Hi Mark

It may be that the risk analysis on the data center was focused too much
inwardly (and looked OK from that perspective) - in other words, looking at
the environment in terms of access control, fire rated walls slab to slab,
fire detection and protection systems, air-conditioning, UPS, diesel
generator, backup cycles and offsite OK, systems resilience / redundancy in
terms of internal dual power supplies / CPUs / RAID disc etc. etc.

Without actually seeing the report I would initially suggest looking again
at the external factors to see if these can justify a secondary data centre,
combined with the loss of business processes / IT services impact costs,
over time, which I must assume for now has been completed (in other words,
your BIA justifies such a facility due to potential direct and indirect
losses, and if a BIA has not been done, then that is your answer and next
step). It may be that there are sufficient and probable threats externally
to justify a secondary data centre. E.g. single points of failure such as a
single WAN cable feed out the site and reliance on a single local Telco
service provider exchange, nearby natural threats such as rivers / dams /
the sea, your geographical area weather, proximity to other industries and
their risks (explosion / toxic gases or emissions), your own site risks if
you are in production / manufacturing) etc.etc.

If you are already thinking of a replicated data site (which is
comparatively a very costly recovery solution), then can we assume that the
industry you are in justifies such a solution, and the potential direct
financial losses / indirect potential losses are substantial over a short
period of time (i.e. not to consider say a more "traditional" system build /
tape restore from backup tapes within 24 hours or so).

The other pointer that may help with your justification is if there is a
senior management mindset that there are already duplicated business
critical systems in the data centre such as clustered or a dev/QA platform
that can be quickly converted to production / live. The argument then is if
they are all in the same facility then they can all be affected by the same
incident / denial of access / single points of failure.

Hope this helps in relooking at the issue.

Regards

Ray Liepa MBCI
ray.liepa@... <mailto:ray.liepa@...>

-----Original Message-----
From: Mark Meekins [mailto:ghack77@...]
Sent: Friday, November 21, 2003 8:03 PM
To: discussbusinesscontinuity@yahoogroups.com
Subject: [discussbusinesscontinuity] Disaster Recovery


Our company recently had a Risk/Vulnerability Assessment performed to
identify all "threats" that could possibly cause our primary data center to
go offline. The report came back stating our risk was extremely small. Prior

to this we were thinking about the use of a secondary data center using EMC
SRDF to replicate data and having production like servers housed at this
site.
With this review I am afraid mgmt will say why do we need a secondary site
based on this report.

What factors can I communicate to mgmt as to why we should utilize a
seconday site or DR provider for recovery purposes? I am worried that they
will say we don't need a DR site.

Mark Meekins
Manager, Business Continuity

_________________________________________________________________

One element to ask management to consider is the combination of the risk
probability and the impact of such a risk. For example, I am in the
Midwestern United States and, while rarely see tornadoes in a specific
area, the impact of such an event is devastating.

Did your Risk/Vulnerability Assessment include these factors as well? Can
you tell us who (at least what kind of organization) performed the
assessment? Was it purely internal? Was it a DR site vendor?

Steven Kopischke
Hartford, WI USA


At 12:03 11/21/2003, Mark Meekins wrote:
>Our company recently had a Risk/Vulnerability Assessment performed to
>identify all "threats" that could possibly cause our primary data center to
>go offline. The report came back stating our risk was extremely small. Prior
>to this we were thinking about the use of a secondary data center using EMC
>SRDF to replicate data and having production like servers housed at this
>site.
>With this review I am afraid mgmt will say why do we need a secondary site
>based on this report.
>
>What factors can I communicate to mgmt as to why we should utilize a
>seconday site or DR provider for recovery purposes? I am worried that they
>will say we don't need a DR site.
>
>Mark Meekins
>Manager, Business Continuity

In a message dated 11/22/2003 2:59:37 AM Central Standard Time,
ghack77@... writes:

> The report came back stating our risk was extremely small. Prior
> to this we were thinking about the use of a secondary data center using EMC
> SRDF to replicate data and having production like servers housed at this
> site.
> With this review I am afraid mgmt will say why do we need a secondary site
> based on this report.
>
> What factors can I communicate to mgmt as to why we should utilize a
> seconday site or DR provider for recovery purposes? I am worried that they
> will say we don't need a DR site.
>

I would concentrate on the losses that your company could face if the data
center itself was lost.  You should have some form of BIA showing what your
business functions are and the impacts if these functions cannot be performed.

