Volume 2 • Issue 4 April 2005 Global Assuranceeval.veritas.com/mktginfo/products/Misc/High_Availability/fire... · Volume 2 • Issue 4 April 2005 CONTENTS ... Succession Planning

Volume 2 • Issue 4April 2005

CONTENTS

Duke Energy ..............................1

News..........................................4

International News ...................6

Global Assurance Products.......8Succession Planning

Part 1 .......................................11Product Test Lab:

VERITAS...................................12

Product Test Lab:

Grapevine ................................13

15 Handy Tips..........................15

Events Calendar ......................16

CPM Global Assurance is a monthly

subscription-based newsletter. It addresses

the strategic integration of business

continuity, security, emergency management,

risk management, compliance and auditing to

ensure continuity of operations in business and

government — all within the context of good

corporate governance. To subscribe to this

unique resource, please fill out and fax back

the subscription coupon on the back page.

www.ContingencyPlanning.com April 2005 • 1

See subscription

coupon on last page!

GlobalAssurance

Integrating Business Continuity, Security, and Emergency Management

Duke Energy Recognizes theValue of Convergence

CPM is pleased to spotlight work performed by Duke Energy to integrate the disciplines of business continuity, security and crisis management. What better way tounderscore the value of the synergies created by leveraging these disciplines than topresent an example of “convergence in action”?

Following the terrorist events of 9/11/01, Duke Energy, a multi-national company based in Charlotte, North Carolina, recognizedthat as an owner/operator of critical infrastructure assets in gas

pipelines and electricity generation sectors, they needed to validate their owncapabilities. The company quickly established an internal team, called theEnterprise Safety and Security Network (ESSN), to evaluate existing emer-gency/crisis related processes and make appropriate recommendations. Thiscross-functional team, sponsored and endorsed by senior company manage-ment, included representatives from both operating business units as well ascorporate support functions such as security, human resources, public affairs,information technology and safety/health. Following a six-month review, theESSN team provided 42 broad-based improvement recommendations. A keymessage was to focus on what needed to be done, not how to do it.

Launched in October 2001, the ESSN team delivered its recommendations inMarch 2002. By the end of 2002 more than 35 of the recommendations hadbeen implemented. Some key recommendations included:

• Establishing an integrated crisis management structure to support eventescalation between the site, business unit and corporate levels

• Developing a crisis management focus (to supplement strong existingemergency response capabilities in the operating business units)

• Bringing corporate security, business continuity and crisis managementfunctions into one organization to enhance synergies

• Creation of a corporate crisis management program office to provideoverall accountability and direction.

Duke Energy launched its Business Continuity and Crisis ManagementProgram Office in June 2002. The Program Office focused extensively on theintegration of emergency response activities up the management chain, aswell as across the company’s many business units. It was essential to addressneeds identified within individual business units, as well as across the enter-

F

� By Tom Bowman and Michael Mobley

"The empires of thefuture are the empires

of the mind."

- Sir Winston Churchill“ ”

TOM ABRUZZOTAMP Computer Systems

MARC BRADSHAWMarcus Group SecurityBERNARD CHAPPLE

Edward Waters CollegeJOHN COPENHAVER

Marsh Consulting/DRIIRICHARD J. CORCORAN

ConsultantNATHANIEL FORBES

Forbes Calamity ProtectionIAN FOSTER

PA ConsultingELIZABETH GRAVOIS

New York Life InsuranceANDREW HILES

Kingswell InternationalJERRY ISAACSON

MITLARRY KALMIS

The BCIW. MICHAEL KURGAN

SAIC

SANDRA LAMBERT, MBA,CISSPLambert & Associates, LLC/ISSA

KATHY LEE PATTERSONTemple University Health System

PETE PICARILLOPicarillo Consulting

HOWARD PIERPONTIntel Corp.

PETER POWERVisor Consultants Ltd

VALERIE QUIGLEYLawrence Berkeley National

Laboratory/IAEMSCOTT REAM

Virtual CorporationSTEVE ROSS

Deloitte & ToucheGREGG THERKALSEN

EMC Corp.STEVE YATES

TelewestSUSAN YOUNG

AIG

Editorial Advisory Board

Contacts

Witter Publishing20 Commerce Street, Suite 2013

Flemington, NJ 08822Phone 908 788-0343 • Fax 908 788-3782

Editor in Chief: PAUL KIRVAN, ext. [email protected]

Publisher: BOB JOUDANIN, ext. [email protected]

ArtArt Director: MARLENE JAEGER, ext. 116

[email protected]

SubscriptionsCirculation: BRIAN SHAPIRO, ext. 171

[email protected]

ReprintsPR Reprint Marketing, 800 992-7137

[email protected]

WPC ExpositionsDirector: GREGG SGROI, ext. 129

[email protected]

Exposition Manager: KRISTIE O’KEEFE, ext. [email protected]

Associate Expo Manager: COURTNEY WITTER, ext. [email protected]

Exposition Sales/List Rentals: BRAD LEWIS, ext. [email protected]

CorporateCEO: ANDREW WITTER

Director of Finance: ANDREW SMITHManager, Accounting Services: LAURIE VOCKEDirector of Internet Operations: ANDY HAGG

CPM Global Assurance Newsletter (ISSN #1547-8904) is published monthly byWitter Publishing Corporation, 20 Commerce Street, Suite 2013, Flemington, NJ08822. Subscription rates in the U.S. and Canada are $275 per year. All othercountries $350 per year payable in U.S. funds.

