2007 04 global assurance magazine

April 2007 • Volume 4 • Issue 4

How to Becomea TrustedStategic Advisor

National News • International News • Products • Partnerships • Movers & Shakers

Where business continuity, security and emergency management converge.

Also…

Pandemic Planning

Taking the Fear Out of BC Exercises

How to Becomea TrustedStategic Advisor

2 | CPM-GA April 2007

GlobalAssurance

F E AT U R E S

3 Maintaining MomentumStaying ahead in pandemic planning

10 Taking the Fear Out of BCExercisesPart III: Excercise with confidence

17 How to Become a TrustedStrategic AdvisorThe eight disciplines: Part I

IN THIS ISSUE…3

15

CPM-Global Assurance is a monthly subscription-based newsletter. It addresses the strategic integration of business continuity, security, emergency management, riskmanagement, compliance and auditing to ensure continuity of operations in business andgovernment — all within the context of good corporate governance. To subscribe to thisunique resource, please fill out and fax back the subscription coupon on the back page.

CPM-Global Assurance (ISSN #1547-8904) is published monthly by The CPM Group, 3141 Fairview ParkDr., Suite 777, Falls Church, VA 22042.

© Entire contents copyright 2007. No portion of this publication may be reproduced in any form with-out written permission of the editor. Views expressed by the bylined contributors and sources citedshould not be construed as reflecting the opinions and/or advice of this publication. Publication ofproduct/service information should not be deemed as a recommendation by the editor. Editorial con-tributions are accepted from the contingency planning community. Contact the editor for details.Product/service information should be submitted in accordance with guidelines available from the edi-tor. Editorial closing date is two months prior to the month of publication.

The CPM Group publishes CPM-Global Assurance and produces the CPM trade shows. Printed in the USA.

Editor in Chief:DEVEN KICHLINE

[email protected]

Group Publisher:RUSSELL LINDSAY

[email protected]

Director, Event Planning & Marketing:KRISTIE O'KEEFE

[email protected]

Manager, Event Planning & Marketing: COURTNEY WITTER

[email protected]

CPM-GlobalAssurance Contacts

National News . . . . . . . . . . . 6

Movers & Shakers . . . . . . . . 7

Partnerships . . . . . . . . . . . . . 9

International News . . . . . . . . . 13

Products . . . . . . . . . . . . . . . 21

CPM 2007 WEST . . . . . . . 23

D E P A R T M E N T S

The CPM Group3141 Fairview Park Dr., Suite 777

Falls Church, VA 22042www.contingencyplanning.com

Fax: 609-397-5520

Exhibit Sales/List Rentals: BRAD LEWIS

[email protected]

www.ContingencyPlanning.com | 3

MaintainingMomentum

Staying ahead in pandemic planning

By Greg Stenmoe and Marie Johnson, CBCP

Pandemic influenza will not discriminate. If it hits, it willhit hard. Every business and every organization, along

with its most valuable players, will battle the sudden, relent-less impact for as long as an outbreak spreads and sustains.

Statistics projecting estimates of human illness anddeaths by state or on a national scale, based on previouspandemics such as the Spanish Flu of 1918, have been some-what exhausted in media reports. At one time, inundatedwith news of potential cases of “bird flu,” family planningtips and worst-case scenarios (sans an actual pandemicarrival), all the world stood watching … waiting. Yet today,the average person is at best familiar with basic terminologyand now is either inattentive, skeptical or becoming increas-ingly less informed.

Business continuity planners must avoid letting the public’scomplacency and signs of “pandemic fatigue” influence thefocus and speed of progress invested in comprehensivepreparation and planning.

A PANDEMIC IS SERIOUS BUSINESSThe second of two national pandemic summits hosted bythe Center for Infectious Disease Research and Policy(CIDRAP) took place in February 2007 and involved


numerous major corporations and leaders from across theUnited States. The conclusion that resulted from days of discus-sion proved to be promising. Organizers confirmed that thoseclosely involved in planning for a global pandemic event are, infact, taking the issue very seriously.

While any progress in pandemic planning is a step in theright direction, there remain so many uncertainties associatedwith how an event of this nature will materialize. Developing asolid business continuity plan is a logical first step for industryprofessionals, but it is only one piece of an intricate puzzle.

The true effectiveness of any business continuity plan will bemeasured by its ability to extend scope beyond accounting forthe survivability of just one individual entity and its internaloperations. Business continuity managers must also proactivelyintegrate consideration of external factors – the dynamics ofcross-sector communication; the overall impact of governmen-tal authority; and the value of coordinating efforts, before anycrisis, with government agencies, nonprofits and other business-es, not excluding direct competitors.

WHO DOES WHAT AND WHEN?In the event of a pandemic catastrophe, government, publicand private sectors will play reciprocal roles to one another.Government will rely on businesses to communicate key mes-sages to employees. Businesses will look to the government forclarification on governmental authority. And nonprofits willseek partnerships with government and businesses to helpdefine vulnerable populations during time of crisis.

Eighty-five percent of our nation’s infrastructure is owned bythe private sector. In the event of a pandemic, businesses willlook to local, state and federal governments for guidance onanswers to many questions: Who is responsible for closingschools? Can company headquarters serve as a communityhospital? When and how will employees be quarantined?

The government has sweeping authority to place restrictionson certain activities, such as travel and the flow of goods, aswell as to make use of private business facilities, personnel andservices in the event of a declared emergency.

Additionally, businesses will be regularly employed by gov-ernment to disseminate important information to employees.Large employers will be of particular value since they offeraccess to wider audiences, though small and mid-size compa-nies should not be overlooked. Key messages will need to beconsistent and clear at every opportunity, whether the topic isgovernment quarantines or merely a reminder of how to prac-tice safe hygiene in the workplace.

The business sector’s role in communication is critical whenconsidering what will be needed by government; however,there are other ways that businesses can and should collaborateexternally on issues related to pandemic planning. In particular,the development of inter-company planning groups, compris-ing several disaster recovery and business continuity profes-sionals from different companies and industries, offers excep-tional benefit through the sharing of varying industry perspec-

tives on “what if” scenarios. In addition, inter-company plan-ning presents an avenue for strengthening cross-sector rela-tionships, where local and state governments can participateand utilize the opportunity for introducing top business lead-ers to key emergency management officials and the essentialfunctions of related agencies, such as local departments ofhealth and public safety.

With regard to the role of nonprofits, service organizationswill be challenged with providing emergency assistance tovulnerable populations. Resources will likely be over-whelmed, so business and government support will be cru-cial. Faith-based organizations will act similarly, in additionto serving as a source for spiritual healing and comfort.

The continuing devastation of Hurricane Katrina, as wellas painful memories of 9/11, provides a unique and unex-pected opportunity to learn by way of example. The valueof communicating and coordinating efforts today is obviouswhen taking into consideration the distinct roles of govern-ment, business and nonprofit entities during a potential pan-demic, catastrophic event. Developing mutually beneficialrelationships among these various sectors of our communi-ties, along with increased understanding of how each intendsto function, will serve to strengthen and unify all efforts forsociety’s greater good. Business continuity planners need tomake this an immediate top priority.

EVALUATING THE POTENTIAL FOR LIABILITYComprehensive pre-planning involving cross-sector commu-nication and coordination will certainly help to mitigatesome risk for any company or organization during a pan-demic catastrophe. However, another equally importantcomponent to business continuity planning is thoroughknowledge of the potential legal issues implicated by pan-demic influenza.

A pandemic will be like nothing we have ever seen before.We cannot predict its onset or outcome, yet the responsibil-ity of arming businesses against potential liabilities will restwith those heavily involved in business continuity planningand risk management.

Multitudes of legal issues threaten business. Continuityplanners should become familiar with applicable laws andfirst carefully update all human resource policies.

In a pandemic catastrophe, human resource managementwill be challenged by employee impact immediately atonset. Up to 30 percent to 40 percent of the workforcecould be out sick, so who will come to work?

Employees may either become infected with the dreadedH5N1 avian influenza virus or be justifiably concernedabout the health and well-being of their families. Some willstay home because of illness while others will arrive at theoffice out of economic necessity. No two situations will bealike. “What if” scenarios must be looked at from every angleand addressed through desired protocol.

Sick-leave policies, for example, need to cover situations


ranging from sending employees home to handling cases ofexcessive use or abuse of sick-leave time. Quarantines areanother important consideration.

There will be wage and hour issues involving both thosebusinesses relatively unaffected by the pandemic event and,conversely, those identified as having critical function. Thesebusinesses will meet with sudden high demand and most like-ly will require employees to work overtime. If not built into thebusiness continuity plan in advance, compensating for overtimecould be a costly scenario.

How will discrimination apply in the event of a pandemic? Itis illegal to discriminate against an individual based on a dis-ability, but it is also illegal to discriminate on the basis of a per-ception of a disability. If an employee is perceived to have con-tracted pandemic influenza, and the individual is fired or notpermitted to enter the workplace, is this a case of disability dis-crimination? Likewise, is it a violation of these same laws toinquire about whether or not an employee is ill?

When upper management is aware of personal illnesses, pri-vacy issues will arise as organizations try to walk a fine linebetween protecting the anonymity of employees who are sickand informing public health officials or law enforcement. TheHealth Insurance Portability and Accountability Act (HIPAA)applies protection to an individual’s medical health history withlimited exceptions.