I would also bring up the statistics that get passed around that some very
large percentage of companies that lose their data centers and do not have
disaster recovery plans (I've heard percentages as high as 90%) go out of
business
within 2 years.

You don't mention what your business is.  If it is regulated by the SEC or
some other financial regulatory agency, your company can be shut down unless you
can file the necessary regulatory reports.


[Non-text portions of this message have been removed]

Mark,

Remember what others have said in this discussion group - business continuity
planning is an insurance policy.  You are planning for an eventuality that you
hope will never occur.  Ask your managers if they have home contents insurance,
and how likely they think it is that their homes will be burgled.

I would also look on the Internet for case studies and news stories about
companies that suffered a disaster that took out their data centre and had no
secondary data centre or other standby arrangement.  I'll almost guarantee that
such companies went out of business shortly after any disaster that occurred to
them.

I think you also need to look at the risk/vulnerability assessment with a very
critical eye.  How many companies that had offices in the World Trade Centre had
plans that allowed for the "highly unlikely event" that many of their employees,
and all the data and records in the twin towers would be lost?  Afterall, the
towers were built to withstand a direct hit from an airliner.  Unfortunately,
that was based on airliners the size of a Boeing 707, rather than the larger
planes flying today.  Indeed, if you could obtain a risk assessment report for
one of the companies that had a presence in the World Trade Centre, that may
have sufficient statements about "extremely small risks" for your management to
be more than a little concerned.

Regards
Alan

Alan D Hudson, MBCI, MCMA, BSc(Hons)
Domingo de Brieva #N37-34 y Villalengua
Urbanización Granda Centeno
Quito
Ecuador

Tel:   00593 2 224 4046
Mob: 00593 9 996 8236
   ----- Original Message -----
   From: Mark Meekins
   To: discussbusinesscontinuity@yahoogroups.com
   Sent: Friday, November 21, 2003 1:03 PM
   Subject: [discussbusinesscontinuity] Disaster Recovery


   Our company recently had a Risk/Vulnerability Assessment performed to
   identify all "threats" that could possibly cause our primary data center to
   go offline. The report came back stating our risk was extremely small. Prior
   to this we were thinking about the use of a secondary data center using EMC
   SRDF to replicate data and having production like servers housed at this
   site.
   With this review I am afraid mgmt will say why do we need a secondary site
   based on this report.

   What factors can I communicate to mgmt as to why we should utilize a
   seconday site or DR provider for recovery purposes? I am worried that they
   will say we don't need a DR site.

   Mark Meekins
   Manager, Business Continuity

Mark,

Sounds like you should be pleased by the report not disappointed.

If the report is valid then you are probably saving your company a lot of
money.

Lately there has been too much emphasis has been placed on technology-led
answers rather than getting to the real business problem.  When this happens
the Board consider the investment in technology as the solution to the
continuity problem and as we all know you need a lot more than that.

However, the absence of any ability to recover the data centre is a big
ommission in strategy.  Your best  ( and proven to be most successful)
option may be to use a BIA (or BCP Audit to produce a gap analysis) to
identify the recovery priorities (and resource requirements) and then get
the business buy-in for the resources necessary to ensure that continuity
can be maintained.  You may be surprised and find that this demands an
SRDF-type solution for some of your data.

In summary, SRDF is a great solution (not the only one) but only if you need
it.  It is expensive and your continuity resources may best be utilised on
other more beneficial options. Others have found this to be so but you pays
your money and takes your choice.

Regards
Phil

----- Original Message -----
From: "Mark Meekins" <ghack77@...>
To: <discussbusinesscontinuity@yahoogroups.com>
Sent: Friday, November 21, 2003 6:03 PM
Subject: [discussbusinesscontinuity] Disaster Recovery


> Our company recently had a Risk/Vulnerability Assessment performed to
> identify all "threats" that could possibly cause our primary data center
to
> go offline. The report came back stating our risk was extremely small.
Prior
> to this we were thinking about the use of a secondary data center using
EMC
> SRDF to replicate data and having production like servers housed at this
> site.
> With this review I am afraid mgmt will say why do we need a secondary site
> based on this report.
>
> What factors can I communicate to mgmt as to why we should utilize a
> seconday site or DR provider for recovery purposes? I am worried that they
> will say we don't need a DR site.
>
> Mark Meekins
> Manager, Business Continuity
>

Hi Mark,

From what you have indicated it does look as though you may not need a secondary
site for recovery purposes.

