Wednesday, December 15, 2010

Winter Weather

The closure of businesses and offices and the cancellation and postponement of sporting and other events due to winter weather can lead to lost revenue and an overall decrease in productivity. Even if businesses remain open, they may lose revenue if customers are unable to travel due to poor road conditions or employees cannot get to the office. While a loss of power and heat automatically prevents most businesses and offices from operating, the most cited reason for closure of businesses and cancellation of events was poor driving conditions. Get some help in planning for and getting through winter weather disruptions.

Here’s a winter checklist you can use to help you minimize damage from winter hazards. (Item #1) Make sure you have your business continuity plan updated to cover winter hazards. (Item #2) Sick workers can affect your productivity and your profitability; take some steps to help keep your employees well. (Item #3)

Last month, Michigan’s governor declared Winter Hazards Awareness Week; you, too, can benefit from Michigan’s foresight. (Item #4) Ice and rain can cause winter accidents; make your workplace safer with the tips in this article. (Item #5) If you’re preparing a talk for employees on winter safety, this item might be helpful. (Item #6)

Read the entire issue, back issues or sign up at

Friday, December 3, 2010

Contingency Planning for Meetings and Events

When you’re planning your annual conference or other important meetings, make sure you don’t forget to plan on how you will deal with disruptions that might impact your event. The articles below may be helpful to you in creating your meeting continuity plans.

When planning your event, don’t forget your emergency action plan. (Item #1) Do you have a plan to deal with strikes? (Item #2) Regardless of the reason or the season, planners must be prepared and have a clear plan, which starts with your hotel contract negotiations. (Item #3)

See how the Learning Disabilities Association overcame a floor collapse and snowstorm to avoid canceling its annual meeting. (Item #4) The safety and security of attendees is your responsibility. Here’s how you can reduce risk. (Item #5) This risk assessment checklist can help you figure out where your risks may be. (Item #6)

As always, we look forward to hearing about your concerns with regard to business continuity. If you have a topic you’d like to see covered, please email me.

Read the entire NewsBrief, back issues or sign up at

Tuesday, November 30, 2010

BCP Testing and Training

The reason we talk so often about testing your business continuity plans if because it’s so important. No matter how hard we work to write the plan, things change over time. People leave, job responsibilities evolve, and these can affect the plan. Take the advice in this week’s articles and begin to plan your testing now.

It’s not just what individuals know that matters in a crisis; you have to test the BC team’s crisis decision-making. (Item #1) It’s important to know the steps needed in testing your plan. (Item #2) This listing of objectives can be very helpful in planning your exercises. (Item #3)

Testing a business recovery plan is an important step to validate and check its content and approaches to ensure that plans are actionable before a possible real disruption. (Item #4) Involve your employees in testing and exercising your plans and get their input on it. (Item #5) For the general employee population, awareness of the business continuity plan is essential for on-going support and commitment. (Item #6)

As always, we look forward to hearing about your concerns with regard to business continuity. If you have a topic you’d like to see covered, please email me.

Read it all at

Friday, November 12, 2010

Holiday Issues

Holidays give employers an opportunity to provide time off from work and employees get to spend extra time with family and friends. Holidays also present challenges for both employers and employees:  which holidays to observe, how or if to pay for holiday leave, accommodating diversity and religious beliefs and practices, whether or how much bonus or gifts to give to employees, serving alcoholic beverages at company parties, and handling the holiday blues or depression that some employees experience. This week’s articles may help you with these issues.

Your business continuity could be compromised during the holidays, if you don’t make sure your plan can be implemented with people off on holiday breaks. (Item #1) Here’s a look at the legal issues and some cases addressing employer liability for alcohol-related incidents. (Item #2) If you’ve got questions, the expert has answers. (Item #3)

If you’re concerned about holiday party risks, here are some alternatives to the annual event. (Item #4) Here are some tips on how to avoid sexual harassment claims as a result of the holiday party. (Item #5) If your workplace is diverse, you should appreciate the help in this article. (Item #6)

As always, we look forward to hearing about your concerns with regard to business continuity. If you have a topic you’d like to see covered, please email me.

This issue, as well as all of our back issues, are available at

Wednesday, November 10, 2010

Emergency Supplies

Once again, it's time for our annual issue featuring suppliers of emergency supplies as well as the checklist. This is a much requested edition of the NewsBriefs, and we hope you will find it useful. Please note, however, that the inclusion of a supplier in the newsletter is not an endorsement, but simply an acknowledgement that these providers have supplies available. If you're considering getting your emergency kits together, see what's offered here and also try looking for "emergency supplies" with your favorite search engine.

The web site provides us with a checklist to guide us in creating emergency kits. (Item #1) This supplier provides a variety of goods and information that might be helpful to you as you put your kits together. (Item #2) Here you'll find items you need for your emergency kits, plus some suggestions for gifts to help make others safer. (Item #3)

This supplier specializes in complete 72-hour kits – enough supplies to last for 72 hours. (Item #4) Here's another supplier of all types of materials and kits to get you through a crisis. (Item #5) Don't forget water—here's all you need to know about preparing and storing it. (Item #6)

For the complete issue or to subscribe, go to

Wednesday, November 3, 2010

Do we need to re-think Terrorism?