“POSTMASTER: Send address changes to: Witter Publishing,20 Commerce Street, Suite 2013, Flemington, NJ 08822”

© Entire contents copyright 2005. No portion of this publication may be repro-duced in any form without written permission of the publisher. Views expressedby the bylined contributors and sources cited should not be construed as reflect-ing the opinions and/or advice of this publication. Publication of product/serviceinformation should not be deemed as a recommendation by the publisher.Editorial contributions are accepted from the contingency planning community.Contact the editor for details. Product/service information should be submittedin accordance with guidelines available from the editor. Editorial closing date istwo months prior to the month of publication.Witter Publishing Corp. (WPC) publishes CPM Global Assurance, Flow Control,MicroTec and CleanTech and sponsors the CPM trade shows.Printed in the USA

2 • April 2005 CPM Global Assurance

Duke Energy

prise. Standardized alert levels, response thresholds and notification criteriawere established. Duke Energy adopted the federal Department ofHomeland Security’s five-level alert model and established a common lan-guage for crisis response. The corporate policy regarding crisis manage-ment and business continuity was updated to expand the scope of businesscontinuity and to incorporate crisis management as a corporate accounta-bility. Via the revised policy, the Program Office became responsible forestablishing guidelines and program criteria; business units were account-able for implementing processes in accordance with these elements.Additionally, the Program Office developed a program document that fur-ther delineated the program’s guidelines and accountabilities. Once again,the focus was on the “what” rather than the “how” to allow business unitsto implement elements applicable and appropriate for the nature of theiroperations.

Among the challenges for the Program Office was establishing procedur-al commonality across the enterprise. This challenge was addressed byestablishing an integrated crisis management structure to support eventescalation between the site, business unit and corporate levels. Emergencyresponse efforts are handled at the lowest organizational level possible.Escalation of response actions is dependent upon the severity of the eventand its impact to the company’s operational capabilities, financial health orreputation. A three-tiered approach is used to address incidents and crises:

• Site Emergency Response Teams – First-response focused, dealing withoperational emergency responses at specific sites, with 10% of theirefforts involving response planning. Teams are comprised of site supervision and local resources.

• Business Unit Crisis Management Teams – Manage the business unit’sresponse actions and business continuity issues; facilitate oversight ofoperational responses and integration with corporate crisis manage-ment activities. Teams are led by senior business unit leaders and rep-resentatives from key functional support organizations (public affairs,human resources, environment/safety/health, etc.)

• Enterprise Crisis Operations Center (ECOC) Team – Provides overallcoordination, strategic planning and mitigation recommendations, notoperational oversight. A senior executive leads this team, whichincludes representatives from key corporate support organizations(public affairs, human resources, environment/safety/health, security, finance, legal, purchasing, and facilities). The Program Officedevelops and executes processes supporting the ECOC team.

This tiered structure works well, because it involves input and supportfrom all levels of operations and helps ensure aligned objectives.

The Program Office identified and pre-selected business unit crisisresponse contacts. These individuals, generally vice president level, arecontacted first during a crisis and are authorized to approve team activa-tion or other designated actions. Backup team members are designated inthe absence of primary contacts. Cross training among team membersensures the availability of trained backup staff.

Integrating the DisciplinesOne of the most significant initial activities was the integration of sepa-

rate functions into a more tightly structured organization. Specifically, thebusiness continuity, crisis management and corporate security (e.g., physi-cal security, background screening) functions were placed into a neworganization called Continuity, Insurance and Security Services (CISS).Information security remained within the IT department. The following

Duke Energy


are additional initiatives the company put into place. • The CISS organization is aligned with the company’s

risk management department and reports to theChief Risk Officer.

• Lessons learned from exercises and post-incidentreviews are shared among crisis management teams.

• The Program Office held a summit conference in 2004for business unit crisis management leaders to dis-cuss crisis management topics.

• Numerous intelligence sources are regularly moni-tored for early indications of possible activity thatcould impact the company.

• The company identified key operating assets andprocesses within business units and across the enter-prise that are either critical (absolutely necessary) oressential (very important); they are reviewed forbusiness continuity and crisis management plans aswell as for security and insurance purposes.

• The processing of requests for sensitive informationhas been standardized; these typically includeinquiries from the Department of Homeland Security,FBI, or Transportation Security Administration (TSA).

• Training, especially in crisis management leadershipskills, is an important initiative during 2005.

• The company uses the Incident Command System(ICS) as one of our crisis management models.

• Efforts are underway to use an Internet-based virtualemergency operations center application as part ofthe crisis response process.

• Business units are exploring new automated emer-gency notification systems.

• Crisis management processes are validated throughexercises ranging from tabletop scenario discussionsto full-scale activations involving multiple organiza-tional levels.

The strength of Duke Energy’s approach to crisis man-agement was recently validated in an evaluation byKPMG of the company’s business continuity (BC) andcrisis management (CM) programs.