Employers are required by law – specifically through theOccupational Safety and Health Administration (OSHA) – tomaintain a safe work environment. Business continuity expertsneed to be familiar with how OSHA laws apply to instances oftraveling for business, on-site contamination by an ill employeeand other worst-case scenarios.

How will the Worker Adjustment and Retraining NotificationAct (WARN) apply? Federal law requires that government andemployees be given a 60-day advance notice of any facilityclosings or mass layoffs, with the exception of natural disastersand unforeseeable business circumstances. Under current caselaw, a pandemic is not considered a natural disaster and it isunclear if it can be defined as an “unforeseeable business cir-cumstance.”

In addition to addressing human resource managementissues, it is critical to examine insurance policies for loopholes,gaps and exclusions. Is there coverage for business interruption,government quarantines or worker’s compensation issues?

No doubt, there are a multitude of scenarios to considerwhen reviewing internal policies and procedures for potentialemployer liabilities. Amendments that compensate for theunpredictability of a pandemic event will be essential. In addi-tion, it is important to understand that current laws and regu-lations may, in fact, conflict with one another. For example, thenew OSHA guidelines, released in February 2007, appear toimpose obligations or make recommendations that could con-flict with other laws and regulations. Business continuity plan-ners should pay attention to changes in law, such as the manda-tory paid sick-leave legislation that recently took affect in San

Francisco and is being considered by several other states. Legalscholars have already predicted this issue will lead to increasedlegal claims based on cases of employer ignorance or misinter-pretation of the law. These legal developments could prove rel-evant during a pandemic catastrophe.

NO JUSTIFICATION FOR TOO LITTLE, TOO LATEThe reality is that the threat of pandemic influenza is still asreal as ever, and there will continue to be many unresolvedissues associated with it – until the nation is forced to endurean event of this nature. Regardless of public disinterest or igno-rance, business continuity managers must continue to push for-ward, remaining proactive in developing comprehensive plans.Today’s focus, however, must shift away from individual plan-ning for the survival of one business or organization to a con-tinuity plan of broader scope. External factors, such as govern-mental authority and the roles of other sectors, will have greatimpact in a time of chaos. Building relationships between gov-ernment, business and nonprofit entities and working togetherto communicate and coordinate efforts should become keyobjectives. Otherwise, the legal implications of inconclusiveplanning will be felt soon enough. There will be no justificationfor poor planning when so much of our existence is at stake.

About the AuthorsGreg Stenmoe is a senior litigator in the labor and employment sec-tion at Twin Cities-based Briggs and Morgan, P.A. He speaks fre-quently about the legal issues implicated by pandemic influenza inhuman resource management, business planning and governmentalauthority. Marie Johnson, CBCP, is president of the BusinessContinuity Planners Association (BCPA). She has worked in the busi-ness continuity industry for eight years at top companies, such asErnst & Young and U.S. Bancorp, before taking on her current roleas senior manager of business continuity management for AmeripriseFinancial. In October 2006, Stenmoe and Johnson co-founded a pan-demic summit, along with the State of Minnesota, that successfullybrought together leaders from all over Minnesota to discuss cross-sec-tor coordination and communication for the first time. Questions andcomments may be directed to [email protected].

Want More?Still looking for more updates on pandemic

planning? Get all the latest by logging

on to www.contingencyplanning.com.

We’ve got you covered.

NATIONAL NEWSDHS AWARDS $8.8 MILLION FOREXPLORATORY RESEARCH ONADVANCED NUCLEAR DETECTIONTECHNOLOGYThe U.S. Department of HomelandSecurity’s (DHS) Domestic NuclearDetection Office (DNDO) recentlyannounced 10 contract awards totaling $8.8million to nine companies that will performexploratory research in advanced nucleardetection technology. The ExploratoryResearch Program is designed to transformnuclear detection technology by fundingaggressive research and development that isunconstrained by pre-existing user expecta-tions and initial technical risks.

The nine companies selected are: AlliantTechsystems Inc., Mission Research Division;Canberra; EIC Laboratories Inc.; GeneralElectric Global Research Center (twoawards); Physical Optics Corporation;Radiation Monitoring Devices Inc.; RapiscanSystems Corporation; Science ApplicationsInternational Corporation (SAIC); andWestinghouse Electric Company.

Each contract consists of multiple phas-es, including an advanced technologydemonstration, before potentially transi-tioning to a systems development andacquisition program. Successful technolo-gies will be deployed to provide port-of-entry (POE) and non-POE radiologicaland nuclear detection capability.

Earlier this year, DHS announced theaward of Exploratory ResearchCooperative Agreements with Academiatotaling approximately $3.1 million tomake significant advances in basicnuclear detection technology. Seven uni-versities were awarded cooperativeagreements: California Institute ofTechnology, Florida Institute ofTechnology, Rensselaer PolytechnicInstitute, State University of New York atStony Brook, University of Michigan,University of Nebraska at Lincoln andWashington University.

— DHS

DHS PROVIDES FIRST RESPONDERS$34.6 MILLION IN EQUIPMENT,TRAINING PROGRAMSThe U.S. Department of HomelandSecurity (DHS) has announced the awardof $34.6 million in equipment and train-ing to first responders across the nationas a part of the fiscal year 2006Commercial Equipment DirectAssistance Program (CEDAP). DHSawarded more than 2,000 direct assis-tance grants to ensure that law enforce-ment and emergency responders receivespecialized equipment and training tomeet their homeland security mission.

“CEDAP is yet another mechanism forthe department to work with our localhomeland security partners in strengthen-ing this nation’s ability to prevent, pro-tect, respond and recover from a naturaldisaster or terrorist attack,” says UnderSecretary for Preparedness GeorgeForesman. “This program enhances stateand local communities’ capabilities aswell as arms their first responders withthe tools to build stronger regional coor-dination.”

CEDAP offers equipment in the fol-lowing categories:• personal protective equipment; • thermal imaging, night vision and video

surveillance tools; • chemical and biological detection tools; • information technology and risk man-

agement tools; and • interoperable communications equip-

ment.

This program also focuses on smallercommunities and metropolitan areas noteligible for the Urban Areas SecurityInitiative grant program. Awardees arerequired to receive training on theirawarded equipment either on-site or at aCEDAP training conference.

DHS has provided more than $69.7million in equipment and training to lawenforcement and fire departments

through CEDAP since the program’sinception in 2005

— DHS

WORST SECURITY THREATS:HACKERS AND VIRUS PROTECTION Network security is regarded by execu-tives as the single most important attrib-ute of their network, according to theresults of a global survey conducted bythe Economist Intelligence Unit (EIU) forAT&T. The research reveals that a major-ity of executives (52 percent) nowbelieve that having a converged networkgives their companies better defenseagainst IT security breaches. Furthermore,nearly 70 percent feel that IP helpsensure business continuity following anemergency.

The survey of 395 senior executives,called “Network Security: ProtectingProductivity,” also shows that, at thesame time, network security concernsremain at the top of the list of barriers toimplementing a converged IP network. IPconvergence, although it may increasevulnerability in some ways, promises totake the network defenses to new levelsof sophistication and reliability. Today,organizations are equipped with incom-parably better tools to protect the net-work than they were even in the late1990s.

The EIU white paper shows that,increasingly, executives feel especiallyconcerned about the growing volumes ofcustomer data they hold and manipulate,and 45 percent say that the holding ofsensitive customer data on their networkmakes them feel “extremely” vulnerablefrom an electronic security perspective.Another 41 percent say the process ofanalyzing and acting upon detailed cus-tomer data also significantly increasestheir vulnerability.

Among the worst security threats citedby nearly half (49 percent) of executivesis hackers. Protecting against viruses and

GlobalAssurance



worms also remains top of mind for com-panies but emerging as one of the mostfeared threats is identity theft – men-tioned by one-third of executives – andtheir concerns are set to rise over thenext three years.

The EIU research has also highlightedthe importance of the chief security offi-cer (CSO), and although typically theCEO remains the primary decision-maker for electronic security decision(with the exception in Europe where theCIO is more likely to hold this role), therole of the CSO is rising, with 12 percentof companies confirming this as the maindecision-maker.

“Security is becoming more and moreimportant in today’s collaborative envi-

ronment,” says Lloyd Salvage, AT&T’svice president in the UK. “We are con-stantly talking to our customers and help-ing them to re-evaluate their require-ments to ensure that their businesses areadequately protected at all times.”

The white paper is the second of aseries of thought-leadership papers in theNetwork Convergence series written byAT&T in cooperation with the EIU.Subsequent papers in the series willexplore how companies are addressingthe challenges of managing applicationsintegration and enterprise mobility.

As part of the research for the paper,the EIU conducted an online worldwidesurvey of 395 senior executives across 51countries and more than 20 industries.

The majority of respondents came fromWestern Europe (32 percent), Asia Pacific(30 percent), and North America (30percent). Other respondents came fromEastern Europe, Latin America, theMiddle East and Africa. 63 percent ofthose polled hailed from large firms withannual revenue of more than $500 mil-lion. The top five industry sectors repre-sented by the survey respondents wereprofessional services, financial services,manufacturing, IT and technology andhealthcare, biotechnology and pharma-ceuticals. In addition to the surveyresearch, the EIU conducted a series ofone-to-one in-depth interviews with sen-ior executives and analysts.