Last week’s attempt by terrorists to get explosives into the US has made us all stop and think about how real the terror threat still is. Because it’s become more difficult to attack large prominent locations, terrorists are beginning to focus on smaller facilities. If you’re wondering how to make your organization safer, this week’s articles can help.

Terrorism preparedness requires two actions: taking steps to harden a specific facility from a terrorist act, and taking steps to mitigate an act should it occur. (Item #1) This article contains good guidance for risk assessment and creating business continuity plans that will lessen the impact of events that threaten a business or organization. (Item #2) Planning for the aftermath of terrorist incidents is very similar to planning for other disruptions... you have to consider consequences and resources. (Item #3)

Terrorism experts agree that an attack is likely to succeed because of complacency; look over these tips from a security consultant. (Item #4) Taking these steps can help you be better prepared to face terrorist threats. (Item #5) If your building has suffered damage from a terrorist action, here’s how to help employees believe it’s safe again. (Item #6)

Get it all at

Wednesday, October 20, 2010

Crisis Communications

The need for a crisis communications strategy and plan has never been as crucial as it is today. The catastrophic events of recent years have shown that relying solely on traditional communications tools for contacting employees, customers and other constituents in a time of need is not enough for relaying vital information. Every organization can find itself in a crisis. This week’s articles can help you handle the communications aspects of a disruption.

Many people view crisis communication as strategy for protecting corporate reputation carried out by public relations and legal – not as a strategy for rapid decision-making amongst executives and decision-makers and the rapid mobilization of response teams. (Item #1) Whatever the reason for invoking your business continuity plan, there are a number of aspects that will involve communication. (Item #2) Email's primary role as a communications vehicle means that, in an actual disaster, the inevitable outage not only hampers the running of the business, but significantly curtails the business's ability to respond and recover from the disaster in the first place. (Item #3)

These examples of inappropriate crisis communications policies, culled from real-life situations, will provide a tongue-in-cheek guide about what NOT to do when your organization is faced with a crisis. (Item #4) Here’s everything you wanted to know about the John Edwards lesson of career implosion - and what you can learn from it. (Item #5) It’s not easy to get senior management to actively support crisis communication plans. (Item #6)

Read this issue, as well as back issues, at

Tuesday, October 12, 2010

Testing Your Business Continuity Plan

Although your business continuity plan is supported by state-of-the-art technology and superb written documentation, it could still fail if you don’t test it now and then. Regardless of how wonderful a plan may look on paper, you will run the risk that things just won’t work in an emergency if you haven’t tested the plan. This week’s articles provide some help for testing and exercising your plans.

The primary reason to exercise is to identify limitations of business continuity plans. (Item #1) What are the keys to a successful business continuity exercise? (Item #2) Planning is good, but practice makes perfect. (Item #3)

How can you make business continuity training a top priority? (Item #4) Establishing a testing and exercise program within the organization reduces the risk of failed recovery and has many benefits. (Item #5) Testing your BCP using a simulated disaster helps ensure success in the event of an actual disaster. (Item #6)  And finally, check out what a few of Attainium's customer have experienced with their plan testing and exercising. (Item #7)

You may also want to learn more about Attainium's Plan Testing and Exercising services  which range from prepackaged Conduct It Yourself scenarios to custom tabletop exercises designed for your specific requirements and delivered at your location.

The entire issue is available at

Wednesday, October 6, 2010

Business Continuity / Disaster Recovery Case Studies

Many businesses are already prepared for disruptions with completed, tested business continuity plans. The case studies below could help you to plan, update or modify your strategy or plans by showing you the approach other organizations have taken in specific situations. It’s always less painful to learn from others’ experiences!

One firework could have brought down a business. (Item #1) Read about some of the lessons this company learned as the result of a disruption. (Item #2) Glasgow Airport’s business continuity management (BCM) strategy came into its own during a car-bomb attack. (Item #3)

A suspicious powder put Norwich Union’s BC plan through its paces. (Item #4) An exploding bomb put Marks & Spencer’s plan to a test. (Item #5) If you’re not aware of your critical vendors’ BC plans, take note of this case study. (Item #6)

Get it all at

Wednesday, September 29, 2010

Mass Notification Systems

Whether you own or rent your facility, you have to protect your employees and others who use the building or who are simply visiting. How do you do this? Mass notification systems are the tool most organizations use today. The object is simple: notify a large number of people in the shortest amount of time. This week’s articles offer some insights into how these systems work, how you can put them into effect and even provide links to some providers of these solutions.

A mass notification system should not only be versatile enough to contact individuals regardless of where they are, but also able to reach out to pre-defined areas regardless of whom is situated there. (Item #1) The first step is to develop a notification plan, which serves as the basis for developing a mass notification system that delivers emergency messages. (Item #2) Here are some things to keep in mind when planning or upgrading a mass notification system. (Item #3)

When planning an MNS, keep in mind the importance of ensuring that the hearing impaired must get the same message and training as the hearing. (Item #4) This article contains information about the regulation of mass notification systems. (Item #5) Confused about what’s out there? Here are links to some available systems. (Item #6)

Read the entire issue and subscribe at

Wednesday, September 22, 2010

Cyber Security Awareness

This week is Cyber Security Awareness Week (CSAW). Cyber security awareness programs impress upon users the importance of cyber security and the adverse consequences of its failure. Awareness may reinforce knowledge already gained, but its goal is to produce security behaviors that are automatic. The goal is to make "thinking security" a natural reflex for everyone in the organization. This week’s articles contain information that will help you protect the confidentiality, integrity, and availability of information in today's highly networked systems environment.