Summary As Duke Energy’s Crisis Management Program Office

approaches its third year, significant progress has beenmade, including:

• A dedicated resource that focuses solely on crisismanagement planning, mitigation, strategy and bestpractices;

• A vastly improved notification response and integra-tion process;

• An improved understanding of accountabilities andrelationships relative to crisis management planningand response;

• A methodology to address monitoring of “creepingcrisis” elements;

• Integration of strategy and mitigation planning intoresponse efforts;

• Broad-based consistency in crisis management plan-ning and response.

The convergence of business unit and corporate crisismanagement processes has evolved over the last threeyears. Initial issues of business unit autonomy, organiza-tional “silo” mentality and integration of roles have beenironed out through valuable validation exercises. Thefocus remains on the “what”, not the “how”, of futureneeds and this strategy continues to be successful. Crisismanagement and business continuity are becoming morefirmly embedded in the company’s culture. Emergencynotification and response processes have improved to thepoint where crisis management teams convene within 20minutes of most incidents. Team members throughoutthe company have developed a strong understanding oftheir roles and responsibilities. The value of the compa-ny’s integrated crisis management structure has beentested and proved through activation during several realevents. As a result, synergies and consistency inapproach have strengthened the corporation’s emergencyand crisis response capabilities. �

About the AuthorsTom Bowman is Managing Director of Business

Continuity and Crisis Management for Duke Energy;Michael Mobley is Manager of Crisis Management.www.Duke-Energy.com

INTRODUCINGTHE NEW CPMDICTIONARY!

Now, the Business Continuity, Security and EmergencyManagement professions finally have a source of terminology and acronyms all their own.

With over 2500 listings, the CPM Dictionary is the tool for effectiveplanning and management of these critical professional practices.Order yours today - in fact, order several for your colleagues. At only$34.95 each, it’s a great investment in your professional development.

www.contingencyplanning.com/tools/resources

News


Strohl SystemsAnnounces JointMarketing Deal withGalaxyPlusStrohl Systems (King of Prussia, PA)recently unveiled a joint marketingagreement with GalaxyPlus (Troy, MI),a provider of information technologyservices to credit unions. Under theagreement, GalaxyPlus will marketand sell to its credit union customersStrohl’s PLANet, an online businesscontinuity planning tool designedspecifically for credit unions. TheCredit Union National Association(CUNA) and other financial organiza-tions endorse PLANet. www.strohlsys-tems.com; www.galaxyplus.com

... And Announces TomRidge as 2006 UGCKeynote Speaker Strohl Systems also announced thatformer Secretary of the Department ofHomeland Security Tom Ridge willkeynote Strohl’s Annual InternationalUser Group Conference at the JWMarriott Grande Lakes in Orlando,Fla. on April 10, 2006. “SecretaryRidge has been the leading advocateof and expert on preparedness in theprivate and public sector,” said BrianTurley, president of Strohl Systems.“His unique insights on business con-tinuity and emergency response willprove to be invaluable to our users.”

easyJet SelectsMissionMode forEmergencyCommunicationseasyJet, a low-cost airline companybased in the U.K., recently selectedMissionMode Solutions (Oakdale,MN) for rapid communications andincident management. WithMissionMode, operations staff andsenior management will be keptinformed of the global status ofeasyJet via timely and secure commu-nications between its Flight NetworkOperations Center and other opera-

tional units. Any situation requiringescalation can be quickly initiatedusing MissionMode’s multi-channelcollaboration features, which supportwireline and wireless phones, shortmessage service, fax, pager, and theWeb. Senior management and emer-gency response personnel can thenaccess relevant information such asbusiness continuity plans, while moni-toring incident management progressand collaborating in real-time withcolleagues. www.missionmode.com;www.easyjet.com

Websense® SecurityLabs™ Issues FirstSemi-Annual WebSecurity Trends ReportWebsense, Inc. (San Diego, CA), aprovider of employee internet man-agement solutions, recentlyannounced that Websense® SecurityLabs™ issued its first semi-annual2004 Web Security Trends Report.Websense Security Labs researchesadvanced internet threats, focusing onmalicious websites, phishing, andother emerging threats associated withspyware, keylogging, and instant messaging (IM) and peer-to-peer (P2P)use. Websense Security Labs deliverstimely product and informationupdates to the security communityand Websense customers to supportthem in making their infrastructuremore secure. Among the areas ana-lyzed were malicious websites andphishing and fraud-based websites.www.websense.com To view the fullreport, visit: http://www.websensesecuritylabs.com/resource/WebsenseSecurityLabs20042H_Report.pdf

Lakeview TechnologyAnd Stratum Global Join Forces Lakeview Technology (OakbrookTerrace, IL) Lakeview, a developer ofinformation infrastructure software,recently announced a partnership withStratum Global (Littleton, CO), a soft-ware solutions company and systems

integrator that develops and marketsRadio Frequency Identification (RFID)solutions for various platforms andapplications. The relationship linksinformation availability solutions andRFID technologies to provide real-time, on demand access to criticalapplications and information.Industries such as manufacturing, distribution, retail, healthcare – eventhe government — are being asked bysuppliers to adopt RFID at a recordsetting pace. The technology also isbecoming a more popular alternativeto the bar code system in the U.S.RFID allows businesses to processinformation faster, easier and at muchless cost than traditional manualmethods. www.lakeviewtech.com;www.stratumglobal.com

