation

In today’s information-driven, always on, highly interconnected global economy, it is not a surprise that 24x7 availability and disaster recovery is a hot topic in the boardroom. Despite the attention from executives, high availability and disaster recovery is still a challenge to get right. IT organizations have been tasked with meeting increasingly strict service level agreements (SLAs), however making that more complicated is the increasing reality that over the next year, IT budgets will remain essentially flat.

Attend this session to get some best practices on how organizations are meeting their recovery time and recovery point objectives without breaking the bank. Learn some of the strengths and weaknesses of deploying server virtualization for availability and cost cutting purposes. Find out how other organizations are optimizing their disaster recovery testing procedures to eliminate risk and downtime.

 

            Doug Cassell, Mutual of Enumclaw

This interactive workshop is designed to get attendees from small and medium-sized organizations off and running with their programs. The moderator will work with the attendees to help set direction, next steps, and overall framework. The group will deal with common issues and share suggestions. This session will be valuable to people assigned to create or improve BC programs in small to medium-sized organizations where resources are limited and creativity is essential. Takeaways will be recommendations customized for the individual participant, including tools for setting up realistic timelines, obtaining management support, and motivating business functions to put forth the effort to assist in plan creation.

 

 

In March and April 2009, a novel influenza A (H1N1) of swine origin first appeared in Mexico. April 15, 2009, the first novel H1N1 patient in the United States was confirmed by laboratory testing at CDC; the second patient was confirmed on April 17, 2009. On April 22, the CDC activated its Emergency Operations Center and the following week the U.S. government declared a public health emergency. On June 11, 2009, the World Health Organization (WHO) signaled that a global pandemic of novel influenza A (H1N1) was underway by raising the worldwide pandemic alert level to Phase 6. Now that the Fall flu season has come and gone, what did it teach us? Join us as for a panel of experts, as they share their experiences and perspectives in dealing with the recent pandemic crisis. The panel will consist of members from business, government, and the medical profession.

 

 

            Mary Herbst, Medica

Attend this session to learn how a small insurance company in Minnesota implemented a business continuity practice around pandemic, and did it quickly! In under four months, 50 plans that encompassed the entire corporation were created and tested through tabletop exercises. Methodologym testing strategies, and more will be reviewed and tools to help you achieve similar success will be shared.

 

            Erin Owens, DFW First

This session will provide an in-depth analysis of the 2008-2009 banking and finance crisis. Do and should continuity programs plan for the worst-case scenarios: the killer threat to staying in business? Join the discussion of this timely topic.

 

            William Raisch, InterCEP New York University

In an era of just-in-time inventory policies, and increasing outsourcing of formerly internal business functions, firms are increasingly concerned about the preparedness of suppliers, especially those who provide mission-critical resources, sometimes termed “survival suppliers.” What is the state of key suppliers’ preparedness for disruptions from manmade or natural causes? Will these suppliers be there when you need them? These are critical but often unanswered questions. Indeed, some may but many suppliers may not have robust resilience and business continuity programs, irrespective of their size.   Yet in an age of increasing interdependencies, the disruption of critical suppliers could paralyze core operations of any business that relies upon them. While there is a rising acknowledgement of the need for a programmatic approach to supply chain resilience, the vast majority of companies have not yet developed a supplier assessment program. This is often due to the significant effort and resources required to develop such a program. For many their only choice is to wait until there is a failure on the part of their suppliers and then suffer the consequences.

 

However, a new program is in the design and development process that has the potential to dramatically advance supply chain resilience. The Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep) will provide a methodology to efficiently and effectively assess the resilience of any organization including critical suppliers in the supply chain.

 

            Phil Lambert, Center for Continuity Leadership

We do BC, DR, and CM everyday. We get everything completed on time and within budget. We make it easy for the business units to work with us. We build plans. We test plans. We train people. We empower people. But when do we measure our results? How can we measure the results? How can we create a substantially defensible measurement system that accurately conveys the value our continuity efforts are contributing to the company’s day to day operations? In this hands-on workshop, we will explore:

•           What is measurement and what can be measured?

•           Discovering and measuring the value of intangibles

•           The difference between ROI and ROO

•           How to break through the measurement maze with a six-step process

•           Leveraging reports to increase budgets and activity levels

•           Justifying investment in continuity efforts

 

 

            John Jackson, Fusion Risk Management

Aligning disaster recovery and business continuity to business objectives has always been a goal of continuity planners, but gaining executive-level support remains elusive to many. Understanding what your program must, should, and could address is a balance between complexity and cost. In this session, you will learn how to construct a comprehensive continuity and recovery profile that resonates with strategic decision makers. Though identifying and understanding risks are critical, addressing the maturity of program components can take many forms, from acceptance of risk to full mitigation. Having a comprehensive and well-balanced program isn’t as much about solving all the issues as it is about establishing the framework for communicating where the business stands and why.