An information security audit is one of the best ways to determine the security of an organization's information without incurring the cost and other associated damages of a security incident. (Item #1) Why is security awareness and training so important and what constitutes a security awareness and training program? (Item #2) Here’s how to implement a security awareness program in your organization. (Item #3)

Do you know what sorts of fundamental rights people have with respect to their data? (Item #4) There are seven steps chief information security officers can take to launch their organizations in the direction of Information Security compliance. (Item #5) What do you know about the Internet Kill Switch? (Item #6)

Read the entire issue and subscribe at

Wednesday, September 15, 2010

Employee Issues

Everyone says it – our employees are our most important asset – but many employers don’t take the proper steps to either maintain the safety of that asset or to prevent legal problems brought by employees. You have to engage, not just inform, your employees. You need to ensure that proper background checks rule out people who could be a danger to your workforce. In addition to hiring, you need to know how and how not to fire people. This week’s articles focus on these important topics and can provide you with good hints and tips.

Employers face challenging issues relative to employee safety and security. (Item #1) Here are four reasons that IT executives charged with BC/RM/DR need to consider their employees heavily in their plan. (Item #2) Unless you've followed good practices to enable you to defend against termination claims, at-will employment status of your employees will do no more than look good on paper. (Item #3)

If you want to avoid legal action, then you should avoid making these employee termination errors. (Item #4)  Everybody needs HR, both in good times and not-so-good times; the business continuity planner is no exception. (Item #5) The business losses that can be reduced by background screening - including turnover, theft/fraud, and catastrophic events (and their resultant legal losses) - add up to over $1.5 trillion annually. (Item #6)

Read it in its entirety at

Wednesday, September 8, 2010

Reputation Management

People are talking about you, and today’s search engines have the ability to unearth whatever they are saying. They are a tool that everyone uses – employers to check on potential employees, potential employees to check on potential employers, investors to check on a company’s employment health, potential members to check on organizations they may want to join. It’s critical, therefore, that every organization and individual know how to check their online reputation and to do it often. This week’s articles can help you do just that.

Unfortunately, perceptions – and your online reputation -- are not always based on fact, but on opinion, conjecture and rumors. (Item #1) If you don’t control your brand online, someone else will. (Item #2) In a world that grows more digital by the day, a new adage has emerged: "You are who Google says you are." (Item #3)

Online reputation management is becoming big business, as companies look to track what’s being said and measure the success of their social media marketing strategies. (Item #4) Proactive PR is important for online reputation management, because it means you are creating positive search engine results, which can keep negative search results from ever appearing. (Item #5) This post outlines – and provides links to -- some of the free tools available for monitoring your online reputation. (Item #6)

Read it all at

Wednesday, September 1, 2010

Business Continuity Testing and Exercising

The best way to measure your business continuity and disaster preparedness plan is to put it in motion and test it. This is a great way to show management, employees, clients and prospects that you have done all you can to ensure business as usual, no matter what. Most important, testing will let you know if your plan will work, and, for some companies today, testing is a compliance issue. Over time, you will have to test all the elements of your plan, but you don’t necessarily have to do them all at once. This week’s articles will help you discover what a good test should accomplish and how to go about finding out if you can count on your plan in a disruption.

Like so many things in life, in order to become proficient in any physical or mental process, it is necessary to practice. (Item #1) Business continuity and disaster recovery experts stress that business continuity plans and tests are essential for your IT disaster recovery environment, but why? (Item #2) Could you really recover using your plan documentation? (Item #3)

Here are six tips and three scenarios to get you started on a tabletop exercise. (Item #4) Through testing, you will reduce both recovery time and risks, ultimately protecting your business and the employees and customers who rely on you. (Item #5) Are you having a problem getting employees trained? (Item #6)

Learn all you need to know about testing and exercising your BCP. Read the complete issue at

Wednesday, August 25, 2010

National Preparedness Month

September is National Preparedness Month (NPM). The goal of NPM is to increase public awareness about the importance of preparing for emergencies, including natural disasters and potential terrorist attacks, at home, work and school. It is “designed to encourage Americans to take simple steps to prepare for emergencies in their homes, businesses, and communities.” Events and activities across the nation encourage individuals and businesses to get an emergency supply kit, make a family emergency plan, and get involved in preparing their communities. National Preparedness Month is sponsored by the Department of Homeland Security's (DHS) Ready Campaign. This week’s articles focus on some of the things you should be considering during the month.

Gain access to resources to help you observe National Preparedness Month. (Item #1) How do you measure your readiness quotient? (Item #2) It’s almost flu season; what can you do to get ready? (Item #3)

Here’s some advice on what you need to include in your survival kit. (Item #4) Take action before the disaster strikes and things may go more smoothly if it happens. (Item #5) What can you do to protect your business, employees and customers? (Item #6)

Read all about National Preparedness Month in this issue of the NewsBriefs at

Wednesday, August 18, 2010

Business Continuity Planning

Business continuity and disaster recovery planning has become a priority in many businesses, but there are many in which it has not. How does it rate in your organization? Do you have a plan? Do you test it, update it, and educate your employees about it? Whatever the status of your plan, you will find helpful information in this week’s articles.