— AT&T

FORMER CA SENIOR VP TO LEADAPPLICATION SECURITY Application Security Inc., New York, N.Y.,a provider of database security solutions,announces the appointment of TobyWeiss as president and CEO. JackHembrough has been elevated to theposition of Chairman of the Board after asuccessful leadership run of more thanfour years.

“A combination of mounting regulatorypressures, increasingly focused and pro-fessional cybercrime and technologyadvancements have driven demand fordata security over the last year,” Weisssays. “With enterprise information assetsincreasingly under attack in 2006 and2007, demand for database security hasnever been stronger.”

Weiss takes the reins after continuedgrowth across key verticals includingfinancial services, retail, telecommunica-tions, healthcare, education and govern-ment with a customer base of more than700 customers globally.

Weiss joins the company from CA,

Islandia, N.Y., a leading information tech-nology management software company,where he held several senior manage-ment positions. He was most recently thesenior vice president and general manag-er for CA’s security management businessunit where he was responsible for thedevelopment, strategy, product manage-ment, marketing and support for severalaward-winning security product suites.During his tenure with CA, Weiss alsoserved as a senior vice president respon-sible for managing the regional businessincluding sales, support and administra-tion for several areas in the Asia-Pacificregion.

“With the recent trend toward out-sourcing data repositories and financialservices operations, the need to monitordatabase activity and identify potentialissues is more vital than ever to maintain-ing corporate reputations and consumerconfidence,” says Weiss.”

— Application Security Inc.

SARUBBI NAMED DIRECTOR OFFEMA’S REGION III

Jonathan D. Sarubbi has been appoint-ed regional director of Region III inPhiladelphia for the Department ofHomeland Security’s Federal EmergencyManagement Agency (FEMA).

Sarubbi, who officially joined FEMA onMarch 18, will be responsible for coordi-nating FEMA mitigation, preparednessand disaster response and recovery activ-ities in Pennsylvania, West Virginia,Maryland, Delaware, Virginia and theDistrict of Columbia.

“Part of my vision for the new FEMA isbuilding a strong team of leaders withdecades of emergency management andother related experience,” says FEMADirector David Paulison. “With Jon’sappointment, we now have permanentdirectors in all 10 regions of the country.He has a great background in crisis man-agement, program management andhomeland security, as well as knowledgeof government safety, security and envi-ronmental regulations.”

MOVERS & SHAKERSGlobalAssurance


Prior to joining FEMA, Sarubbi wasvice president of marine operations forthe International Registries, Maritime andCorporate Administrators of the Republicof the Marshall Islands. During a 26-yearU.S. Coast Guard career that ended in2005, he held a variety of leadershippositions and directed strategic planning,day-to-day operations, training, exercisesand logistics and managed multi-million-dollar budgets and Coast Guard facilitiesand property.

Sarubbi served as federal maritimesecurity coordinator for easternPennsylvania, southern New Jersey andDelaware and coordinated maritimehomeland security operations. Heworked with federal, state and local lawenforcement and first-responder commu-nities to gather and evaluate intelligence,conduct security boardings and harborpatrols, draft and exercise contingencyplans and prepare for and respond to ter-rorist incidents.

— FEMA

RESEARCH ANALYSTS, SALESDIRECTOR JOIN TABB GROUPTABB Group, a financial markets

research, advisory and crisis managementfirm with offices in New York,Massachusetts and Washington, D.C., hasannounced the addition of two researchanalysts and a sales director to meet cur-rent customer demands and position thecompany for continued growth in 2007in the United States and Europe.

The new staff includes Cliff Webster, asenior analyst in the crisis and continuityservices practice; Anthony Servidio Jr.,director of sales; and Cheyenne Morgan,an analyst in the securities and capitalmarkets practice.

Webster, an expert in process analysis,contingency planning and risk and threatassessments, as well as exercise develop-ment and implementation, will workdirectly with financial institutions, inter-national development organizations andprivate sector clients. He comes to TABBafter six years as an associate at BoozAllen Hamilton where he managed ana-lytical projects for clients in the defense,intelligence and public policy community.Before Booz Allen Hamilton, he workedwith Northrop Grumman and SAIC pro-viding consulting services in the areas ofinternational security.

Servidio joins TABB from SAVVISCommunications in New York where as aglobal account manager he was responsi-ble for sales and management of 10 oftheir top 100 customers, selling IP-centricsolution sales of private networks, VPRN,VoIP, client connectivity extranets, collo-cation, hosting, BCP and security services.From 2002 to 2004, he was a globalaccount executive at Moneyline Teleratein New York selling SAVVIS networkservices and promoting solutions tohedge funds.

Morgan, who will handle the soon-to-be-released TABB Liquidity Index cover-ing pricing information for all of theECNs, exchanges and dark pools, servedas an analyst at Markit Group Ltd. inNew York working on bringing trans-parency and efficiency into the syndicat-ed loan business by collecting daily pric-ing data from banks, hedge funds andinstitutional investors, as well as conduct-ing market research on the loan industry.Prior to Markit, she was at SumitomoTrust and Banking, Ltd. where sheworked in the corporate investment man-agement group.

— TABB Group

GlobalAssurance Movers & Shakers

The World at Your FingertipsWant the latest breaking business continuity news stories when it’s convenient for you? Look no further than

www.ContingencyPlanning.com. Exclusive Web updates are added every weekday to ensure you don’t miss a step.

Log on today and get up to speed.

www.ContingencyPlanning.com


PARTNERSHIPSAGREEMENT TO SUPPLEMENTEMERGENCY AIR RESPONSESERVICE Frisco, Texas-based Business ContinuityPlanning Inc. has entered into an agree-ment with a subsidiary of TenetHealthcare Corporation, Santa Barbara,Calif., to provide dedicated emergencyair response aircraft support anchoredon the West Coast.

Business Continuity Planning, a sub-sidiary of XGL, will provide supplemen-tal emergency air response servicesthrough its Aviation Logistics EmergencyResponse Team (ALERT) program forTenet’s West Coast hospitals in the eventof a major emergency event.

This is the second contract betweenthe two companies for this service.Tenet hospitals in the southeastern partof the United States are served by a sim-ilar contract entered into in the fall of2006.

ALERT puts in place dedicated, pre-positioned assets to fulfill the aviationcomponent of Tenet’s emergency anddisaster planning strategies. The pro-gram delivers systems necessary to helpmaintain business continuity throughemergency airlift, expedited cargo andrelated communications infrastructurefor the duration of the contract.

“Tenet has several advance-planningresponse contracts in place as part oftheir disaster and preparedness planningstrategy,” says Jeff Young, BusinessContinuity Planning’s director of newbusiness development. “Their hospitalsserve as first responders in the commu-nities they serve during emergencies,and we are pleased that the company’smanagement has taken an active role tomanage events before they happen.”

Launched in 2006, ALERT evolvedfrom the response provided by its par-ent company following major natural orman-made business interruptions.During the massive 2005 hurricane

cycle, for example, the companyresponded quickly to mobilize rotary-wing (helicopter) assets, fixed-wing (pri-vate jet) assets, forward operating teamsand real-time field based communica-tions.

“ALERT is for direct response to situa-tions just like those experienced by somany in the fall of 2005,” says Young.“Our contracts with Tenet are the resultof two teams coming together and refin-ing a plan to provide backup mission-critical support during times of emer-gency when traditional modes of trans-portation and routes are unavailable.”

Advance contracts like the ALERTprogram can assure that business sectorssuch as healthcare, energy generationand other essential services can focus oneach organization’s core competencies,says Young. “The ALERT program isdesigned to reduce response time forcustomers,” he says. “The goal is toaccelerate the return to normalcy.”

— Business Continuity Planning Inc.;Tenet Healthcare Corporation

PARTNERSHIP DELIVERS VIRTUALINFRASTRUCTURE SECURITY Virtual Iron Software, Lowell, Mass., aprovider of server virtualization and vir-tual infrastructure management softwaresolutions, and Atlanta-based ReflexSecurity Inc., a provider of networkintrusion prevention, will deliver ReflexSecurity’s Reflex Virtual SecurityAppliance (VSA) specifically designedfor Virtual Iron’s virtual infrastructureenvironment.

Operating as a virtualized applianceinside the virtualized environment,Reflex VSA transcends the limitations oftraditional network security approachesto detect and mitigate threats betweenvirtual hosts and networks.

Virtual Iron is an enterprise-class serv-er virtualization and virtual infrastruc-ture management platform that delivers

capabilities for primary virtualization usecases including server consolidation,development/test/staging environments,rapid provisioning, virtual appliances,business continuity, dynamic capacitymanagement and policy-based automa-tion.

Reflex VSA is a virtual intrusion pre-vention solution for virtualized networkenvironments. Tailored to enterprisesusing Virtual Iron for server and net-work consolidation, Reflex VSA adds alayer of protection inside the virtualizednetwork, detecting and preventingthreats such as DoS attacks, virus andworm propagation and access violations.