 

            Susan Rogers, Bank of America

You are a subject matter expert in business continuity, disaster recovery, or information security. This session will explore how you may chose to make the transition from operation implementer to risk management overseer and, in doing so, achieve the independent view point that regulatory sources anticipate in a successful risk management organization.

 

 

A7       Project Management Lifecycle: Delivering an Automated Notification System to Support Business Continuity across Global Operations

            Elizabeth Borza, CBCP, State Street Corporation

Effective global communication during outages is the key to successful business continuity planning. With timely communication, you can focus more of your time on managing the incident to resolution. Notify is State Street’s automated real-time notification system that has the ability to notify various teams and individuals by using all communication devices. Notify is comprised of three components:

(1) an outbound alert notification to employees; (2) an inbound message center or employee status line for employees to call into; and (3) web-based bulletins for the incident management team to gather, analyze and report on business impact. Come learn about the scope of implementing a notification tool to support global operations to ensure that your communication tool is reliable and will work effectively in the time of need.

 

 

            Bruce Blythe, Crisis Management International

At the heart of any crisis and business continuity response are strategic decisions that will serve as “defining moments.” These strategic decisions have the critical power to bring you and your organization swiftly toward successful resolution, or they can spiral you deeper into entanglements that can increase the damage. Most crisis and business continuity preparedness is focused at the tactical and logistical levels. Beyond tactics, the attention here will be on strategic crisis and business continuity preparedness. Strategic crisis leadership concepts will be learned and experienced through expert commentary, from 'What would you do?' case study, and interactive discussion. Take-and-use materials will be provided, including a strategic crisis leadership checklist.

 

            Stephen Hoffman, iJET Intelligent Risk Systems

When the H1N1 2009 pandemic first emerged, it sickened thousands, but its relative mildness presented the perfect opportunity for organizational management to examine best practices and lessons gleaned from response to the virus’ spread. One year after the H1N1 Influenza A virus first gained international attention from its spread through Mexico and the United States, this session will examine the long-term impact the virus has had on organizations and the aftermath of the virus’ impact on continuity practices, as well as best practices for pandemic planning in a post-H1N1 world.

 

            Tom Kristofco, Wall Street West’s Center for Organizational Continuity

How has our profession evolved? What career path brought you to this place? What opportunities, experiences, education, and skill sets have delivered the most value to your position? What do you look for when hiring for your business continuity staff? A 2009 study titled the "Next Generation Business Continuity Professional" was conducted by Continuity Insights in partnership with Wall Street West’s Center for Organizational Continuity. Continuity Insights conducted this research as part of a larger program sponsored by the U.S. Department of Labor and the Commonwealth of Pennsylvania. The study profiled the education, experience, traits, and skills of active practitioners, then shared this information with institutions of higher education to help provide a baseline for establishing and expanding curriculum, credentials, and degrees. Attendees will find this information useful when developing, improving, and expanding their business continuity staff.

 

 

            Thomas Anderson, LSU, Stephenson Disaster Management Institute

This session explores the business emergency operations center (B-EOC). The B-EOC will work together with businesses, state, and local governments to identify gaps in regional preparedness and response capability, and then work together to fill those needs. The B-EOC will study, identify, document and apply best practices found in the field of public/private partnerships, guide the process of identifying business resources and personnel that can be made available during an emergency to state and local first responders, and educate and facilitate the incorporation of businesses as an integral part of public emergency planning and exercises.

 

 

            Steven Ross, Risk Masters

 

            Alan Salkowitz, TD Bank

In order to recover from an unforeseen event, people, processes, and systems must work together to restore business operations. This session will discuss how to integrate your business resumption and disaster recovery plan to produce a true end to end test. So you have your workgroup plans and disaster recovery procedures. Now, you must integrate the two to successfully recover your business. In this session we will explore how to create a process flow that will document the movement of a single transaction involving multiple resources, including people, systems, and infrastructure. Using that documentation, we will identify the necessary details and components to create a realistic recovery exercise. At TD Bank (formerly Commerce Bank), we had performed several exercises using multiple facilities, departments, and systems at the same time and on the same day to simulate a true disaster.

 

            Tom Serio, VerizonWireless

Attend this session to better understand the fundamentals of crisis management and what it is that you need to manage. Manage the expectations of upper management as well as your team leaders. Review actual crisis management configurations -- a centralized and a decentralized approach -- and how both work in the right case.