Good business continuity plans will keep your company up and running through interruptions of any kind. (Item #1) Having a strong continuity plan in place means that a natural disaster doesn’t have to be a complete catastrophe for your business. (Item #2) FEMA’s ReadyBusiness pages offer much helpful information about what you need to do to stay in business after a disruption. (Item #3)

AT&T research finds business continuity planning more common, and takes into account more issues including supplier readiness. (Item #4) The next incident is always the one you have not thought of! (Item #5) The first step to determining where your disaster recovery center should be is to map the probable threats to your company. (Item #6)

The full issue is available at

Wednesday, August 11, 2010

Getting Buy-in

Buy-in. Without it, sometimes you just can’t get plans approved or implemented. You need management approval to get started, but you need everyone’s buy-in to make plans successful. The articles below discuss getting buy-in from everyone in order to bring your plans to reality and to actually put them into use.

Here are some common problems encountered when implementing a new project and practical steps to overcome these. (Item #1) Managers don’t often see the value in projects that don't immediately deliver ROI. (Item #2) Buy-in is achieved by continually including, in all aspects of the implementation process, the people who will use and be responsible for the solution. (Item #3)

Here are five steps toward management buy-in. (Item #4) These tips will help you get your proposals accepted. (Item #5) The cost of not getting buy-in is immense. (Item #6)

Read it all and subscribe at

Monday, August 2, 2010

Workplace Violence

Between 1992 and 2006 (the latest year for which figures are available) workplace homicides averaged 800 per year. Studies show that 1 million or more violent situations occur in the workplace every year! Workplace violence is very real and can explode anytime and anywhere. Threats, bullying, physical violence and even gossip can be classified as workplace violence, and any of these situations could lead to litigation, which could cost you plenty and even damage your reputation. Read this week’s articles to see how you can help prevent incidents of workplace violence.

While policies and raising awareness can't completely insulate any nonprofit from the risk of workplace violence, it will help. (Item #1) While you can't always predict and prevent workplace violence, you can plan to limit its impact. (Item #2) This article looks at the problem of employee violence and what employers can do to deal with the issue and prevent a potentially devastating event in their workplaces. (Item #3)

The initial step is to assess the potential threat of workplace violence based on the nature of your business and on the types of facilities and their locations. (Item #4) By being more aware of our people and our actions, we can often prevent violence long before it has a chance to touch us. (Item #5) Litigation can result from any incident of violence in the workplace. (Item #6)

View back issues and subscribe at

Wednesday, July 28, 2010

Building Security and Survivability

In addition to your employees and tenants, servers and software, your procedures and processes, you have to be concerned with the security and survival of your facility as much as possible, because your facility encases everything that’s important to the continuity of your operations. Take a look through this week’s articles for some tips on how to improve your building security and survivability.

Have you done what you can do at all of your facilities to improve your chances for uninterrupted operations? (Item #1) An audit is conducted to evaluate compliance with specific, measurable criteria. (Item #2) Is Your Company Prepared Should a Disaster Strike? Will You Be Action or Reaction Oriented? (Item #3)

Traditional evacuation plans developed to meet the threat of fire are no longer sufficient in work environments where there is a threat, however small, of a terrorist attack. (Item #4) Inside every office building, factory, warehouse or other work area, someone is in charge of managing the environment where you work and ensuring that the building is safe.(Item #5) An access control security system allows building management professionals to do more than just control admission to restricted areas. (Item #6)

Read the entire NewsBriefs as well as back issues at

Tuesday, July 20, 2010

Testing Your Business Continuity Plan

Training and testing are the keys to the success of any continuity or disaster recovery plan. A plan simply can’t be relied on to work properly unless it has been tested before it is actually implemented during an emergency. Practicing emergency response helps ensure that the plan will work as expected in an actual emergency. In addition, exercising the plan can reveal problems or weaknesses in the plan and identify need changes. This week’s articles offer ideas about testing and exercising your plan.

What is required to ensure that an exercise is effective? (Item #1) The development and implementation of the functional exercise program will help ensure you’re ready when the next disaster strikes. (Item #2) Are you testing all of your plan at least some of the time? (Item #3)

Just how ready is your disaster recovery plan? (Item #4) In the event of a disaster, a backup provider should be able to restore all data within 48 hours. (Item #5) Business continuity plans should be tested and updated regularly to ensure that they are up to date and effective. (Item #6)

Read the full issue at

Monday, July 12, 2010

Social Media and Business Continuity

Social media offers opportunities -- and threats – with regard to business continuity. Many companies are integrating social media into their business continuity plans, but others are reluctant to jump on the bandwagon. Clearly, social media is becoming an important part of our society, so it’s important to take a look at it, learn about it, and determine if it can work for you. This week’s items may throw some light on the subject and help you determine if you should consider it as a tool for your organization.