Study: Service ProvidersBanking on IntegratedSecurity ServicesAccording to a new study releasedby Infonetics Research (San Jose,CA), North American, European, andAsian service providers that sellmanaged VPNs and security servicesplan to invest heavily in integratedservices in 2005, with most combin-ing five or six different technologiesinto a single service, led by firewall,content filtering, and VPN. Thestudy, Service Provider Plans for VPNsand Security 2005, found that NorthAmerican and Asian Pacificproviders get the bulk of their rev-enue from integrated services, whileEuropean providers get the bulk ofrevenue from standalone services.Integrated products that enable inte-grated services allow providers toeasily add high-margin revenue, soit’s not surprising that providers inall three regions plan to invest morein integrated services. The study isdesigned to help product manufac-turers understand the state of man-aged security and VPN services andthe opportunities to sell to providersserving these markets. For moredetails, go to www.info.infonetics.com

College ImprovesSecurity Using IP-Based VideoSurveillance Campus crime is a major detriment tothe educational environment for stu-dents, teachers and administratorsalike in terms of personal safety andthe drained resources that ultimatelydetract from the educational budget.Southwest Tennessee CommunityCollege (Memphis, TN) had its shareof such challenges, especially with itsmajor metropolitan location, includ-ing destruction of property throughvandalism and gang graffiti, false firealarms, disorderly conduct, theft fromthe buildings and auto theft, stolenbooks and computers, and communi-ty vagrants. Dynamark SecurityCenters (Hagerstown, MD) designedand installed a video surveillancesystem utilizing Milestone XProtectIP video surveillance software thatmanages 105 cameras including SonyPan/Tilt/Zoom and Panasonic mod-els. Over 80 more cameras will beadded at another location, and newcampus sites are planned for furtherexpansion. www.milestonesys.com;www.dynamarkusa.com

Belmont, MA SelectsMessageOne Alertfind Service The Local Emergency PlanningCommittee of Belmont, MA recentlyannounced selection of MessageOne’s(Austin, TX) AlertFind service to helptown leaders rapidly broadcast notifi-cation of critical information to itsselect residents in the event of anemergency situation. AlertFind pro-vides immediate communications totown personnel and its 24,000 resi-dents about urgent issues, such aspublic health updates related to thechemical plating company located ina densely populated neighborhood.www.messageone.com

ACP Announces NewJersey ChapterThe Association of ContingencyPlanners (ACP), the nation’s largestorganization for business continuityprofessionals, recently announced itsnewest chapter in New Jersey. TheGarden State Chapter provides net-working, educational, and profession-al development services to the rapid-ly growing number of business conti-nuity professionals in central andnorthern New Jersey. www.acp-international.com

DSPN Announces New ExercisePresentation ServiceDisaster Survival Planning Network(Camarillo, CA) has announced anew exercise presentation servicecalled Act 1. Designed as a cost-effec-tive method for strengthening busi-ness continuity programs, this servicedelivers a half-day exercise presenta-tion at the client’s site, based on theclient’s plan, and tailored for a partic-ular response team. Act 1 is availablein two exercise formats, Tabletop,which is most appropriate for corpo-rate leadership teams or for businessunits that have little or no exerciseexperience, and Functional, which isdesigned for organizations withmature plans and for response teamswith prior exercise experience.Pricing for an Act 1 exercise starts at$5500 plus consultant travel.www.dspnetwork.com

Environmental TectonicsAnnounces SouthKorean Contract Environmental Tectonics Corporation(Southampton, PA) was recentlyselected by the South KoreanNational Fire Academy (NFSA) toprovide a virtual reality-basedAdvanced Disaster ManagementSimulator (ADMS) system for train-ing firefighters in South Korea.ADMS provides interactive, real-time

training to entire teams of students,all working within the same scenario,a proven method of promoting coor-dination among and between fire-res-cue teams and other response agen-cies. The ADMS system will beinstalled at the NFSA in Cheonan,South Korea in December, 2005. Itwill consist of a 200 square mile geo-typical visual environment, allowingtraining in structural firefighting(from small complex buildings tomajor high-rise and industrial fires),hazardous material incidents, andmajor road traffic accidents. ETC’sadvanced Scenario Generator willallow the NFSA to develop an unlim-ited number of training scenarios,from small, simple incidents to majormass-casualty disasters. ADMS isnow in use at several major firefight-ing and emergency response trainingfacilities worldwide, as well as in sev-eral major U.S. Airports.www.ADMSTraining.com

Vision Solutions ToAcquire OS SolutionsVision Solutions (Irvine, CA), whichmanufactures the eServer HighAvailability product line, recentlyannounced that it will acquireManchester U.K.-based OS Solutions,a provider of advanced systems man-agement, disk and data optimizationand SMB High Availability for theiSeries market. The acquisition addscomplementary products based onleading edge technology as well asnew distribution channels for Vision.The new solution line up will extendVision’s industry leading ORION™solution offerings with a new, pureremote journaling based high avail-ability offering as well as market-proven tools and solutions to bettermanage data and disk resources, opti-mize system performance and man-age archiving and database reorgani-zations; functionality which is criticalto any enterprise. No other vendorcan deliver such a complete solutionset offering autonomic functionality

News


The BCI Announces Results of BC Awareness SurveyDuring the recent Business Continuity Awareness Week inLondon, and during the Business Continuity Expo heldthat same week, the Business Continuity Institute (BCI)and IMP Events, developers of the conference, announcedresults of the BCI’s annual business continuity awarenesssurvey. Carried out by Rosslyn Research Ltd, a marketresearch company, the project examined attitudes towardsbusiness continuity management using a quantitative pro-gram backed up by in-depth interviews. 251 interviewswere completed during January and February 2005.Among the key findings were:• Nearly 70% of the companies surveyed have business

continuity plans in place; it grows to over 80% in thefinancial and retail sectors.