However I would seriously question the validity of any Risk Assessment that
suggests the risks are 'extremely small'.  Furthermore I would want management
to realise that the need for a secondary site is more to do with the costs of
Impact than the degree of Risk.  Even if the risk is actually minimal the impact
of loss of service could still be very significant.

You might also be able to sell the idea of a secondary site on the basis of
split load and balanced capacity.  Two reasonably sized data centres are easier
to support and maintain than one massive one.

I hope this helps but I would want lot more detail before I could give a
definitive answer to your question.

Jim Burtles, FBCI

----- Original Message -----
   From: Mark Meekins
   To: discussbusinesscontinuity@yahoogroups.com
   Sent: Friday, November 21, 2003 6:03 PM
   Subject: [discussbusinesscontinuity] Disaster Recovery


   Our company recently had a Risk/Vulnerability Assessment performed to
   identify all "threats" that could possibly cause our primary data center to
   go offline. The report came back stating our risk was extremely small. Prior
   to this we were thinking about the use of a secondary data center using EMC
   SRDF to replicate data and having production like servers housed at this
   site.
   With this review I am afraid mgmt will say why do we need a secondary site
   based on this report.

   What factors can I communicate to mgmt as to why we should utilize a
   seconday site or DR provider for recovery purposes? I am worried that they
   will say we don't need a DR site.

   Mark Meekins
   Manager, Business Continuity

Mark

The final decision is always up to the business if they fully
understand all the risks and implications of not using a second data
centre then thats their decision and there is probably not much you
can do , unless you can find other good business reasons for having
one

Its a bit CYA ( cover your a...) , I have been in situations where I
think the business have made the wrong decision but providing you
have given all the information you have done your bit



Alan Trup ABCI
Independent BCI Consultant




--- In discussbusinesscontinuity@yahoogroups.com, "Mark Meekins"
<ghack77@h...> wrote:
> Our company recently had a Risk/Vulnerability Assessment performed
to
> identify all "threats" that could possibly cause our primary data
center to
> go offline. The report came back stating our risk was extremely
small. Prior
> to this we were thinking about the use of a secondary data center
using EMC
> SRDF to replicate data and having production like servers housed
at this
> site.
> With this review I am afraid mgmt will say why do we need a
secondary site
> based on this report.
>
> What factors can I communicate to mgmt as to why we should utilize
a
> seconday site or DR provider for recovery purposes? I am worried
that they
> will say we don't need a DR site.
>
> Mark Meekins
> Manager, Business Continuity
>

Our company recently had a Risk/Vulnerability Assessment performed to
identify all "threats" that could possibly cause our primary data center to
go offline. The report came back stating our risk was extremely small. Prior
to this we were thinking about the use of a secondary data center using EMC
SRDF to replicate data and having production like servers housed at this
site.
With this review I am afraid mgmt will say why do we need a secondary site
based on this report.

What factors can I communicate to mgmt as to why we should utilize a
seconday site or DR provider for recovery purposes? I am worried that they
will say we don't need a DR site.

Mark Meekins
Manager, Business Continuity

_________________________________________________________________
Gift-shop online from the comfort of home at MSN Shopping!  No crowds, free
parking.  http://shopping.msn.com

Picking up on Alan's point, you can find easy access to the Turnbull report
and its accompanying presentation at www.karyfi.com/turnbull.html

In principle, creating a continuity culture is best practice governance -
the position from Governments around the world.  It is this that makes it an
easier sell as it is now a business issue understood by the Board.

Regards
Phil


----- Original Message -----
From: "alandtrup" <alan@...>
To: <discussbusinesscontinuity@yahoogroups.com>
Sent: Thursday, November 20, 2003 11:07 PM
Subject: [discussbusinesscontinuity] Re: BC group just for BCI members?