The full power of social media comes perhaps best to light in times of disaster, when up-to-date and current information is crucial to get out to as many as possible as soon as possible. (Item #1) Social media are the greatest gift to crisis management and business continuity planning that has ever been invented. (Item #2) To keep yourself and your business out of the courtroom, brush up on the new rules and regulations, remain vigilant and act responsibly. (Item #3)

Social media has significantly changed how many companies communicate with their customers, employees and vendors – so it might be time to reflect that shift in your crisis communications plans. (Item #4) Used together, social media tools can help you build a truly amazing social media campaign for brand building or reputation management. (Item #5) Finally, there are those who think social media is not ready for prime time. (Item #6)

The entire issue plus subscription information is available at

Thursday, July 8, 2010

Crisis Communications

There is one critical thing to remember about a crisis: It CAN happen here! And, if it happens, you need to have steps in place to respond to it and keep your organization going. There are three major steps in responding to a crisis: 1) gather all the information you can about the crisis and double check it; 2) communicate what is happening to all stakeholders (don’t forget employees); and 3) monitor media and online stories to make sure information is correct; if it isn’t, do what you can to correct it. This week’s articles can help you prepare a crisis response plan and to figure out what role social media can have in that plan.

This sample Crisis Communication Plan can help you draft yours. (Item #1) It's how you handle a crisis with the media that will likely determine whether that crisis builds or seriously damages your company.(Item #2) Good news travels fast online, but bad news travels faster. (Item #3)

Can there be a balance between a business's need for quality formal communications in a crisis situation -- and the personal, informal nature of blogging? (Item #4) When should a company use social networking or resume its social networking activities post-crisis? (Item #5) What can you learn from the John Edwards scandal? (Item #6)

Read the entire issue at

Friday, June 25, 2010

Phishing and Identity Theft

More than 10 million Americans are victims of identity theft a year. A recent survey estimates that the dollar value of the crime was $52.6 billion in 2004. Individuals and businesses alike are at risk. This week’s articles can help you make your family and your business more secure against phishing and identity theft.

What does a phishing email look like? (Item #1) The stories keep coming about the growing number of large-scale security breaches. (Item #2) Identity theft has severe consequences to victims, their families, and employers. (Item #3)

Just a fisherman would use a spear to target a single fish, spear phishing targets individuals. (Item #4) The IRS urges consumers to avoid falling for these recent schemes. (Item #5) This report is intended for technically sophisticated readers such as security practitioners, executives, researchers, and others who wish to understand methods employed by online identity thieves and countermeasures that can prevent such crimes. (Item #6)

Get it all at

Wednesday, June 23, 2010

Business Continuity and the Economy

The current unsettled economy can impact business continuity in many ways. Even though there are signs that the economy is beginning to recover, businesses are still failing at a high rate. Organizations have been forced to adjust their business model and operating costs by reducing workforce, seeking other cost-saving opportunities, and developing business contingency plans for changing economic conditions. As the economy continues to stall, however, companies are now focused on managing emerging risks that could have an impact on long-term sustainability. It’s clear that mitigation or contingency plans need to be developed for their ongoing survival.

Traditional hazards certainly have not gone away in the current economic climate, but newer disruptions have gained prominence. (Item #1) In many businesses, managers are reluctant to release funding for this activity due, at least in part, to current economic difficulties. (Item #2) Recessions amplify risks; the absence of a tested plan is therefore much more dangerous in a recession. (Item #3)

Are you worried about the impact of the economy on your business? (Item #4) Until times are flush and money flows freely, it seems to be economically sound to maintain the business continuity function. (Item #5) Gone are the days when the days when an organization's business continuity planner could tick off a set of standard risks such as power failure, fire, flood, and perhaps vendor failure. (Item #6)

Read this issue, view past ones or even subscribe at

Wednesday, June 16, 2010

Compliance and Governance

Regulatory compliance and corporate governance many times go hand-in-hand, working together to keep organizations out of trouble with the government and, therefore, preventing disruptions that could damage reputation and the ability to continue operations. Every year, it seems, brings more concerns about compliance; regulators are now warning about social networking and its potential for problems. While it is important to ensure that compliance and governance are always on your radar, even 100% compliance isn’t the answer to keeping you 100% safe from disruptions.

Is management been placing too much emphasis on compliance? (Item #1) Businesses will not only have to monitor social networking communications, but they will have to capture the traffic, audit it and log it. (Item #2) Do you have all your corporate-governance ducks in a row? (Item #3)

Here are some steps that make the difference between a positive or negative audit experience. (Item #4) ISO 31000 is a standard to help public, private or community enterprises, associations, groups or individuals manage risk effectively. (Item #5) What do you know about the Red Flag Rule? (Item #6)

Read it all or subscribe to our Business Continuity NewsBriefs at

Tuesday, June 8, 2010

Plan Testing and Exercising

How often should you test your business continuity plan? As often as possible and as much of it as possible. Unless the plan is brought out and tested on a regular basis, there is the risk that some things won’t work if a real emergency does occur. If your plan needs testing, this week’s articles focus on the importance of testing and provide information on how to do it.

A large percentage of organizations do not test their business continuity plans. (Item #1) There’s nothing like a crisis to show you what’s not working. (Item #2) The key components of an effective exercise can be broken down into three simple activities. (Item #3)

You won’t know if your plan works unless you test it. (Item #4) Here are some sample table-top exercise scenarios to help you put your plans into action. (Item #5) Exercises and tests offer different ways of identifying deficiencies in IT plans, procedures, and training. (Item #6)

Get it all at

Wednesday, June 2, 2010

Hurricanes/Summer Weather

Summer is not far away – meteorological summer begins June 1 – and neither are the dangers of summer: hurricanes, floods, storm surge, lightning, high temperatures, humidity, water accidents. NOAA expects an active to extremely active hurricane season, and some areas of the country will experience extreme high temperatures and drought. All of these situations can threaten your business and your employees. Make sure you’re prepared to prevent as many disasters as possible and to recover in the event disaster strikes. The articles below offer some help in keeping your business operating.