 

            Lynnda Nelson, ICOR

The need for organizational resilience has never been greater. Facing everything from hurricanes, earthquakes, tsunamis, war, terrorism, cyber attacks, workplace violence, broken supply chains, pandemics, to questionable business practices, organizations must be resilient to survive. A resilient organization is one that is able to achieve its core objectives in the face of adversity. This presentation looks at the characteristics of a resilient organization and 10 areas where organizations can increase their resilience and their ability to achieve their core objectives under all conditions.

 

            Debra Zoppy, Guardian Life Insurance Company of America

Don’t miss this opportunity to share in the real-life experiences of Debra Zoppy, director of crisis management and business continuity, as she explains how the Guardian Life Insurance Company of America looked to emergency notification technology (ENT) to help safeguard employees and maintain operations in the face of the 2009 pandemic threat. The best practices offered during this timely, informative session will assist organizations as they reassess their own contingency plans for future influenza outbreaks. Emphasis will be placed on the core of these strategies – communication between management and employees – as they work to sustain business during high levels of absenteeism. As evidenced by Guardian Life, ENT is a practical and reliable means for dispersing precautionary measures, office closures, remote work instructions, etc., during this public health threat.

 

            Cheyene Haase, BC Management 

How can the effectiveness of your BCM program be measured? Is it through an ROI? If so, how can an ROI be measured? Or, is business continuity viewed as a cost of doing business? BC Management’s International Benchmarking Advisory Board has chosen this topic as the 2010 awareness focus point for BC Management’s 9th Annual BCM study. This session will highlight the findings from the study and pin point any potential correlating factors between ROI/cost of doing business and the maturity of programs. Is there a correlation? Are more mature programs approaching business continuity differently to obtain and maintain the executives focus? How are more mature programs measuring their BCM program’s performance?

 

            Geary Sikich, Logical Management Systems

This presentation examines how practitioners, from responders to continuity planners, should deal with the unreported theory-practice divide that exists between actual response operations and the application of elements of less than practical emergency response theories. The findings come from a survey of case studies of significant crises: Hurricane Katrina, Bhopol, Exxon Valdez, World Trade Center, September 11,2001, and the recent financial crisis. Views of how emergency responders coped with the theory-practice divide are focused on two areas: behavior management and theory flexibility.

 

The findings are presented as an assessment of the case studies of each of the significant crises. Responders' educational (academic and specialized) experiences, educational philosophy, and personality type were found to be significant in influencing perceptions of the usefulness of current emergency preparedness and response theory. A filtration system model was developed where theory flows to practice through four main filters, with the amount of material progressing determining the size of the theory-practice divide. The major finding was that it was not so much the nature of this divide that was a hindrance to the development of emergency preparedness capabilities but the constraints of outdated emergency response theory imposed by current educational curriculum and teaching methodologies that prevent and preclude experimentation and development of up-to-date practical theories.

 

            Laurie Wonder, J.D. Power and Associates

This interactive workshop will explore coordination of all internal and external avenues of communication while dealing with a disaster or other type of business interruption. The ability to quickly react to the situation and deliver the right message can help preserve your company’s reputation and reassure customers that your company has a well thought-out crisis plan and is able continue business operations.

Presentation materials will include how to identify how your message is getting out, whether through official channels or indirectly, how to prioritize your communications tasks, and will include examples of pre-planning techniques, such drafting communications scripts and defining call times in advance and what information you should include in your emergency response and business continuity plans.

 

            Carmen Sunda, Louisiana Small Business Development Center, GNOR

The catastrophic devastation of Katrina taught many lessons to citizens of the city of New Orleans, Louisiana and America. One of the untold stories is the failure of corporate America. Corporations were not prepared to manage the needs of customers and a city operating in crisis. These failures of corporate America created further crisis and emotional turmoil by delivering disservice to their customers impacted by Katrina devastation. The presenter is a seasoned small business advisor and a New Orleans Katrina survivor who was personally impacted by Katrina and has been entrenched in the small business recovery of the greater New Orleans region. She will share the personal front line experiences of small business owners and individuals demonstrating how many corporations were unprepared to handle their Katrina impacted customer’s unique needs.

 

            John Pyne, North River Solutions, Inc.

Disaster resistance, a term used commonly a few years ago, emphasizes the importance of pre-disaster mitigation measures that enhance the performance of structures, infrastructure elements, and institutions in reducing losses from a disaster. Resilience reflects a concern for improving the capacity of all supporting physical and human systems to respond, recover and fully resume after extreme events. It is this term, resiliency, which is being used, and sometimes abused, but not really agreed on in scope or details. PS-Prep has a rather broad charge, encompassing preparedness in area of disaster recovery, emergency management as well as business continuity. While some will always continue to discuss the overlap of these practice areas, it is clear that the intention is to measure, and thereby allow for self certification, or first party attestation, since the program is both voluntary and intended to cover all businesses and organizations in the U.S.