> Hi Daniel
>
> I work in the UK for a Major Car company and although we we had some
> terror from the IRA in the 80's 90's not as bad as Israel of course
> this is not what I used to convince the board to get Budget as they
> did not believe it could happen to them , I used UK laws as a strong
> motivating factor , there is a report called the Turnbull report
> search for it on the net & pick up key points
>
> What you have to do is find out what fear they have be they
> commercial , environment eg fire flood , loss of computer systems
> then try and find examples of what has happened in the business in
> recent memory that may have been resolved but caused issues and then
> also try and find examples in other businesses that caused serious
> results , Create a Powerpoint presentiation and show it to a
> friendly director as you need a sponsor
>
> Bhatzlaha
>
> Alan
>
>

CB,

1. Before delving into workgroup recovery planning, one needs to know first
what are the critical lines of business and internal processes that are
essential to the survival of the company.  The CFO's team should be helpful
there because revenue would be the key.  Next would be any regulatory
requirements, contractual obligations and anything the business depends on
in the marketplace brand/reputation, etc.)  A Business Impact Analysis is
the best tool for getting the business overview.

2. Then define what departments and systems support those revenue streams or
business processes.

3. Once you have nailed that down, next would be having the business units
identify the following:

--the critical functions supporting the business based on the overview or
BIA.
--the interdependent departments or outsiders for those critical functions
--the people who perform the critical functions
--what they need to get the job done in a crisis.
--whether they can work in shifts around the clock rather than just normal
business hours so you get more value for your money in subscribing to a work
group recovery solution.

Hopefully #1 and 2 are already done so #3 can be done most effectively.

Good Luck!
Virginia Maher
KPMG LLP


   -----Original Message-----
   From: ceverettbrooks [mailto:cebrooks@...]
   Sent: Thursday, November 20, 2003 11:54 AM
   To: discussbusinesscontinuity@yahoogroups.com
   Subject: [discussbusinesscontinuity] Business Unit Recovery


   Hi, I'm a Certified Business Continuity Professional (CBCP) with
   Union Pacific Railroad.  My primary responsibility is IT, but I've
   just been given the task of setting up a work group recovery plan.
   I'm looking for insight on that topic, what are the pitfalls to
   avoid, what are some things that might get overlooked. What's the
   best way to get the message across to the business units on just
   what's involved.  We are planning a kick off meeting, and I'd like to
   have some sort of document they can walk away with that will give
   them a kick start towards the process.  Any ideas, resources or
   documents will be appreciated ... cb

CB,

I was involved in creating a booklet about Business Continuity which may be
of assistance. It can be found on:

http://www.london-first.co.uk/key_sectors/publications.asp?L2=171

The title is "Business Continuity in an Uncertain World". It was also sent
out to all BCI members in the June mailing.


  It's a high level, but quite comprehensive, starter and there is a CD-Video
available to go
  with it though that is quite UK orientated.

  RMW

Daniel (Levitats)

To expand on KD's memo, remember it's not just the 'direct hits' on your
Company's assets that you need to consider, but 'access denial' i.e. being
unable to use your offfices can occur as a result of incidents affecting your
neighbours or even those just in the vicinity or on the route to your offices. 
This really multiplies up the possibilities.  The emergency services, police,
and security services may not allow you near your offices for days or weeks
until the area has been made safe for public access and it is no longer a 'scene
of crime'.

Take a look around your offices' locations and include a risk assessment of the
likelihood of problems arising because of your neighbor's problems as well.

Also don't forget these risks from others in the local environment when
considering your evacuation planning. Talk to the police and emergency services
for advice on both inward and outward evacuation planning.

One useful payback of BCP for the Company is that it demands a thorough analysis
of their business processes and interdependencies. I have not yet come across a
single case where carrying out the BCP process has not helped the Comapny in
other ways, by identifying efficiencies when considering how to build
resilience- although this is obviously not a promise you can make 'up front'.

Good luck.



Marcelle Paton-Smith
Corporate Risk Associates Limited
Fetcham Park House
Lower Road
Fetcham
Leatherhead
Surrey
KT22 9HD
Tel: 01372 371200
Fax: 01372 371100
Mobile: 07976 648156


[Non-text portions of this message have been removed]

CB,

A keystone of any recovery plan has to be having the utility providers
factored in to your recovery. In event of  disaster impacting one of your
buildings they are likely to be stretched to restore utilities to you and
your neighbours. Access to the building or your assets through municipal or
emergency service cordons for your recovery team needs to be addressed as
well.