Here are some tips to help you protect against hurricanes. (Item #1) This flood preparation guide can help you start or finish your plan and enhance your preparations. (Item #2) You can help yourself and others avoid experiencing heat disorders by following these safety rules. (Item #3)

Power failures, often the result of stormy weather, can mean data loss – and more. (Item #4) Lightning is a killer. (Item #5) If the worst does happen, this brochure can help you in your efforts to get back to normal. (Item #6)

Read the entire issue at

Tuesday, May 25, 2010

June is National Safety Month

The National Safety Council (NSC) has designated June as National Safety Month and encourages businesses to get involved and participate in safety activities. The goal is to bring attention to critical safety issues that can affect your employees – and their families -- on or off the job. Workplace Safety Week is June 4-10. You can visit the NSC site at for information and activities. Also, the articles below provide additional information on some important safety topics.

Workplace injuries are costing businesses plenty in dollars and related productivity costs. (Item #1) Small businesses have safety concerns that may differ from larger employers. (Item #2) Reducing stress can help improve physical and emotional health. (Item #3)

Information in the workplace can help prevent home-related injuries. (Item #4) Here are some ways you can participate in National Safety Month. (Item #5) NSC provides some good explanations about why using even hands-free cell phones while driving is risky. (Item #6)

The entire issue is available at

Tuesday, May 11, 2010

Mass Notification Systems

When a disaster is imminent – or already upon you – how do you meet the need to communication to everyone in your facility or on your campus? Today’s answer to this challenge is the mass notification system (MNS). This week’s articles provide information on planning for and selecting a MNS that meets your needs.

Asking a few basic questions can help you the mass notification system that is appropriate for your organization. (Item #1) To better protect their corporate offices, industrial complex, or college campus, facility managers have begun asking questions about MNS technology and its varied applications. (Item #2) This article offers several steps in MNS – starting with planning. (Item #3)

Because a single form of communications might not be sufficient, an MNS must be versatile. (Item #4) A fire alarm system is a life-saving necessity for an organization; but is it enough? (Item #5) A solid understanding of mass-notification systems can help you evaluate which system will best meet your organization's needs. (Item #6)

For the entire issue or past issues, go to

There's Value in Business Continuity Planning

When a disaster is imminent – or already upon you – how do you meet the need to communication to everyone in your facility or on your campus? Today’s answer to this challenge is the mass notification system (MNS). This week’s articles provide information on planning for and selecting a MNS that meets your needs.

Asking a few basic questions can help you the mass notification system that is appropriate for your organization. (Item #1) To better protect their corporate offices, industrial complex, or college campus, facility managers have begun asking questions about MNS technology and its varied applications. (Item #2) This article offers several steps in MNS – starting with planning. (Item #3)

Because a single form of communications might not be sufficient, an MNS must be versatile. (Item #4) A fire alarm system is a life-saving necessity for an organization; but is it enough? (Item #5) A solid understanding of mass-notification systems can help you evaluate which system will best meet your organization's needs. (Item #6)

The whole story is available at

Tuesday, May 4, 2010

Employees and Business Continuity

We always talk about the fact that our people are our most important asset. Now is the time to assess how well we are handling this asset and to consider the employee’s role in business continuity – or, as one of this week’s articles calls it – the Employee Factor. There seem to be almost no end to the employee issues you are required to deal with; hiring, firing, privacy, safety, and ethics are only some of these. Check out this week’s articles to see if you’ve missed any critical steps you should be taking to ensure your employees’ well being and that of your business.

What would happen to your business if your workers were unable to perform their jobs? (Item #1) Here are four reasons that IT executives charged with BC/RM/DR need to consider their employees and operations heavily in their plan. (Item #2) The author discusses four areas of human resource consideration in business continuity planning. (Item #3)

There are three key issue drivers for strategic workforce planning. (Item #4) Are your employees aware of the ethical implications of their actions? (Item #5) If you plan on deploying security cameras in your organization, please communicate with your employees and explain the new initiative to them. (Item #6)

The full issue, as well as back issues, are available at

Tuesday, April 27, 2010

Testing Your Business Continuity Plan

If you haven’t tested your business continuity plan lately, how can you be sure it’s up to date? People may have come and gone or equipment may have changed, and, if so, the plan may not work. It’s important that the plan is tested and people are trained so that, if disaster strikes, your organization will be back up and running with as little down time as possible. This week’s articles look at the challenges and best practices of testing and training.

The key components of an effective Exercise can be broken down into three simple activities. (Item #1) Could you really recover using your plan documentation? (Item #2) In a disaster, would your people be doing what they were trained to do? (Item #3)

Here are 7 steps for developing a business continuity plan which included setting your goals and objectives, and measure your success to ensure your program is tested prior to swinging into action. (Item #4) This article captures thoughts, observations and industry best practices regarding plan testing. (Item #5) The better prepared you are the easier it will be to manage the situation and recover from it quickly. (Item #6)

The entire issue is available at

Monday, April 19, 2010

Social Media Meets Business Continiuity

There’s probably little doubt that employees everywhere are using social media at home and at work. What are they saying? Could it damage your business? If you’re feeling on shaky ground with regard to how to control the situation, this week’s articles could be of assistance, covering everything from the dangers of social media to developing a social media policy.