• Where an organization has business continuity manage-ment in place almost 60% of development and mainte-nance is carried out at Board level.

• 27% of organizations have dedicated business continuitypersonnel.

• Business continuity management has emerged with aclear identity as a wide-ranging management disciplineand is no longer synonymous with disaster recovery.

• Telecommunications protection is almost always a blindspot in the planning efforts of many businesses. If askedto think of something adverse happening to their busi-ness, very few people spontaneously think of telecomfailures. But when directly asked, nearly all

acknowledge that it’s one of the most serious threats of all.• Over two-thirds of the companies surveyed do not out-

source any of their core business activities. 18% out-source at least some of their IT, which is by far the mostcommon area for outsourcing. However, only 27% offirms actually involve themselves in helping their suppli-ers to develop a business continuity management planand get involved in plan exercises. Too many companiesare vulnerable to a failure in their supply chain.

• Only 16% of companies have a business continuity strat-egy designed to protect the company’s reputation.

Business Continuity AwarenessRaising: Taking It To The Next Level According to David Honour, editor of Continuity Central,various statistical and anecdotal evidence points to anincrease in the awareness of business continuity, especiallyamong larger companies. Honour offered some support-ing evidence for the above claim:• A recent Chartered Management Institute survey, fea-

tured in Continuity Central, found that the number offirms with a business continuity plan covering their criti-cal business activities stands at 51 percent, compared to47 percent in 2004, 46 percent in 2003 and 45 percent in2002.

• In the fifth annual survey of business continuity profes-sionals conducted by Deloitte & Touche LLP and CPMGlobal Assurance, 50 percent of respondents were foundto have implemented enterprise-wide business continu-ity and disaster recovery plans. This figure was up 20percent from five years ago.

• A Millward Brown IntelliQuest study found that improv-ing business continuity management is the third highest

integrated into high availability.www.visionsolutions.com; www.oss-worldwide.com

nFrame Receives 2004Roche IT SupplierAwardnFrame, Inc. (Indianapolis, IN), atechnology services company thathelps organizations achieve businesscontinuity through a combination ofsecure server hosting, business-classInternet connectivity, professionalmanaged services and alternateworksite solutions, recentlyannounced that it was named RocheDiagnostics’ “Information TechnologySupplier of the Year for 2004.” Theaward recognizes companies that

demonstrate exemplary performancein the areas of customer focus, quali-ty, teamwork, cost and innovation.Since 2002, nFrame has providedRoche Diagnostics Corporation(Indianapolis, IN) with a variety ofprofessional technology services.www.nframe.com

Hitachi Data SystemsTo Resell CNT UltranetMulti-Service Director CNT (Minneapolis, MN), a providerof storage networking solutions, hasannounced that Hitachi Data Systems(Santa Clara, CA) will resell itsUltraNet Multi-Service Director(UMD), a storage networking infra-structure platform. The CNT agree-

ment ensures that Hitachi DataSystems enterprise customers cannow implement scalable, high per-formance storage solutions that meettheir dynamic business and ITrequirements, including tiered stor-age and Data Lifecycle Management.HDS is already a worldwide resellerof CNT’s extension products, theUltraNet Storage Director - eXtended and UltraNet Edge StorageRouter. With the addition of theUMD to the existing reseller agree-ment, Hitachi Data Systems nowsupplies CNTs full portfolio of busi-ness continuity, disaster recovery andSAN switching and SAN consolida-tion products on a global basis.www.cnt.com; www.hds.com �

News • International News


International News � www.continuitycentral.com

priority for U.S. businesses. • An IDC survey found that only 33 percent of Irish busi-

nesses did not have a business continuity program inplace; 57 percent felt that this situation would change inthe foreseeable future.

• An IDC survey of U.S. businesses found that increases inIT spending on security and business continuity wereobserved at 59 percent of organizations in the last 12months.

• Increasing amount of BC regulatory activity observedglobally in the past 12 months.

• Growth in standards and best practice guidance that hasoccurred recently.

Bahrain-Based Batelco Building Safe Data Center In Bahrain, Batelco, a telecommunications serviceprovider, is building a multi-million-dollar secure datacenter where customers can store vital information. Thenew data facility will be operational by year-end 2005,and will offer customers secure off-site data storage andrecovery facilities, complete with national and interna-tional connectivity. Batelco’s data center will have 2,000square meters of floor space, and will let business cus-tomers host their own equipment and electronic recordswithin a secure, environmentally controlled, fire-safefacility with 24x7 access. The facility is being targeted atfinancial, government, and international firms, rangingfrom small to large in size, and will incorporate networkservices provided by Cable & Wireless.www.batelco.com.bh