“Virtual networks are very attractiveto our enterprise customers as theyreduce server proliferation, increase uti-lization, and simplify IT infrastructure,”says Bob Darabant, EVP of sales andmarketing of Reflex Security. “As cus-tomers expand their consolidationefforts to more mission-critical applica-tions, they require a security solutionspecifically designed to detect and pre-vent attacks within virtualized servers.Reflex VSA assures that enterprises havecomprehensive IPS protection, whileenjoying the reliability and cost-savingsof enterprise-class virtual infrastructure.”

“Traditional security solutions oftenrequire additional hardware and theinstallation of complex applications,”says Mike Grandinetti, chief marketingofficer at Virtual Iron. “Our customersare deploying Virtual Iron to simplifytheir data centers and reduce hardwareand operational expenses.”

General availability of the joint VirtualIron/Reflex Security virtual appliance isplanned for the second quarter of thisyear. It will be available for free viadownload on Virtual Iron’s VirtualAppliance Exchange and at ReflexSecurity’s Web site.

— Virtual Iron Software Inc.; Reflex Security Inc.

GlobalAssurance


Conducting business continuity exercises is an extensiveprocess. Previously in this series, an outline was presented

as to how many exercises to perform annually, what types ofexercises there are, and how to schedule them. The teams need-ed to execute an effective exercise were also discussed. And anexplanation was provided as to how to work with an exercisedesign team, how to set goals and objectives and how to createrealistic scenarios.

The exercise documentation should be produced at thispoint, along with a fully detailed scenario with expected resultsoutlined. Orientation meetings with the simulation and observa-tion teams should also be completed, with the teams under-standing their roles and how to role-play their parts during theexercise. In addition, you should have had a meeting with theexercise assistant and set expectations.

With all the preparation behind you, it’s time to execute yourexercise plan. This article, Part III in this series, is written for amock disaster scenario lasting four hours.

STEP 1: PRODUCE FINAL DOCUMENTATION ANDHANDOUTS

Taking the FearOut of BC

Exercises: ABlueprint for

SuccessPart III: Excercise with confidence

By Telva Chase

Exercises are expensive to run and need to be prepared for tothe last, minute detail. Others will not feel the same about theexercise as you do, so ensure that you have everything copied,collated and ready to go 24 hours in advance. Because theexercise is run based on “timings” it’s critical that the exerciseis not delayed, least of all because you are not prepared tostart on time.

Send appointment reminders to all participants with a list ofequipment (laptops, cell phones, pagers, etc.) and items (plans,disaster kits, etc.) to bring to the exercise. Stress the impor-tance of being on time. If a critical participant alerts you thatthey will not be able to participate, you will need to adjustyour documentation.

Recovery Team Guidelines: Check for accuracy of names,dates and times, opening scenario, communications directoryand instructions. Double-check that cell phone numbers on thecommunications directory are correct. Make enough copies forthose invited to participate, plus a few extras.

Simulation Team Handout: Go through the fully detailed sce-nario for the simulation team to use during the exercise. Youshould already have conducted an orientation with the team


and made final edits to the document. Make enough copies forthe team in the event they do not bring one with them.

Observation Team Form: Ensure that the scenario and timingsmatch the simulation team handout. Go through the section on“expected results.” Make any necessary last-minute correctionsand print enough copies for your evaluators.

Participant Evaluation Form: Prepare an evaluation form to giveexercise participants. Be sure to provide a place to check off ifthe participant was included on simulation, recovery or obser-vation teams. Ask for their name if you like, but make it option-al. Provide a maximum of 10 questions or statements forresponse; keeping the form short will encourage more feed-back. After each statement, provide a scale so that the partici-pant may indicate their answers. Provide a “comments” sectionat the beginning or end of the survey so that participants maywrite additional comments. Make enough copies for everyonein attendance. A participant evaluation form statement maylook like the following:

1. The goal of the exercise was achieved.1 2 3 4 5

Disagree Agree

Other questions/statements to consider including in the eval-uation for comment are:• The business continuity plan written for my business function

was helpful during the exercise.• My business unit was utilized appropriately throughout the

exercise.• Communication during the exercise was effective and appro-

priate.• Emergency procedures are known and understood by my

team.• What did you like best/least about participating in today’s

exercise?• How can the exercise be improved?• What surprised you about the exercise?

Messages and Cue Cards: It may be necessary to print out mes-sages, one to a page, separate from the simulation team hand-out. Anyone from the simulation team or the exercise assistantmay need to read aloud or hand a person on the recovery teama message during the exercise that either adds or changes theinformation already given as part of the scenario. These mes-sages need to be coordinated and managed throughout theexercise in a timely fashion. Here are a few examples:

Name Tents or Nametags: Name tents or nametags need to beprepared if the exercise is large. Also use nametags for simula-tion team members role-playing someone other than them-selves. Have these printed and ready to go so you are not wait-ing for people to fill out nametags upon arrival.

STEP 2: LAST-MINUTE PREPARATIONS Unless you have help on the day of the exercise, it’s easier tocollate all materials before arriving on site. Depending whetheror not there is assigned seating in the recovery room, you maywant to include nametags or name tents in each package.When gathering materials for the packages:• Recovery team participants should receive the recovery team

guidelines and an evaluation form.• Simulation team members should receive the recovery team

guidelines, a simulation team handout and an evaluationform.

• Observation team members should receive the recovery teamguidelines, an observation team form and an evaluation form.

• The exercise assistant should receive a copy of everything.

Pack everything you will need to conduct the exercise,including the following items you may have forgotten:

• A bell, flag or other signaling device to stop the exercise ifneed be.

• A fully charged cell phone or BlackBerry, along with thecharger.

• Copies of plans that will be tested; you may need to refer tothem during the exercise.

• Any audio/visual materials that will be used (radio/TVannouncements, maps, photos, etc.).

If you are traveling to the facility by air, pack all the abovematerials in your carry-on luggage, or have someone on siteprepare the materials and have them waiting for you uponyour arrival. You don’t want the exercise to be delayed becauseyour luggage is missing – along with all the exercise materials.

STEP 3: ARRIVE AND SET THE TONEArrive early – at least one hour before the exercise – andensure that the rooms (one for the recovery team and one forthe simulation team), furniture and equipment setup is correct.Coordinate with the exercise assistant to ensure thatmeals/drinks are scheduled for delivery.


Have the exercise assistant help with handouts, nametents/nametags, flipcharts, markers, tablets, pencils/pens andchairs. Ensure that he or she understands how messages andcue cards are to be delivered. If there are participants that needto be grouped together for whatever reason, assure that thereis a designated area(s) for them.

Greet each participant as they arrive at the door. This helpsto put everyone at ease. If there is assigned seating, point eachperson to their location. Food and drink should be available ifthe exercise spans more than a four-hour time period. At min-imum, water and snacks should be in each room.

And begin exactly on time.

STEP 4: PARTICIPANT ORIENTATIONUsing the recovery team guidelines document, go through theinstructions, expectations, goals and objectives and how to usethe communications directory. Give the participants the open-ing scenario at the very end and answer any questions you can.This step should take about 25 minutes.

STEP 5: DISMISS SIMULATION TEAMDismiss the simulation team to their room five minutes beforeexercise is to begin. They will interact with the recovery teamby phone and in person, depending on the scenario.

STEP 6: CONDUCT THE EXERCISERing the bell or wave the flag, and write the date and time onthe board or flipchart, or use a projector. Announce the nextpiece of the scenario (by messenger, cue card or radio/TVannouncement.

Observe the activity; if the recovery team needs assistance tobegin, ask a few questions to get them started.

Stop the exercise whenever you progress time within the sce-nario to make an announcement. Allow participants to have a15-minute break. Terminate the exercise on time. This stepshould last a little longer than two hours.

STEP 7: EVALUATION AND FEEDBACKAt the conclusion of the exercise, invite the simulation teamback to the recovery room for a feedback session, whichshould last about an hour. Do this immediately following theexercise while everything is still fresh in the participants’ minds.It’s usually best to ask for feedback (write this on a flipchart)within set parameters. Have participants complete their evalu-ation forms during this hour.

For example, ask that each person name three things theythought went well and three things that could be improved.Limit each comment to less than two minutes. Leave enoughtime (five minutes) at the end of the session to summarize asthe facilitator. As the exercise assistant makes notes on theflipchart, each item can then be checked each time the samecomment is made.

Preface all feedback with a statement that any derogatorycomments should not include anyone’s name but “we” shouldbe used. For example, encourage participants to say somethinglike, “We could have done a better job of contacting all employ-ees.” If a positive comment is made, then by all means, givecredit to the person receiving the compliment. For example,“Jill was a great leader. She communicated effectively with herteam.” Assure participants that the feedback session will be apositive experience.

Allow feedback to happen in this order, without open discus-sion:• Facilitator• Observation team• Simulation team• Recovery team

Ask for and collect written evaluations. As the facilitator,quickly glean all areas for improvement, and identify plans andresponsible parties for action items. Agree upon due dates andreview dates, and have the exercise assistant write all actionitems on a flipchart or board. Thank everyone for participating.Finally, let the group know when the report will be publishedand distributed.

Following these steps will help provide a well-organized,effective exercise resulting in updated and improved businesscontinuity plans and a corporation that is prepared to handleany type of incident or emergency.