Arthur

-----Original Message-----
From: ceverettbrooks [mailto:cebrooks@...]
Sent: 20 November 2003 19:54
To: discussbusinesscontinuity@yahoogroups.com
Subject: [discussbusinesscontinuity] Business Unit Recovery


Hi, I'm a Certified Business Continuity Professional (CBCP) with
Union Pacific Railroad.  My primary responsibility is IT, but I've
just been given the task of setting up a work group recovery plan.
I'm looking for insight on that topic, what are the pitfalls to
avoid, what are some things that might get overlooked. What's the
best way to get the message across to the business units on just
what's involved.  We are planning a kick off meeting, and I'd like to
have some sort of document they can walk away with that will give
them a kick start towards the process.  Any ideas, resources or
documents will be appreciated ... cb

David Honour's website (http://www.continuitycentral.com )has recently had some
great articles that will help. For instance:

a. On 9/17/03 or so, Ray J Vaughan had an article about the impact hurricanes
may have on equipment. While you may not be in a hurricane zone, perhaps you
could suffer damage from burst water pipes, water from the fire department, or a
flood.
b. On 9/12/03, Tony Croft had a nice aticle about options for critical records
management.
c. Recently, there was a great article on IT mistakes. (I don't have this at
hand, but will on Nov. 25th.)
d. The crisis communications case study on the West Pharmaceutical Services
plant explosion with three confirmed deaths and 27 injuries is something we
incorporated into my company's business continuity plan. (This was from
globalcontinuity.com.)

I also would recommend looking at FEMA's plans, the lessons learned from the New
York power outage in August (from David Honour) and some of the British and
Austrailian emergency preparedness documents. (I can help with citations next
Tuesday if needed.)

I also maintain a few binders of internet stories or articles that contain tips
or information about various facets of business continuity plans. (You never
know when you might need something.) If you haven't started your first binder, I
would recommend starting now.

As some of our E-mail messages have said earlier, it is critical that upper
management buy into your business continuity plans. Without top support, your
plans will have a limited effectiveness.

Unfortunately, there are disasters or other continuity problems throughout the
world on a daily basis. Take some of these and test your company's preparedness
against these disasters. Your plans need to be flexible enough to cover a lot of
situations, yet specific enough to get the recovery done. It is also important
that you have a handle on your personnel issues.

I will read the other responses you receive and give an update next week if you
still need help.  In the meantime, I hope this gives you a few things to think
about and a place to start.

Mary O'Brien
Associate, Business Continuity




>>> cebrooks@... 11/20/03 11:53AM >>>
Hi, I'm a Certified Business Continuity Professional (CBCP) with
Union Pacific Railroad.  My primary responsibility is IT, but I've
just been given the task of setting up a work group recovery plan.
I'm looking for insight on that topic, what are the pitfalls to
avoid, what are some things that might get overlooked. What's the
best way to get the message across to the business units on just
what's involved.  We are planning a kick off meeting, and I'd like to
have some sort of document they can walk away with that will give
them a kick start towards the process.  Any ideas, resources or
documents will be appreciated ... cb

Can you be a bit more specific? I, too, am a CBCP on the way to getting a
MBCP. While I do (we all do) IT/logical security I also specialize in
physical security. Is this an issue for you?
Paul Mangione, CBCP
Principal
Auburn Valley Management Group LLC
    voice: 253-839-3395
        fax: 253-946-9163
mobile: 206-412-0608
e-mail:  paulmangione@...

   -----Original Message-----
   From: ceverettbrooks [mailto:cebrooks@...]
   Sent: Thursday, November 20, 2003 11:54 AM
   To: discussbusinesscontinuity@yahoogroups.com
   Subject: [discussbusinesscontinuity] Business Unit Recovery


   Hi, I'm a Certified Business Continuity Professional (CBCP) with
   Union Pacific Railroad.  My primary responsibility is IT, but I've
   just been given the task of setting up a work group recovery plan.
   I'm looking for insight on that topic, what are the pitfalls to
   avoid, what are some things that might get overlooked. What's the
   best way to get the message across to the business units on just
   what's involved.  We are planning a kick off meeting, and I'd like to
   have some sort of document they can walk away with that will give
   them a kick start towards the process.  Any ideas, resources or
   documents will be appreciated ... cb

Hi Daniel

I work in the UK for a Major Car company and although we we had some
terror from the IRA in the 80's 90's not as bad as Israel of course
this is not what I used to convince the board to get Budget as they
did not believe it could happen to them , I used UK laws as a strong
motivating factor , there is a report called the Turnbull report
search for it on the net & pick up key points

What you have to do is find out what fear they have be they
commercial , environment eg fire flood , loss of computer systems
then try and find examples of what has happened in the business in
recent memory that may have been resolved but caused issues and then
also try and find examples in other businesses that caused serious
results , Create a Powerpoint presentiation and show it to a
friendly director as you need a sponsor