IDC Advises Holistic Approach toSecurity and BC in AsiaSecurity and business continuity continue to be among thehottest issues facing enterprises worldwide, according toIDC. A well-thought-out business continuity strategy ismeasured by its technical response as well as the competen-cy and capability of its management to deliver a soundbusiness response, according to IDC. Building a secure, reli-able and resilient IT infrastructure is only one facet of busi-ness continuity. In addition to disaster recovery, risk man-agement, and security elements, a well-defined businesscontinuity strategy should also include components fromfacilities management, supply chain management, crisismanagement and communications, health and safety, quali-ty management and knowledge management. This holisticapproach will ensure that the IT infrastructure can supporta CIOs’ timely response to a business incident. IDC’srecent Continuum 2004 survey of Asian enterprises foundthat despite the increased awareness of business continuityas a concept for the CIOs, the actual implementation in theregion remains at a nascent stage. For example, disasterrecovery solutions, an important aspect of business conti-nuity, are yet to be accepted by Asian enterprises. Most

enterprises in the region still take for granted the day-to-day running of communication networks and assume theyare available 24 x 7, 365 days a year. www.idc.com

TeleCity and MSI Expand European ReachTeleCity (London, UK), a European provider of manageddata center services, recently announced a renewed andexpanded agreement with ManagedStorage International,(Broomfield, CO), a provider of data protection solutionsand a subsidiary of Incentra Solutions Inc. (Boulder, CO),to deliver a portfolio of data protection services to its cus-tomers across Europe. Under the agreement, MSI will con-tinue to enable TeleCity to provide backup and restorationservices from its London data center while expanding serv-ices to TeleCity facilities in Amsterdam, Paris andFrankfurt. MSI will install and manage the additional dataprotection infrastructure that help TeleCity provide a man-aged backup service to existing and new hosting cus-tomers. Through its relationship with MSI, TeleCity willmarket and sell MSI’s enhanced backup and restore servicethrough its existing sales channels as part of its managedservices portfolio, offering customers a fully-managedback-up solution to their onsite and offsite data protectionneeds. TeleCity customers can choose a fully guaranteedservice for a monthly service fee allowing them to havefull control to protect and recover lost files within a simplepricing structure.www.telecity.com; www.managedstorage.com

SunGard UK Launches New BC Software ToolSunGard Availability Services (London, UK) recentlyunveiled Paragon, a business continuity managementsoftware tool which will provide firms with the func-tionality needed to handle multiple incidents and priori-tize communication channels during a crisis. Called a“next generation software tool designed to help organi-zations maximize their information availability strate-gies,” Paragon provides a complete solution encompass-ing ongoing business impact analysis, business continu-ity planning and recovery strategies based on differentwhat if scenarios. It also incorporates a two-way com-munication tool, helping to ensure that all departmentscan keep in touch with each other at time of disaster.www.sungard.co.uk

VERITAS Launches EMEA BC Consultancy VERITAS Software (Mountain View, CA) launched its newEMEA business continuity consulting practice duringLondon’s Business Continuity Expo, held March 16-17.Chris Frampton, currently practice lead of VERITAS EMEAand previously EMEA Vice President of BusinessDevelopment at Marsh, will lead the new consultancy.

International News


International News • Global Assurance Products


Recent Business ContinuityAcquisitionsThree significant acquisitions have been made recently inthe European business continuity market. Hewlett-Packardhas bought Schlumberger Business Continuity ServicesIreland; UK-based Adam Continuity has been sold toCenterprise; and SunGard has acquired Vivista.

• Schlumberger Business Continuity Services Ireland Hewlett-Packard has acquired Schlumberger BusinessContinuity Services Ireland for an undisclosed sum. Thecompany offers disaster recovery services and work arearecovery in Ireland, with seven recovery centers acrossthe country. Earlier, IBM had been denied permission bythe Irish competition authority to acquire the companywhen it acquired the rest of Schlumberger BusinessContinuity Services last year. www.hp.com

• Adam Continuity Berkshire (UK) based Adam Continuity (registered as The Continuity Group Limited) has been bought byCenterprise International, one of the UK’s largest inde-pendent computer manufacturers. Adam Continuity provides disaster recovery, high availability and businesscontinuity solutions, specializing in ship-and-drop DR.The purchase price was not disclosed.www.centerprise.co.uk

• SunGard Buys Vivista for £100m SunGard’s Higher Education and Public Sector Systemsdivision acquired Vivista Holdings Ltd. to gain a solidposition in the UK public sector, as Vivista has stronglinks with the UK government and its police forces. Thetransaction was estimated at just over £100m.www.vivista.co.uk

Milestone Systems UnveilsXProtect Enterprise 5.5 XProtect Enterprise (XPE) is the high-end offering fromMilestone Systems (Copenhagen, Denmark), a provider ofIP-based video surveillance software. Delivered with a 16-channel Remote Client that is useful in remote access, andan option to add a PDA Client for mobile viewing, XProtectEnterprise is targeted at the security market. XProtectEnterprise 5.5 supports both MJPEG and MPEG4 from lead-ing IP camera manufacturers, Smart Search, creation ofmanual event buttons, on-the-fly configuration changeswhile recording, and audit trails of user actions by time,location and camera. XProtect Enterprise is sold by certi-fied Milestone partners in 52 countries. The product runson single or multiple CPU systems with MicrosoftWindows 2000 Pro, 2000 Server, XP Pro, or 2003 Server. Itcan be sold with flexible multi-site licenses and any numberof cameras, with support for the widest choice in IP hard-ware. www.milestonesys.com