Don’t miss Taking the Fear Out of BC Exercises: ABlueprint for Success, Part IV: Enhance, Improve,Succeed, in next month’s issue of CPM-GlobalAssurance.

About the AuthorTelva Chase has more than 27 years of software engineering andseven years of full-time BC/DR experience. In 2002, she createdand currently is the director of the business continuity program officefor Thomson Scientific & Healthcare (www.thomson.com). Questionsand comments may be directed to [email protected].

For even more tips on conducting

effective BC exercises, check out tips from the

experts being offered at

CPM 2007 WEST in Las Vegas May 22-24.

See page 23 for more info, or log

on to www.contingencyplanningexpo.com.


INDONESIA ALLOTS $1 BILLION TOPREVENT FLOODSIndonesia has earmarked more than $1billion to prevent flooding in the capitalwhere an inundation earlier this yearkilled dozens. The flooding in Februaryfollowing monsoon downpours killed 85people across Indonesia, displacedaround 340,000 and paralyzed Jakarta,a city of about 12 million people.

It led to searing criticism of flood pre-vention measures as foul-smelling watersloshed around normally traffic-cloggedroads for more than a week.

There were even calls to considermoving the low-lying capital elsewhere,as power and water supplies were dis-rupted in the interests of safety.

In response, the central governmentand the capital’s local authority havealloted 9.5 trillion rupiah (1.04 billiondollars) to avoid a repeat, says PublicWorks Minister Joko Kirmanto. Themoney will be used for measures such asimproved drainage, tackling rivers proneto overflowing and the completion of amajor flood canal by 2008. The govern-ment will provide 6.5 trillion rupiah,with the remainder coming from thelocal authority. Kirmanto says themoney would be dispersed from nowuntil 2009, but around 40 percent willbe released this year.

Some experts say the floods occurredbecause poor city planning and anextended construction boom over-whelmed an old drainage system builthundreds of years ago by Dutch coloniz-ers. The inundation is estimated to havecaused damage and losses also wortharound $1 billion.

— Agence France-Presse

WHO, EXPERTS MEET TO DISCUSSAVIAN FLU TREATMENTSBy Cheryl Pellerin, USINFO Staff WriterAs the number of human cases of avianinfluenza confirmed by the World

Health Organization (WHO) rises to281, with new cases reported in Egyptand Laos, WHO and internationalexperts are meeting in Turkey to discusshow best to treat people who becomeinfected with the highly pathogenicH5N1 form of the bird flu virus.

Since 2003, some 300 million birdshave died directly from infection orhave been destroyed to keep the virusfrom spreading, and 169 people havedied, most from close contact with sickbirds.

The March 19-21 meeting in Antalya,on the Mediterranean coast of southernTurkey, is the second meeting of 100experts and experienced medical practi-tioners from hospitals that have treated

H5N1 patients. The first meeting was inMay 2005 in Hanoi, Vietnam.

“We know more now than we did twoyears ago,” a WHO spokesman toldUSINFO. “A lot of work has gone onbetween 2005 and now, and there havebeen twice as many cases. All that com-bined will mean we have a lot more datato draw from.”

The meeting’s objectives are to sum-marize H5N1 symptoms and laboratoryand pathological findings, encapsulatecurrent knowledge about managingH5N1 infections and identify gaps inH5N1 knowledge and treatment thatneed research.

During the meeting, participants sum-marized the current understanding of

INTERNATIONAL NEWSGlobalAssurance

features of H5N1 infection like its incu-bation period, clinical course and dura-tion of viral shedding, and of the pathol-ogy and clinical manifestations of H5N1virus infection in people. Participantshope to improve understanding ofresponses to current treatments, includ-ing anti-viral drugs.

A paper describing the results andupdating the WHO recommendationsfor treating H5N1 patients will be pub-lished in a medical journal.

On March 19 and 20, the EgyptianMinistry of Health and Populationannounced new human cases of H5N1avian influenza infection, both in AswanGovernorate in southern Egypt. Thecases were confirmed by the EgyptianCentral Public Health Laboratory andU.S. Naval Medical Research Unit No. 3in Cairo.

A two-year-old boy developed symp-toms March 15 and was admitted to thehospital the next day. He was in stablecondition on March 20. Investigationsindicated a history of contact with back-yard poultry.

On March 13, a 10-year-old girl wasadmitted to the hospital with symptoms.She was in stable condition on March19. Investigations indicate that she hadrecently been exposed to sick poultry.The girl’s contacts are under observa-tion.

According to WHO, no epidemiologi-cal link has been found between thetwo cases.

On March 12, the Ministry of Healthand Population announced anotherhuman avian flu case: a four-year-oldboy from Ad Daqahliyah Governorate.He developed symptoms March 7, wasadmitted to the hospital the next day,and his condition was stable March 12.He was exposed to sick birds during thefirst three days of March. The boy’s con-tacts are healthy and are being moni-tored closely.

Of the 26 cases confirmed to date inEgypt, 13 have been fatal.

On March 16, the Ministry of Healthin Laos, officially the Lao People’s

Democratic Republic, reported its sec-ond human death from infection withthe H5N1 avian influenza virus.

The country’s first death, announcedby the Ministry of Health March 8, wasa 15-year-old girl from Vientianeprovince, the capital of Laos, in theMekong Valley. Her infection wasannounced Feb. 27 and she died March7 after being hospitalized in neighboringThailand.

And a 42-year-old woman from Sakavillage in the Pong Hong district, also inVientiane province, developed a feverFeb. 26, was hospitalized in VientianeProvincial Hospital Feb. 28, and thentransferred to Setthathirat HospitalMarch 1. She died three days later.

Tests performed during an investiga-tion to determine the source of expo-sure found a duck positive for bird flu inthe woman’s household. Close familyand hospital contacts are being moni-tored for possible infection.

Initial testing was conducted by theNational Centre for Laboratory andEpidemiology in Laos. In line with WHOpolicy, samples were sent to a WHO col-laborating laboratory in Tokyo for diag-nostic verification and further analysis.The collaborating center confirmedH5N1 infection.

WHO continues to work closely withthe Laos government to strengthen casereporting, improve diagnostic capacityand increase local awareness of the dis-ease.

— Bureau of International InformationPrograms, U.S. Department of State

EMERGENCE OF AVIAN INFLUENZAIN AFRICA INCREASES PANDEMICRISKThe avian influenza virus, with its possi-ble mutation into a form capable ofengendering a human pandemic,remains a serious threat around theworld, with greater transparency andsharing of information critical to meetthe challenge, and Africa emerging as atop priority for resources and technicalaid, according to the latest United

Nations update. “The possibility of a human pandemic

hangs over us,” warns the UN Food andAgriculture Organization (FAO). “H5N1remains a potent threat around theworld, both to animals and humans,” theagency says, noting that, with the arrivalof the virus this year in Africa, there ismuch cause for concern.

“Failure by any one country to containthe disease could lead to rapid re-infec-tion in many more countries,” FAOAssistant Director-General AlexanderMüller says. “One weak link can lead toa domino effect, undoing all the goodthat we have achieved so far. Now is notime for complacency.”

FAO says that several parts of theworld remain particularly vulnerablebecause of a shortfall in donor funding,including Africa, eastern Europe and theCaucasus and Indonesia.

According to the FAO, “Africa mustnow be a top priority for resources andtechnical assistance in the battle againstavian influenza.” However, the agency isalso calling for continued commitmentto unaffected parts of the world likeLatin America and the Caribbean,“where the FAO’s investment in nationaland regional preparedness planning ispaying off.”

Winning the battle against the virusdemands a long-term vision, with moresurveillance, rapid response to outbreaksand greater transparency and sharing ofinformation essential. “Scientific break-throughs on improved diagnostics, vac-cines and treatments can only emerge ifvirus information is shared widely andwillingly, for the greater good,” the FAOsays.

The FAO is calling on countries toplace stronger emphasis on hygiene andmovement control throughout the ani-mal production and marketing chain toproduce positive results. “In Vietnam, forexample, an integrated strategy of sur-veillance and laboratory capacity build-ing, movement control, vaccination andculling has averted what could havebeen a disaster,” the agency notes.

GlobalAssurance International News


Senior UN System Coordinator forAvian and Human Influenza DavidNabarro says $1.5 billion is neededworldwide during the next two to threeyears for preventive measures. So far,the FAO has received $76 million for itsactivities, and agreements have beensigned for $25 million more, with a fur-ther $60 million in the pipeline.

— FAO

INDONESIA AGREES TO RESUMESHARING AVIAN FLU SAMPLESBY CHERYL PELLERIN, USINFOSTAFF WRITERAfter a two-day meeting in Jakarta,Indonesia, among officials from the WorldHealth Organization (WHO) and 18nations that have had animal and humanoutbreaks of the highly pathogenic avianinfluenza virus, the government ofIndonesia has agreed to resume sharingH5N1 virus samples for the first timesince January.

Indonesia Health Minister Siti FadilahSupari focused global attention during thepast few months on the fact that develop-ing countries supply H5N1 samples toWHO collaborating centers for analysisand preparation for vaccine productionbut are unlikely to have access to the vac-cines.