 

            Ken Stoll, ID Techtion

You hear about them, you read about them and contemplate the effects if your organization were to suffer a data breach. You trust the smart folks over in the IT department who deploy state of the art firewalls and encryption protocols, etc. There are no guarantees you are immune from a data breach. While a data breach is not the worst thing that can happen to your organization, reacting poorly is. Accidental or malicious, a missing paper file or stolen laptop, learning you have just had a data breach is cause for immediate action. Depending on your next move you could invite fees, fines, lawsuits along with negative press and customer flight. This must see session will feature real life companies who got it right and the ones who were financially devastated. Keep your organization from becoming road kill on the information super highway by attending this session.

 

            Carl Jackson, Crisis Management and Continuity Planning Resource Center

"You get what you measure." Peter Drucker's management by objectives (MBO) philosophy spread like wildfire a few decades ago and since then enlightened management groups have attempted, sometimes successfully, and sometimes in vain, to establish effective metrics. Measuring the success, or value-added contribution, of the continuity planning program to an enterprise is tricky and often illusive. How do we define continuity planning goals? Based on what? Common and/or leading practices? Standards? MBO based outcomes expectations? Are the metrics strictly qualitative, quantitative, or a combination? And most importantly, are the metrics (or at least metrics methodologies) utilized across the enterprise and applied to all or most other areas? Once we have results based on these measurements, how do we reward and/or penalize those responsible? Are these rewards clearly stated and agreed upon in advance, or are we shooting-from-the-hip? This session will help attendees think through the issues and offer practical advice on how best to get started.

 

            Bill Lang, VCPI

This session will explain how one company breezed through the requirements to become certified as StormReady by the National Oceanographic and Atmospheric Administration’s (NOAA) National Weather Service (NWS). Understand the application requirements of the NWS and how they can be modified from community based to fit businesses. Topics of discussion will include: interfacing the StormReady program with existing life safety programs, key points required in the locations safety manual, as well as the NWS site visit and preparations for what will be expected and discussed.

 

            Justen Noakes, H-E-B

            Glenn Katz, Spacenet

H-E-B, one of the nation’s largest independently owned food retailers, implemented its own satellite emergency response communications plan to ensure access to critical services in the face of unforeseen events. During Hurricanes Dolly and Ike, H-E-B’s rapidly deployable satellite solution provided critical communications in support of emergency services for affected communities in Texas. The company was able to deliver relief supplies and provide pharmacy and business services to residents. This presentation will provide an overview of how H-E-B keeps its communications network working in any situation, and how others can benefit from the latest in satellite technology for business continuity and emergency response.

 

            James McGinty, Covenant Security Services, Ltd.

The active shooter is one of the most critical threats facing crisis management professionals today. This session will provide a detailed analysis of this phenomenon and how its elements have changed the traditional framework of emergency planning, to include the terrorist rampage in Mumbai, India. The presentation will also address why a terrorist incident and an active shooter should be treated as a similar incident. This seminar will provide the crisis manager with the five phases of an active shooter, enabling them to make effective plans and decision regarding emergency response and how a crisis team properly interacts with law enforcement.

 

            Ralph Petti, RP Risk Advisors, LLC

This session will address your most critical component for a recovery event - the ability of your team members to be available to go into action. Consider this, the disaster event is occurring and your recovery plan is in place...but, where is your team to carry it forward? In all disaster events, there are always key individuals that are torn between responding to their organizational needs and being distracted by events at home or with loved ones. By attending this session, you will hear many examples of this happening to organizations just like yours - and the lessons learned from those organizations. How will your executives act at this critical time? Are these employees members of critical departments such as HR, Personnel, Security, Operations? How do you know what resources are needed and what can be done at time of disaster to potentially save the business? How will everyone communicate if normal channels are compromised? This is a must-attend session focusing on new ideas, technologies and solutions that are available in the market today that provide for both personal and business recovery planning.

 

            Christopher Bauserman, IBM Corporation

Business executives and government officials are under intense pressure today to successfully pass an ever increasing number of security audits and certify compliance with what feels like a never ending list of regulations. This pressure causes many organizations to focus on doing the minimum work to pass the very next audit and implement a disconnected set of tools and manual process. Unfortunately, such a short-term approach fails to reduce true operational risk, such as the loss of confidential data, and it fails to reduce the operational cost of compliance -- which continues to rise for most organizations. Through a combination of best practices, leading technology, and customer case studies, this session will outline a path that takes you beyond compliance and toward true risk management and cost reduction.

 

 

If our experience in business continuity has taught us anything… it is that anything is possible, our professional lives are clearly unscripted. By popular request, we have reserved this final session as an opportunity to present and discuss the timeliest and most compelling topic on the minds of our attendees leading up to the conference. Stay tuned for updates!