Tachyon Expands Global SatelliteBroadband Services Tachyon Networks Inc. (Vienna, VA), which provides carri-er-grade satellite broadband solutions to multinationalenterprises and government agencies, recently announcedthat it is expanding the delivery of its IP-based satellitebroadband access services to Asia, the Pacific Rim, LatinAmerica and Africa during 2005. The company alreadyprovides access to telecommunications service providersand customers in North America, Europe, the Middle East,North Africa and Mexico. The company has already startedthe build-out of the necessary hubs and teleports to supportits global coverage strategy and has begun acquiring addi-tional satellite bandwidth to support the move. www.tachyon.net �

GLOBAL ASSURANCE PRODUCTSMIR3 Launches inTechCenter MIR3 (San Diego, CA), a provider of emergency notifica-tion solutions, recently announced availability ofinTechCenter, a service that automatically notifies man-agers and key IT personnel, in real-time, about criticalapplication and system failures that could potentiallythreaten operational uptime and business continuity.Using inTechCenter is claimed to increase efficiency anddecrease downtime of Network Operations Centers(NOCs), call centers and help desk operations.inTechCenter can be configured so that system and net-work errors automatically trigger alerts to IT staff aboutsystem outages. Notifications can be sent to designatedIT personnel on any device including landline telephone,

cell phone, email, pager, Blackberry, SMS, fax and satel-lite phone. The service is now available in both installedand hosted versions; pricing starts at $9,875.http://www.mir3.com

New Ecora Audit Software Simplifies SOX ComplianceEcora Software (Portsmouth, NH), a provider of configu-ration management software, has announced the latestversion of its Enterprise Auditor software suite. The newproduct includes a Sarbanes-Oxley (SOX) Report Packthat helps IT staffs simplify the preparation of documentsto prove compliance with SOX mandates in an ongoingand timely manner. The SOX Report Pack gives users aworking template of IT internal controls and automates

Global Assurance Products


data collection and reporting. The SOX Report Packincludes more than 25 reports that can be used to test ITcontrols and demonstrate compliance. The latest versionof Enterprise Auditor also offers modules that collecthundreds of configuration settings specifically for each ofthe platforms it supports. It also has an updated LotusDomino module that provides easy access to reports, aswell as automatic alerting and archival capabilities. Italso has a change tracking capability that reports onchanges to all supported platforms. The EnterpriseAuditor suite with SOX Report Pack is available now,and costs $995 per server. www.ecora.com

Announcements from XRoads Networks XRoads Networks, Inc. (Irvine, CA), a provider of net-work continuity solutions for the small/medium busi-ness and enterprise markets, recently unveiled its newbandwidth management product line. Designed on thefirm’s XOS (XRoads Operating System) that has band-width management capabilities similar to Packteer andAllot, the new bandwidth management solution supportsthe firm’s EdgePRO and Edge2WAN series appliances.The new bandwidth management system is availablethrough Xroads’ OEM channels. Pricing for theEdge2WAN Bandwidth Manager starts at $1995. Thecompany also announced a major initiative to beginoffering OEM versions of the EdgeApp XOS product line,including VPN/Firewall XOS, WAN Manager XOS, andBandwidth Manager XOS, to international distributors.www.XRoadsNetworks.com

NextWeb Picks XRoads Products For Business Assurance ServiceNextWeb (Fremont, CA), California’s largest fixed wire-less Internet service provider for business, recentlyunveiled NextWeb ConT1nuity Business AssuranceService, an Internet service that combines wireless andwireline connections using an edge device called theNextWeb ConT1nuity Router, which is provided byXRoads Networks.(Irvine, CA). XRoads also provides itsEdge2WAN network redundancy and load balancingappliance for NextWeb’s ConT1uity service.www.XRoadsNetworks.com; www.nextweb.net

Amacom Launches High Security Portable Storage DeviceAmacom Technologies U.S. Ltd. (Atherton, CA), aprovider of mobile data storage devices, has launched itsnew range of high security portable hard drives. The newEncryp2disk comes with a choice of up to 192-bit hard-ware encryption plus two secure keys to eliminate theneed to remember complicated passwords. TheEncryp2disk will encrypt and decrypt an entire harddrive volume, including boot sector, temp files, swap files

and the operating system with real time performance andis totally transparent. As it encrypts everything with nospeed degradation, data and/or credentials can be leftunprotected on the hard drive and there is no need toestablish an encrypted folder. Encryp2disks are availablein two types: the 2.5” drive with a capacity of up to100GB is light in weight and portable; the larger 3.5”drive offers a maximum capacity of up to 400GB and fea-tures a vertical stand to fit on desks. Encryp2disks areavailable with varying levels of encryption with 40-, 64-, 128- and 192-bit key lengths for increasing levels ofprotection. Prices start at $189 for 40GB 2.5” USB2 with40-bit H/W encryption. www.amacom-tech.com

VIT Unwraps New Under-Vehicle Surveillance System Vehicle Inspection Technologies (Sterling, VA), a securityproducts manufacturing firm, recently announced initialdeliveries of their Und-Aware™ UVSS 400 Series productto the Kingdom of Saudi Arabia (KSA). The new productline will be shown at the Force Protection EquipmentDemonstration (FPED), May 9-11 in Quantico, VA. One ofthe system’s useful features for Saudi Arabia isAirWash™, a lens-cleaning system that removes the ever-present blowing dust and sand from cameras and lights,allowing clear vehicle inspection no matter what theweather. www.Und-Aware.com