“Previously, WHO used a mechanismthat was not fair for developing countries,”Supari said at a March 27 press conferencein Jakarta. “This mechanism was not fairand transparent in terms of the expecta-tions of developing countries. We thinkthat mechanism was more dangerous thanthe threat of pandemic H5N1 itself.”

To address these concerns and maintainsample sharing for risk assessment, WHOorganized the meeting in Jakarta. Amongthe participants were senior scientists,including four directors of the WHO col-laborating centers; potential fundingsources, including representatives from theAsian Development Bank and the GatesFoundation; and others.

The agreement comes as the EgyptianMinistry of Health and Populationannounced a new human case of H5N1

avian flu in a three-year-old girl fromAswan governorate who had contact withbackyard poultry.

“The current global capacity to producea vaccine to respond to an influenza pan-demic is insufficient to meet the globalneed, especially in developing countries,”says U.S. Health and Human ServicesSecretary Michael Leavitt. “The WHOdeserves continued support and commen-dation for its leadership in guiding theglobal effort to prepare for and respond toa potential human influenza pandemic.”

Withholding viruses from WHO collab-orating centers posed a threat to globalpublic health security and the ongoing riskassessment conducted by WHO collabo-rating laboratories.

WHO collaborating centers performseveral key flu-related activities, includingdetermining if the virus acquired humangenes or made other significant changes,identifying potential vaccine strains, testing

to determine if the virus is vulnerable torecommended anti-virals, tracking thevirus’s evolution and geographic spreadand updating diagnostic tests because fluviruses constantly mutate.

After the meeting, Supari reviewed rec-ommendations and said Indonesian virus-es once again could be shared with theWHO. The meeting concluded that WHOcollaborating centers will continue riskassessment on H5N1 virus samples andturn virus into seed virus suitable for vac-cine production and terms of reference forthe WHO labs will be revised.

The terms of reference will describeexactly what a collaborating center can dowith the viruses provided through surveil-lance, says Dr. David Heymann, WHOassistant director-general for communica-ble diseases. WHO will develop the stan-dard document with input from membercountries.

The meeting endorsed WHO’s efforts to



link vaccine manufacturers in developedand developing countries to speed thetransfer of influenza vaccine manufactur-ing technology.

“We have struck a balance between theneed to continue the sharing of influenzaviruses for risk assessment and vaccinedevelopment,” Heymann says, “and theneed to help ensure that developing coun-tries benefit from sharing without compro-mising global public health security.”

Individual countries will negotiate howvaccine is made available to them.

“WHO is not involved in financial nego-tiations, either in selling viruses or buyingvaccine,” continues Heymann. “Countrieswill negotiate bilaterally with vaccine man-ufacturers. We will certainly facilitate ifcountries are asking for support, but itwon’t be standard.”

WHO best practices for sharing flu viruswere developed for seasonal influenzavaccine, which has a market in developedcountries but in only a few developingcountries.

“H5N1 vaccines are a different issue,”Heymann says. “We will now modify ourbest practices to ensure that they are trans-parent to the developing countries whichare providing samples and which haverequested to share in the benefits resultingfrom those viruses.”

The director-general of WHO is com-mitted to working with pharmaceuticalcompanies and donors to develop a pos-sible stockpile of vaccine for developingcountries if they need vaccine, saysHeymann, but this is at an early stage offeasibility study.

— Bureau of International InformationPrograms, U.S. Department of State

SINGAPORE EMERGING AS HUB FORDISASTER RECOVERY MARKETBy Tung Shing Yi, Channel NewsAsiaThe recent Taiwan earthquake triggeredthe meltdown of Internet connectivity andcaused the disruption of business servicesin Asia.

But it also set off a revival of interest indisaster recovery management amongcompanies in the region.

According to the Disaster RecoveryInstitute Asia (DRI Asia), the episode clear-ly shows the lack of contingency planningamong businesses in Asia. And the insti-tute says there has been an influx ofenquiries from both the public and privatesectors.

Lim Sek Seong, program director, DRIAsia, says, “One of the things the govern-ment is emphasizing is that organizations,whether public sector or private sector,have to [have] business continuity man-agement and implement business continu-ity and recovery plans.”

“The key reason is that organizationsneed to survive any major incidents andprotect the lives and safety of their cus-tomers and staff, while at the same timeensuring key assets like infrastructure andinformation are protected. This is the pri-mary focus of business continuity manage-ment.”

Initially, the bulk of demand for its serv-ices came from the financial sectorbecause of the need to reduce credit risks.“Almost every country has its own centralbank. It was natural to avoid financial cred-it risk, to control credit risk, the regulatorsintroduced guidelines. Many of thesebanks also introduced business continuitymanagement guidelines,” says Lim.

But increasingly, the institute is seeingdemand from manufacturing, IT services,chemicals and even the public sector. Inthe past two years, DRI Asia’s revenue hasshown a steady annual growth of about 20percent.

Disaster recovery awareness started withY2K fears in the late 1990s. It has sinceevolved into a viable industry driven by ahigh level of interest from the public andprivate sectors.

According to DRI Asia, the Asia-Pacificdisaster recovery market is estimated to beworth $1.3 billion a year.

— Channel NewsAsia

STUDY FINDS 44 PERCENT OFCOMPANIES UNABLE TO DECLAREVIRTUALIZATION DEPLOYMENTS ASUCCESS The results of an independent global

study, conducted by Islandia, N.Y.-basedCA, a provider of information technolo-gy management software, highlights themixed results companies are experienc-ing with server virtualization, as well ascritical success factors discovered byearly adopters.

According to the study, which sur-veyed 800 organizations around theworld, 44 percent of respondents whosaid they had deployed server virtualiza-tion technology were unable to declaretheir deployment a success. Inability toquantify ROI was a key factor in theirreticence to definitively claim positiveresults.

The study also reveals that 71 percentof organizations that have moved aheadwith virtualization have deployed, orplan to deploy, multiple server virtualiza-tion technologies, including operatingsystem and hardware virtualization, oper-ating system partitioning, para-virtualiza-tion and/or clustering. Sixty percent oforganizations consider clustering a typeof server virtualization, adding to the het-erogeneity of virtualized environments.

For organizations claiming success withvirtualization, the most important factorwas being able to measure performanceof the virtualized environment. Otherkey success factors cited in the studyinclude diligent inventorying of serverassets and load distribution and thoroughinvestigation of available technologysolutions.

According to the study, organizationsare primarily deploying virtualization toimprove server/system utilization rates,increase server reliability and uptime andenhance business continuity.

The survey was conducted in Januaryby The Strategic Counsel, an independ-ent research firm. Of the respondents, 30percent were from North America, 37percent were from Europe and 31 per-cent from the Asia-Pacific and Japanregion. Of the organizations surveyed,67 percent had between 10 and 99physical servers, and 22 percent hadmore than 200.

— CA

GlobalAssurance International News


Another question this two-part article will help address is,“How do I maintain interest in continuity planning and strate-gic readiness when the threat environment becomes lessintense?” Look for Part II of this series next month, which willdiscuss disciplines five through eight: 5) constructive approach-es; 6) pattern intuition; 7) surprise avoidance; and 8) manage-ment perspective.

Each of these concepts is powerful, useful, and a key ingre-dient for the all-important linkage with management as a trust-ed strategic advisor.

DISCIPLINE ONE: VERBAL SKILLThere are five specific elements to the discipline of verbal skill.They’re organized into a structure that will help you assessyour level of skill, knowledge and ability, as well as to deter-mine where you need to improve.

The five elements trusted advisors need to master includeon-the-spot advice, constructive approaches, outcome direc-tion, the three-minute drill and storytelling. This article will dis-cuss two of these concepts.

On-the-Spot Advice: Managers manage in real time. Yes,

How to Becomea Trusted

Strategic AdvisorThe eight disciplines: Part I

By James E. Lukaszewski, ABC, APR, Fellow PRSA, CCEP,

Keynote Speaker at CPM 2007 WEST

Providing credible advice and thinking strategically are whatmost of us – whether as a staff member or outside consult-

ant – truly seek to accomplish. This includes initiating andhelping to develop tactical options for operational and organi-zational leadership. Gaining respect as a strategist and trustedadvisor ties into the three crucial questions that affect all con-sulting relationships: • How do I get invited to the table before all the decisions are

made and before outside voices get in the way?• How do I earn a continuous seat at the strategy table? and• What do I have to do to get the call from the boss ahead ofeveryone else?

A variety of skills are crucial to becoming a trusted strategicadvisor. This article – Part I in a two-part series, discusses fourof the most important disciplines: verbal skills, strategic impact,pragmatism and inconsistency.

Read these concepts through and assess how you mayalready be accomplishing some of them as a part of your dailywork. You may need to more thoroughly think through someof them develop them for your own use.


there’s planning. Yes, there’s strategizing. Yes, there’s researchand other elements involved in developing business plans,strategies and actions. Typically, the staff function knows verylittle about the operating side of the business and, therefore,requires input, learning time, and, sometimes, the client’s infor-mal reflections on ideas before concrete advice can be offered.