The major problem that businesses face with social media is control. (Item #1) Whether employees use social media the right way or the wrong way is in no small part up to the executives who lead them. (Item #2) New legal issues with social media arise daily. (Item #3)

If you’re developing a social media policy, these 10 tips should help. (Item #4) You have to control social media usage, but you also need to know how to create value with it. (Item #5) Make sure your social media activities don’t violate federal and state securities laws. (Item #6)

For the entire issue, go to

Wednesday, March 31, 2010

Crisis Communications

Communicating in a crisis is a challenge – what to say, how much, and keeping all parties in touch with each other so that you come out of the crisis intact. The articles this week will examine many of the aspects of crisis communications in order to help you make and/or refine your communication plans.

This white paper examines why companies should develop and implement an on-demand conferencing and collaboration plan that supports business continuity. (Item #1) Here’s how to create an effective one-page communications map for your CEO or other spokesperson. (Item #2) How do you go about selecting a crisis communication system? (Item #3)

In a crisis, you have to be able to communicate the decisions you make to assure business continuity. (Item #4) Media training might be a critical part of your crisis communication strategy. (Item #5) Here’s what you need to know about continuity planning for telecomm systems. (Item #6)

As always, we look forward to hearing about your concerns with regard to business continuity. If you have a topic you’d like to see covered, just let me know.

For the full issue or a look at back issues, go to

Thursday, March 25, 2010

The Unthinkable: Who Survives When Disaster Strikes - and Why

Just finished reading a very enlightening book --- The Unthinkable: Who Survives When Disaster Strikes - and Why by Amanda Ripley

It is a truly insightful look at how real people dealt with real crises. From plane crashes to terrorism to natural disasters. Fight, Flight or Freeze? Hero or Victim? Many people think panic will be the primary reaction, but the facts in this book show otherwise.

Check it out and let me know what you think.

Wednesday, March 24, 2010

Reputation Management

Managing your organization’s reputation is one of the most critical activities today and it’s also labor intensive. You have to build the reputation, manage it, and, if anything bad happens, hope your hard work can recover it. This week’s articles offer some ideas on how to protect that valuable reputation.

Did Toyota wait too long to address its safety issues? (Item #1) The more positive your reputation before a crisis, the more likely you are to survive it. (Item #2) If you don’t control your brand online, someone else surely will. (Item #3)

Who is your organization’s Chief Reputation Officer? (Item #4) It’s critical to pay attention to what search engines tell your potential customers, members or clients. (Item #5) The most important asset you have to protect is your organization’s reputation. (Item #6) 

Read it all at

Tuesday, March 9, 2010

Risk Management

Risk applies to any management decision that could have a negative result. Even with a negative result, the outcome could have been mitigated with good risk management. You need to evaluate – as much as possible -- all the possible results of any decision and determine how risk can be reduced. This week’s articles can help with these efforts.

Simply having the tools and structure may not be enough to insulate your nonprofit from the cold breezes and after-shocks of unmanaged risks. (Item #1) Obtaining an independent review of your volunteer policies before you implement them is an excellent risk management strategy. (Item #2) Managing special event risks requires equal measures of awareness, planning, diligence and team work. (Item #3)

A good Risk Management System will help you reap the rewards of your efforts to set up and run your business. (Item #4) To change the way we think about risk, we must avoid making six mistakes. (Item #5) Data breaches-the theft, loss or unintended exposure of personally identifiable information-have compromised hundreds of millions of personal records in recent years. (Item #6)

The entire issue is available at

Tuesday, March 2, 2010

Shelter in Place

Just a couple of weeks ago, a chemical leak in Pasadena, Texas, forced a Shelter-in-Place (SIP) situation in the surrounding area. This particular SIP order lasted only about four hours, but it could have been worse. At the same time, a gas leak in a San Jose neighborhood also prompted an SIP situation. As you can see, you seldom have any warning of a disruption that can cause you to be ordered to shelter in place. It makes sense, therefore, to be prepared. The following articles can help in your preparations.

There are many difficult aspects of the shelter-in-place process. (Item #1) Here is a general guide for preparing a shelter in place plan in the workplace (Item #2) What must landlord do in the event of an SIP order? (Item #3)

These event-specific guidelines can help in an SIP situation. (Item #4) Portable air cleaners that can filter out toxic gas are making shelter-in-place safe rooms even safer. (Item #5) Our last item is a series to links to supplies of SIP equipment and supplies. (Item #6)

Get the full issue at

Thursday, February 25, 2010

Workplace Violence

Homicide is now the third highest work-related cause of death in the United States. The National Institute of Occupational Safety and Health, in a study of homicides at work from 1980 to 1988, found that homicide accounted for 12% of job-related deaths.

The U.S. Bureau of Labor Statistics reported that homicide was the leading cause of death for women at work, accounting for 42% of on-the-job fatalities. According to the Bureau of Labor Statistics, after motor vehicle incidents, homicide is the leading cause of death in the workplace. The Justice Department reported in 1994 that one-sixth of all violent crimes in the United States occur in the workplace. The statistics tell the story... here's some information that can help you better prepare for and avoid violence at your place of work.