Bhatzlaha

Alan


>
> Daniel Levitats wrote:
> >
> > Hi,
> >
> > I am located in Israel, and you can be sure we are familiar with
terror!
> > I work in a multinational company, and still we have yet to
start a BC
> > initiate.
> >
> > Any thoughts on how to drive this forward?
> >
> > Daniel

Hi, I'm a Certified Business Continuity Professional (CBCP) with
Union Pacific Railroad.  My primary responsibility is IT, but I've
just been given the task of setting up a work group recovery plan.
I'm looking for insight on that topic, what are the pitfalls to
avoid, what are some things that might get overlooked. What's the
best way to get the message across to the business units on just
what's involved.  We are planning a kick off meeting, and I'd like to
have some sort of document they can walk away with that will give
them a kick start towards the process.  Any ideas, resources or
documents will be appreciated ... cb

Daniel,
Step one is to get a "champion of the cause". That means getting the CEO or very
high ranking director to make a declaration that BC will be done and that all
areas of the enterprise are to cooperate with the BC planners.
Good luck!

A J Jenkyn MBE, I.Eng., FIIE, FBCS
Anteon Corporation Project Manager
Business Continuity Management,
Illinois Department of Public Health,
535 W. Jefferson Street,
Springfield  IL  62761
Tel  217 782 4581
Fax 217 785 4309



[Non-text portions of this message have been removed]

Daniel,

Convincing organizations, particularly private-sector companies, to spend
funds on something that they think may never happen is a difficult task.  I
try to explain to them that it is "tangible insurance".  People purchase
insurance (auto, life, health, etc.) all the time, but they hope they never
need it.

The same goes for expending money on a business continuity initiative; we
hope we never need it, but will be glad we have it in the event of a
disaster.  It can even "make" money if a company's BC plan allows them to
get on their feet faster than a competitor after a disaster; they can gain
more customers.  Sounds harsh, but it's true.

I work for the government, so we are going through the whole Continuity of
Operations (COOP) and Continuity of Government (COG) which is 99% the same
as Business Continuity Planning.  It's just that government folks are
finally catching-up after 9/11; sometimes we live behind the curve!

Anyway, the bottom line is:  If you can sell the idea to top management,
the rest is easier.

-Robert Day, MBCI
Hazard Mitigation Planner
Manatee County Comprehensive Planning
      robert.day@...
      (www.co.manatee.fl.us)

Thank you so much for setting up this communication effort.

Ms Michael C Redmond
Enterprise Risk International, C0-CEO

First of all get your senior management involved, get their support. Write
some basic policies and plans. And see management approves that. Make
adjustments as you go. To get management involve prepare  business cases,
generate scenarios and ask "what if" kind of questions. Gather some
statistics, the Internet has lots of articles and show management your
findings.  Better yet if you are in Israel you must have faced business
interruption, take one or two examples and show them cost of not having a
business continuity plans in place. But get them on board first.
Once that is done you need an organization and infrastructure to support
it. (Which you might already have in bits and pieces ...) Well that is
where you start.

I hope this helps.

Thank you.

Devesh Pandit MS, MBCI
Sears, Roebuck and Co.,
Business Continuity Analyst
3333 Beverly Road, AC142-A
Hoffman Estate, IL 60179
847-286-1295 Work
847 286 4797 FAX

We are looking for 40 more consultants internaionally to join our
firm. We currently have sales reps in Latin America, China, Malasia,
Europe.

If you know of anyone who is certified and who is an independent
consultant who would like do work on team projects, please have them
send me their resumes. They can send it to my personal email so I
will personally give the resume the greatest attention.

msmichaelr@...

Thanks

Ms Michael C Redmond
Enterpise Risk Worldwide, Co-CEO

You need to ask the question from the business perspective - what would the
company do if this (pick a critical location) site were unavailable?  It could
be due to a fire, a bomb, etc.  How would your executives respond?  Do they know
what to do?  What would be the impact on your business if you had no operations
for one day?  For 1 week?  There are many stories you can use to make your case.
The key is using terms the business understands and making it as real as
possible for them.