The trusted advisor is expected to give advice on the spot.This skill is what truly sets internal experts apart from outsideconsultants. Some consultants are hired to conduct studies anddevelop plans and strategies, but for the price paid, the boss islooking for a consistent stream of useful advice, given immedi-ately once a situation is understood, even if only vaguely.Developing your ability to confidently give on-the-spot advice,in small increments, is critical to being valuable when it reallymatters – at times of crucial decision making.

Building this skill requires continuous refinement of yourmanagement focus. This concept requires that you spend moretime focusing on what managers really need from a manager’sperspective. It’s these experiences, knowledge and attitudesthat enable you to give advice promptly and competently –with confidence.

Storytelling: You can marshal all of the facts, data and infor-mation available on a particular topic. You can even work forsomebody who really does appear to read and absorb this stuff.But one simple story, told in 30 seconds, with a great lesson,moral or self-evident truth, is often more persuasive and pow-erful. Become a storyteller.

When it comes to consulting, I’ve noticed that one of themost interesting gender differences (I know this is a very dan-gerous topic) is that I typically hear and expect male advisorsand consultants to use stories far more often than women.While my study is based solely on empirical evidence, this is asolid and interesting contrast – especially since most seniorexecutives are men. For the female contingency planning exec-utive, developing the storytelling technique can be an extreme-ly powerful verbal tool as you move forward.

The place to begin in storytelling is to recognize and choosestories that you hear or tell yourself. Write out the stories andexamine why you like to tell or hear them.

Here are the attributes of an effective story:• There’s a beginning, middle and end.• It’s generally in positive language.• Stories should be brief, usually up to 150 words (one minute

speaking time).• Stories are in plain language (meaning language a 13-year-old

can understand).• Stories are people-focused (about people, animals or living

systems).• Stories end with a moral, lesson or self-evident truth.

People who tell stories are the teachers in our lives. We areconditioned from childhood, through family life or religion, tolisten and learn from stories.

After you’ve analyzed the stories you already tell to deter-

mine what they teach and how they teach it, begin looking forother stories that illustrate important points you want to make.Get in the habit of thinking about situations in ways you caneffectively retell.

The Story Development Worksheet (Figure 1) shows a sam-ple format (you can develop something like this on an 8-1⁄

2 x11-inch sheet of paper) or template for identifying and developingthe stories you would like to use.

This is a serious, intentional activity. Forcing yourself to boildown important information and events into this one-minuteformat will make you say less, but make what you say moreimportant. This format forces you to focus on what truly mat-ters. It’s a template that allows you a sense of communicationquality assurance in that you’re always heading towards a les-son, moral or self-evident truth.

One of the greatest sources of stories today, and for manydecades, is Reader’s Digest. This magazine specializes in the veryshort anecdotal story. There are columns like “Humor inUniform” and “Life in These United States.” Every month thereare many anecdotes throughout the publication that will beuseful as stories or models for stories you can actually use. Inaddition, there are national and international associations ofstorytellers you can join and participate in.

In my work as a consultant, whenever I have a conflict or dif-ference of opinion with a client – or the client has a differenceof opinion internally – my first technique is to tell some kindof story from my experience. The story illustrates a truth theycan both agree on, or agree to disagree on, so they can moveforward – or at least get by the current obstacles. When I’mchallenged by individuals, I invariably have a story of a similarchallenge that was either overcome, confirms their wisdom orsteers us in a new and better direction. Rarely will facts anddata ever be as powerful, even when delivered by knowledge-able and respected people.

Besides, it’s really cool to know that a story you tell can makepeople laugh, cry, question, commit, mobilize or take action.

DISCIPLINE TWO: STRATEGIC IMPACTStrategic impact means three things: focusing on the ultimategoal, focusing on what matters and working and thinking in amore operational context. Strategic impact, from the stand-point of our discussion, has five components, some of whichcut across ideas already shared in this series.

1. Management Language: Understanding the contingencyplanning management function, and the value and merit of thefunction, is probably the furthest thing from an operating indi-vidual’s frame of reference. Clearly, what the contingency plan-ning management function is and does is important, but usual-ly secondarily to operational decision making and strategy. Usemanagement language; read management publications; andunderstand what the boss cares about. Then learn somethingabout it, and give advice in that context.

2. Truly Strategic Insight: Insight is the development of newinformation or knowledge from existing data or known facts.


It’s the intentional action of looking at things differently, onpurpose, to extract new knowledge. This is one of the mostimportant disciplines of the trusted advisor. Absent this disci-pline, everyone becomes a “yes” person based on what theyhear, read and see. You must make an effort to extract or dis-till more value from what is already known. This is what insightis all about.

3. Focus on the Ultimate Outcome: This is where the man-ager’s or operator’s brain really is – at the end of the process,looking at the product solution or next steps. This has to besomething you can do as well. Dr. Stephen Covey, author ofThe Seven Habits of Highly Effective People, talks about planningwith the end in mind. This is a similar concept. Understandwhere you’re headed; then work backwards to identify all thedoable increments.

4. Substantive Intensity: Staff people tend to babble a lot,often about things only they care about. The mindset of sub-stantive intensity focuses on what truly matters. I refer to this

as the 95-5 Rule. Ninety-five percent of what we do each daydoesn’t matter, is unnecessary or needs to be shoved off tosomeone else so that the truly important stuff, the crucial fivepercent, can be managed. In practical terms, this means thatwhen it involves management, you need to be certain thatwhat you’re talking about, working on or working with reallymatters. Stop wasting time. Stop bloviating on things that havelittle or nothing to do with where you’re headed. Always striveto keep things focused on the crucial five percent. Be respon-sible for substantive intensity when you’re around.

5. Conclusive Action Recommendations: Anyone who hasrun anything understands that everything is accomplished inincrements rather than blindingly simple or powerful steps, orsurprise. Look for the next increment, the next step in theprocess, the most logically doable actions that can be taken.Then recommend, support or develop those steps and actions.You’ll be responsible for keeping the momentum of the processalive and, through the other techniques we’ve talked about,keeping people focused on the proper direction.

DISCIPLINE THREE: PRAGMATISMA pragmatist is someone who tends to focus on what is actual-ly doable. A pragmatist knows the knowable, does the doable,gets the getable and achieves the achievable.

In more practical terms, this means keeping managementcentered on a track that will get them where they need to be.While similar to providing substantive intensity, verbalizingwhat is achievable often amounts to stating the obvious. Inmany management discussions, enormous amounts of time arewasted speculating, guessing, estimating and talking mindlessly.Take the responsibly for bringing everybody back to what isdoable or what is knowable, and identify what is accomplish-able.

A pragmatist brings a sense of reality into the mix of deci-sions and actions to keep things as real as possible. Many of theinsights from those involved in contingency planning manage-ment work are less obvious to those who are not. In fact, mostcontingency management planners I work with do tend to bepragmatists, and are sometimes criticized by managementbecause they are more engaged in system protection than inthe can-do attitude management seems to need to get thingsdone.

A pragmatist is a person driven by the power of incrementalsuccess. Crises, disasters and explosive problems happen in aninstant. Recovery and remediation happen incrementally.

Avoid the mindlessly negative discussions, guesswork,scheming and estimating that often occur when emotions runhigh and problems are severe. Be the advisor who can do thedoable, know the knowable and do those things that you knowwill work.

Remember the prime reason most CEOs lose their jobs: theyfail to achieve or accomplish what they promised when theygot the job. Avoid being the one who walks into the boss’office with two, three or four new ideas, only to leave them


Figure 1

The Story Development Worksheet:Developing Stories That Communicate Your Messages

Storytelling is among the most powerful verbal communicationtechniques in any language, in any culture. Stories that communi-cate have six components, no matter how brief or extended thestory happens to be. The planning form below is designed to helpyou take your messages, ideas and opinions and turn them intostories that communicate, persuade, neutralize, energize, motivate,pacify or even cause a tear.

Story Development Format

Message, communications objective, moral, lesson, punch line,purpose, self-evident truth:

Plain language synopsis:

People focus, main characters:

Structure, sequence of events (beginning, middle, end):

Key facts/data:

Human factors:


behind to add to the boss’ unmet and unfinished work fromyesterday, or even last week. Help the boss get what mattersdone first.

DISCIPLINE FOUR: INCONSISTENCYThis is among the harder concepts to grasp because most of uswant to fit in, be accepted, be liked and still have some sort ofimpact. If you want to be really valuable, why would you striveto do the same thing everyone else is trying to accomplish? Beconstructively different, on purpose.

Inconsistency in strategy is a virtue. Strategy is looking atthings that are known and unknown and attempting to devel-op innovative ideas and approaches for movement, action anddecision making. To do that, the strategist has to be intention-ally inconsistent, looking at what was done before and inten-tionally doing things differently from past practice. Being incon-sistent means questioning all assumptions – intentionally mis-understanding those ideas, assumptions and standards that aretaken for granted or at face value. Being methodically inconsis-tent is one of the key habits to developing insight. This meansextracting new information and knowledge from existing dataand information.

One of the great strategies to achieving inconsistency is con-stant simplification of ideas, concepts and decision making.Simplification is accomplished by relentlessly asking “why.”When a situation is outlined, we ask, “Why has that pattern ofevents been identified?” When we get the explanation of“why,” we ask, “Why were these knowledges the most impor-tant of all the possibilities?” When we hear the answer to thatquestion, we ask “why” again. Each “why” helps us drill deep-er, yet simplify what the ultimate strategic advice is going to be.