There is a potential for violence in every workplace. (Item #1)   Employers need to be aware they may be liable for injuries caused by workplace violence. (Item #2)   While there's no way to predict workplace violence accurately, there are warning signs that can aid in prevention. (Item #3) 

The two most effective strategies for dealing with a bully who has targeted you are Fight and Flight. (Item #4)   Negligent hiring and negligent retention can put employers at risk. (Item #5)   The Sept. 8 killing of Yale graduate student Annie Lewas another harrowing instance of what authorities called "workplace violence." (Item #6)  

For the whole story, read this week's issue of our NewsBriefs at

Thursday, February 18, 2010

Business Continuity Planning

A business continuity plan won’t protect an organization against all reasons for failure, but it can prepare and protect you against a great many such reasons. Insurance doesn’t protect against everything, either, and you may never have to make a claim. Would you consider running your business without insurance? Probably not. Nor should you fail to have a business continuity plan at the ready – just in case. This week’s articles can help you rethink your business continuity strategies.

This article focuses on three of the most widespread and persistent of myths about the nature of crises. (Item #1) For top management to dedicate funds and resources to contingency planning, more than a demonstrable need must be shown. (Item #2) Are we in danger of forgetting the most important aspect of recovery? (Item #3)

Here’s advice for those faced with developing their first business continuity plan. (Item #4) To avoid becoming a casualty of succession statistics, senior management must come to grips with passing on the assets and management control from one generation to the next. (Item #5) Recessions amplify risks; the absence of a tested plan is much more dangerous in a recession. (Item #6)

Read the complete issue or subscribe at

Wednesday, February 10, 2010

Cyber Serurity Issues

Does it sometimes seem that everything we do today relies on computers and the Internet? Our most important business and personal information, stored on computers, are constantly at risk from cyber attacks. In order to protect yourself and your organization, you have to know what the risks are and what to do about them. This week’s articles can help you defend against such attacks.

You buy insurance, put locks on the doors, and install fire alarms to protect your premises; have you made cyber security the same priority? (Item #1) Here’s a one-stop source for lots of valuable information on cyber crime. (Item #2) A single hacker can cause damage to a large number of computer networks; it can help to improve your cyber security. (Item #3)

Social networks allow phishing schemes to spread rapidly. (Item #4) Cyber-warfare and cyber-attacks have now become a reality; are you ready? (Item #5) Would you know if there was spyware on your computers? (Item #6)

Read this week's issue at

Tuesday, February 2, 2010

Testing and Exercising your Business Continuity Plan

Your business continuity plan may be backed by good technology and written documentation, but unless it's brought out and tested every now and then, there is still a risk that everything may not work as it should when a real emergency does occur. Think of it as a parachute… you have to know you can trust it! The articles below can help you plan, prepare for, and conduct BC exercises.

An exercise’s effectiveness has a direct correlation to the amount of planning and preparation completed beforehand. (Item #1) If your exercise is not uncovering problems, you may not be doing it right. (Item #2) Things will get fairly hectic during a typical large-scale disaster recovery exercise. As an observer, what must you know? (Item #3)

Playing the role of an attacker can make your team better at defense. (Item #4) Looking for a good plot line for your next BCP exercise? (Item #5) There were a number of lessons learned in the three exercises described here. (Item #6)

Read the entire issue at

Tuesday, January 26, 2010

Identity Theft

According to the U.S. Dept. of Justice Statistics, identity theft is passing drug trafficking as the number one crime in the nation. The majority of ID theft criminals are repeat offenders. While there is a lot of variation in the cost of identity theft, one survey estimated that ID in 2005 cost business and consumers $56.6 billion. You may be able to avoid the costs of identity theft by following some of the best practices in this week’s articles.

Financial scams and incidents of medical identity theft are on the rise - and they're among the main threats to business and consumers in 2010. (Item #1) With ID theft on the rise, the onus is on those organizations and departments housing sensitive employee information to improve their data protection. (Item #2) The increase in identity theft has given rise to identity-theft insurance, but is such protection necessary? (Item #3)

How can companies ensure the integrity and security of sensitive customer and employee data? (Item #4) If it is designed and built correctly, your software could end up being one of your most effective countermeasures against most of the common attacks employed by hackers today. (Item #5) Safe information handling practices are critical to keep identifying information out of the hands of thieves. (Item #6)

The full issue is available at

Wednesday, January 20, 2010

Standards for Business Continuity Planning

The development of standards/regulation/regulatory guidance for business continuity management is a relatively new concept. Below we present information on some emerging and existing standards that may help you in the formulation of your business continuity plan.

ASIS Online has begun work to produce a Business Continuity Management (BCM) standard, for approval by ANSI. (Item #1) This case study focusing on BS 25999 shows how standards can help your business. (Item #2) BC program to meet the requirements of either the BS 25999 or the NFPA 1600 standards is an effective way to ensure that your program will have world class potential. (Item #3)

How long the U.S. and other countries with non-mandatory business continuity management standards will be able to voluntarily comply is up to market forces. (Item #4) Not exactly a standard, OSHA says, but guidance on planning for a pandemic. (Item #5) GLBA applies specifically to financial institutions, but its provisions already have been adopted by many types of companies in the private sector. (Item #6)

Read the entire issue at