KD

Daniel Levitats wrote:
>
> Hi,
>
> I am located in Israel, and you can be sure we are familiar with terror!
> I work in a multinational company, and still we have yet to start a BC
> initiate.
>
> Any thoughts on how to drive this forward?
>
> Daniel

Hi,

I am located in Israel, and you can be sure we are familiar with terror!
I work in a multinational company, and still we have yet to start a BC
initiate.

Any thoughts on how to drive this forward?

Daniel

-----Original Message-----
From: andrew.h.nayar@...
[mailto:andrew.h.nayar@...]
Sent: Thursday, November 20, 2003 6:38 PM
To: discussbusinesscontinuity@yahoogroups.com
Subject: Re: [discussbusinesscontinuity] BC group just for BCI members?

Morbid as it may be, recent events, such as the terrorism attacks in
Turkey, Saudi etc, should raise the visibility of BC planning within
organisations multinational or otherwise.

I am keen to hear from other BC professionals re. their own organisations'
attitude towards BC, planning, disaster recovery and resilience...
vis-a-vis these incidents.

BRGDS

AHN

----------------------------------------------------------------------------
---------------------
Get the best from British Airways at ba.com
http://www.ba.com

[Non-text portions of this message have been removed]




To unsubscribe from this group, send an email to:
discussbusinesscontinuity-unsubscribe@yahoogroups.com

For more information about the Business Continuity Institute visit
http://www.thebci.org

For the latest business continuity news, jobs and information visit
http://www.continuitycentral.com



Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/



________________________________________________________________________
This email has been scanned for all viruses.

Mercury Interactive Corporation
Optimizing Business Processes to Maximize Business Results

________________________________________________________________________
This email has been scanned for all viruses.

Mercury Interactive Corporation
Optimizing Business Processes to Maximize Business Results

Morbid as it may be, recent events, such as the terrorism attacks in
Turkey, Saudi etc, should raise the visibility of BC planning within
organisations multinational or otherwise.

I am keen to hear from other BC professionals re. their own organisations'
attitude towards BC, planning, disaster recovery and resilience...
vis-a-vis these incidents.

BRGDS

AHN

--------------------------------------------------------------------------------\
-----------------
Get the best from British Airways at ba.com
http://www.ba.com

[Non-text portions of this message have been removed]

I would hope that it will be an all inclusive group vs exclusive.  We have
much to gain if we encourage all Business Continuity professionals to
participate and not limit participation to those with the BCI.


Carol Moffitt
Director Risk Management, Technology & Solutions
BMO Financial Group
100 King Street West, Suite 820
Toronto, Ontario, M5X 1A1

416-867-4845     carol.moffitt@...

Hi Robert,

The group is not just for BCI members - it is for anyone wishing to
discuss the subject with their peers.

New members can join by sending an e-mail to
discussbusinesscontinuity-subscribe@yahoogroups.com

Kind regards

David
(David Honour, joint moderator)


--- In discussbusinesscontinuity@yahoogroups.com, Robert.Day@c...
wrote:

> I'm glad to see the formation of this E-mail group!  Can non-BCI
people
> also join the group?  I'm part of a BCP committee and I think some
of my
> colleagues would be interested.
>
> If it's just for BCI member that's OK too, just let me know one
way or the
> other.  (I posted this question in the group since others may have
the same
> question)
>
> Thanks,
> -Robert Day, MBCI
> Hazard Mitigation Planner
> Manatee County Comprehensive Planning
>      robert.day@c...

Does anyone have experience of using the Zurich Municiples BCP
package for LA's?If yes what are it's pitfalls and how user friendly
have you found it

I'm glad to see the formation of this E-mail group!  Can non-BCI people
also join the group?  I'm part of a BCP committee and I think some of my
colleagues would be interested.

If it's just for BCI member that's OK too, just let me know one way or the
other.  (I posted this question in the group since others may have the same
question)

Thanks,
-Robert Day, MBCI
Hazard Mitigation Planner
Manatee County Comprehensive Planning
      robert.day@...

Welcome to the Business Continuity Management group, a new forum
which will enable professionals involved in business continuity to
discuss the subject and related areas. 'Business continuity
management' is jointly managed and moderated by Continuity Central
and the Business Continuity Institute.

The group is hosted by Yahoo! Groups, and all advertising on
messages has been placed by Yahoo. Neither Continuity Central nor
the Business Continuity Institute have any control over this
advertising and do not offer any endorsement to such adverts.

All group messages are moderated to ensure that the list is not
subject to spamming or other Internet-type abuses.