There are two kinds of questions in organizations - questionsthat teach and questions that kill. Being inconsistent means ask-ing questions that teach, illuminate and explore what’s beingthought, what’s being said, what’s being planned and what’s

going to be accomplished. A trusted advisor is a constructivequestioner.

The payoff is insight, sometimes even visionary approaches.Be a facilitator and evaluator of positive, incrementalprogress. Adopt these attitudes and you’ll be invited to moremeetings and your views will be sought after more frequent-ly.

While being “inconsistent” in most organizations is a seriousindictment of behavior, in strategy, inconsistency is a power-ful virtue.

Don’t miss Part Two of The Eight Disciplines ofBecoming a Trusted Strategic Advisor in nextmonth’s issue of CPM-Global Assurance.

About the AuthorJames E. Lukaszewski is a corporate crisis troubleshooter with aglobal practice. He works at the highest levels of corporations andorganizations, advising senior management and top managerspreparing for crises, responding to crises and recovering from crises.His Web Site www.e911.com is a major resource for disaster man-agers. Questions and comments may be directed to editorial@con-tingency planning.com.

Success Tips for StorytellersAnalyze and understand why your favorite stories work. Use thesame process to perfect new stories.

Four excellent sources for story models, which help you createbetter stories, are:

• Bits and Pieces

• Storytelling Magazine

• Readers’ Digest

• Vital Speeches of the Day

Join the National Storytelling Association, National SpeakersAssociation or the Canadian Authors Association.Be alert to good stories you hear.Create a story/idea folder and keep it in your desk. When youget an idea or think of a message you’d like to get across, jotit down on a form like the Story Development Worksheet.Create a lesson, message, or self-evident truth folder and lookfor stories that can serve as archives for your message.

Don't miss James E. Lukaszewski'skeynote address at CPM 2007 WEST, titled, "Why Should Your Boss Listen

to You? How to Become a Trusted StrategicAdvisor." Mr. Lukaszewski is

most frequently retained by senior management as a trusted outside

advisor to directly intervene and manage resolution of serious corporate

problems and threats. He coaches CEOs, is a prolific author and speaker

and has been quoted in major business publications. The recipient of

many academic and professional awards, his name appears in Corporate

Legal Times as one of "28 Experts to Call When All Hell Breaks Loose,"

and in PR Week as one of 22 "crunch-timecounselors who should be on the

speed dial in a crisis."


GlobalAssurance

PRODUCTSFUSEPOINT LAUNCHES NEWONLINE PRESENCE WITH DISASTERRECOVERY RESOURCESFusepoint.com launches a new onlinepresence: a “higher level” of managed ITservices for deploying and hosting e-business, security, disaster recovery andbusiness continuity solutions for the mis-sion-critical applications that power busi-ness in Canada.

Along with the launch of the new Website, Fusepoint has also developed sever-al online resources, such as The RiskAssessment Test and Online VirtualTour, to guide company decision makersin understanding their own companies’business continuity and disaster recoveryplanning needs.

— Fusepoint

HP MAKES DATA BACKUP ANDRECOVERY EASY FOR SMBS

HP has introduced a disk-based backupand recovery system for data protectionand disaster recovery. Designed for thebusiness continuity and IT needs ofsmall and medium businesses (SMBs),the new HP StorageWorks D2D BackupSystem automates and centralizes back-up to provide reliable data protection forup to four servers in a single, secure,self-managing device.

The HP D2D Backup System inte-grates into existing network-based ITenvironments and can be configuredand managed in three steps. Daily back-ups become fully automatic, reducingthe risk of human error and hardwareproblems. Restoring lost or corruptedfiles also becomes easier because back-up data is stored online, where it can berestored in minutes.

— HP

BANK OF AMERICA INTRODUCESEMERGENCY RELIEF CARDSOLUTIONS Bank of America has announced that itis introducing Emergency Relief™ Cards,

a suite of prepaid card products that willassist corporations and government enti-ties to prepare for catastrophic events.The special-use cards are designed to beincorporated into contingency plans toenable continuing business operationsand to provide relief measures duringtimes of critical need.

The new Emergency Relief productsuite is built upon the knowledge gainedduring prior emergency situations thatunderscored the vital value of card pro-grams. In the aftermath of HurricaneKatrina, Bank of America provided200,000 prepaid cards to the SalvationArmy for much needed victim relief.During the 2004 hurricane season, Bankof America issued more than 300 emer-gency purchasing cards to the State ofFlorida to deploy crews and restoreroadways. These cards were used formore than 7,000 emergency purchasestotaling $7 million.

These experiences led Bank ofAmerica to develop solutions that canbe set up in advance and incorporatedinto recovery plans.

The suite of prepaid Emergency Reliefcards currently includes cards that canbe tailored for different situations. Forexample, by employing merchant coderestrictions, programs can be designedwith the ability to prevent card use forinappropriate purposes. Except for thesemerchant code restrictions, the cardsmay be used anywhere Visa is accepted.Cards can also be customized for partic-ular client requirements, includingwhether to allow cash withdrawals andwhat dollar amount is to be preloadedon the cards.

A new version of the card will beavailable this summer allowing clients topre-order unfunded cards that can beactivated and loaded with funds basedupon a pre-determined contingencyplan. Under this system, which isbelieved to be the first of its kind in theindustry, card numbers, intended recipi-

ent names and pre-authorized amountswill be kept on file with the bank to beactivated if and when needed. Thisinformation will be updated monthly bythe client to ensure accuracy and theability to activate the system rapidly.Additionally, duplicate emergencyinstructions can be provided to thebank. If a client cannot access technolo-gy systems during a crisis to enable theirplan, Bank of America can initiate it forthem.

— Bank of America

MYPHOTOPIPE.COM WINSCONTRACT FROM DEPARTMENT OFHOMELAND SECURITY myPhotopipe.com Inc., a Web-basedonline provider of digital photo process-ing and related services, has announcedthat it has been awarded a contract fromthe U.S. Department of HomelandSecurity (DHS). The award calls formyPhotopipe.com to provide photo-graphic printing and design support serv-ices to the DHS Office of Public Affairs.The Office of Public Affairs chroniclesthe agency’s responders, documents inci-dent response teams, travels withSecretary Michael Chertoff and providesphotographic prints to the agency’sinternal users, as well as to the mediaand the general public.

“This is a milestone event in ourCompany’s history, and a real credit toour focus on the professional segment ofthe fast-growing digital photo processingmarket,” says L. Douglas Keeney, CEOof myPhotopipe.com Inc. “We arepleased to make this announcement,especially given the fact that we werecompeting against 12 other companies,including a number that were much larg-er than us. DHS has told us that a signif-icant factor in their decision to selectmyPhotopipe.com involved recommen-dations from our current customers.They were also pleased with our use ofdigital templates, our digital photo tools


GlobalAssurance Productsand our Internet resources.”

“The importance of this contractextends beyond the very significant rev-enue potential it represents, because itdramatically illustrates why the digitalcamera and the photographic print areenjoying such a renaissance. No matterwhere DHS operates, a digital camera isavailable, and our online photo process-ing tools allow the federal governmentto effectively document its response to anatural disaster or other incident with aphoto montage, or to record a visit fromthe Secretary with an autographed pho-tograph. We are thrilled, and at the sametime honored, to help one of the largestbranches of the United States govern-

ment accomplish its mission.”— myPhotopipe.com Inc.

ONEBEACON OFFERING NEWDISASTER-RECOVERY TOOL OneBeacon Insurance is making a pow-erful new resource available to help itssmaller business customers survive natu-ral and man-made disasters.

Open for BusinessSM, a free Web-baseddisaster recovery and risk assessmenttool developed by the Institute forBusiness & Home Safety (IBHS) enablesOneBeacon’s smaller commercial cus-tomers to perform the kinds of disasteranalysis and recovery planning normallylimited to much larger organizations.

IBHS is a nonprofit insurance industryorganization dedicated to reducing thesocial and economic effects of naturaldisasters and other property losses. Itcreated the interactive, online version ofOpen for Business exclusively for cus-tomers of member companies, such asOneBeacon.

OneBeacon customers can identifyrisks from hurricanes, high winds, floods,earthquakes, tornadoes/hail, winterweather and wildfire with the Open forBusiness Property Protection Plan; andthey can use its Recovery Plan to estab-lish customized procedures for recover-ing essential business functions.

— OneBeacon Insurance

Call For Papers Open!

Do you have what it takes to be part of theCPM 2007 EAST

conference faculty?

We are looking for professionals in business continu-ity/COOP, emergency management and security to

deliver advanced-level lectures, case studies and inter-active workshops geared toward experienced plan-ners. CPM 2007 EAST will take place November 13-15 at the Gaylord Palms Resort in Orlando.

www.ContingencyPlanning.com/events/east

CPM delivers a training experience unlike any other.

Learn to defuse any disaster that rears its ugly head.

Sessions include:

• Pandemic Influenza: The State of the Threat

• Establishing Mission-Critical Employee Programs

• Data Security in a Distributed World

• Disaster Simulation Exercise

And many more!

Register Now!

www.ContingencyPlanningExpo.com

2007 04 global assurance magazine

Documents