New EH&S Reporting System From ESSTier II reporting and organizational compliance bench-marking have been enhanced with Essential Suite™(Version 6.1) software, the latest release of ESS’s (Tempe,AZ) enterprise-level Environmental, Health & Safety(EH&S) and crisis management software. Two modules,Essential Chemical Inventory™ and EssentialCompliance Manager™, contain key enhancements thatimprove organizational workflow and chemical invento-ry management. Other enhancements include improvedsoftware and user security features and browser searchcapabilities. www.ess-home.com

Emerson Unveils Liebert GXT2-500 UPSEmerson Network Power (Columbus, OH) recently intro-duced the Liebert GXT2-500 UPS, one of the smallestrated UPSs using true online technology. The LiebertGXT2-500 extends the GXT family of online UPS down to500VA and is designed for applications with low powerrequirements but high criticality, such as gateway routers,firewall or VPN concentrators in IP telephony applica-tions. Online UPSs, also known as double conversionsystems, convert incoming AC power to DC and thenback to AC within the UPS, creating a clean, consistentwaveform while completely isolating sensitive electronicsfrom incoming power source disturbances. With theintroduction of the Liebert GXT2-500, the GXT family of

Global Assurance Products


GLOBAL ASSURANCE PRODUCTSonline UPS now provides the widest range of power pro-tection ranging from 500VA to 10,000VA. Pricing for theLiebert GXT2-500R120 UPS starts at $460.www.liebert.com; www.gotoemerson.com

Neverfail Announces Latest Application Module eXtension Product The Neverfail Group (Austin, TX), a data protection soft-ware company that provides high application availabilityand disaster recovery solutions, recently announced thelatest additions to its “out of the box” ApplicationModule eXtension (AMX) product line. The latest AMXintroductions include protection for GFI Software Ltd’sMailEssentials, a spam-fighting auxiliary application forsupporting Exchange 2000/2003 and Antigen, SybariSoftware’s auxiliary application to fight spam and virusesin Instant Messaging Version 7.5. www.neverfailgroup.com

Controlled Power Launches NewEmergency Lighting InverterControlled Power Company (Troy, MI), which manufac-tures electrical power conditioning products, recentlyintroduced its Model ELN centralized emergency lighting inverter. Meeting the NFPA 101 and NFPA 111standards, the ELN is considered Life Safety Equipment.The unit provides uninterrupted, regulated, continuoussinewave output for use with “normally on” lighting fix-tures and exit lamps, as well as standby output foruse with “normally off” emergency lighting fixtures. It isalso generator-compatible. With a front-access designand a small footprint, the ELN is suited for wall- or floor-mounted installations, and is available in 550W to 1500Wsingle phase sizes. www.controlledpwr.com

Luminex Announces Virtual|Blue™ 3490 Tape Library ProductLuminex Software, Inc. (Riverside, CA), a manufacturerof mainframe connectivity and storage products, recentlyunveiled its Virtual|BLUE 3490 mainframe tape librarystorage system. Virtual|BLUE 3490 lets mainframe cus-tomers directly use tape drives and libraries from majorindustry vendors and supports industry-standard prod-ucts including the latest LTO and DLT technologies.Virtual|BLUE 3490 is based on Luminex’s ExtensibleArchitecture Platform (LEAP), a Service-Oriented-Architecture (SOA) based storage product.www.luminex.com

PPM 2000 Unveils Irims® Version 7.0 PPM 2000 Inc. (Edmonton, AB, Canada), a provider ofincident management software solutions, recently intro-duced its latest version of IRIMS® – Version 7.0 – which

combines new features with enhanced functionality.www.ppm2000.com.

New Distribution Deal for ARAID SystemsNewegg.com® (Des Moines, IA), and AccordanceSystems (Des Moines, IA) recently announced a sales andmarketing agreement to distribute Accordance ARAID™

RAID storage products solutions at Newegg.com.ARAID storage products include internal and externalRAID devices that are easily installed in computers without requiring any additional software or hardware.ARAID products maintain redundant images on twohard drives at all times. In the event of a hard disk fail-ure, ARAID automatically switches to the surviving drivewithout computer interruption. The user is notified of thefailure so the bad drive can be replaced as soon as possi-ble. Newegg.com will be selling ARAID 1000L, 1500,2000 and M100 internal IDE and SATA models on its website. ARAID pricing starts at $360 for the ARAID 1000LIDE RAID controller. www.newegg.com; www.accordance.com

PowerSurge Announces New Hosting and Support Network PowerSurge Technologies (Independence, IA), a sharedweb hosting company, recently announced the additionof a new, state-of-the-art hosting and support network.The new server cluster network offers high levels of secu-rity and dependability. Servers are made from true serv-er-class components and feature dual Intel Xeon or AMDOpteron processors, a minimum of 2GB of RAM in allservers with some of them offering as much as 4 or 8GB.The firm built a cluster solution that is load-balanced topto bottom. If any single server goes offline for mainte-nance, hardware failure or any other reason, client websites and email continue to stay online and functional.http://www.powersurge.net

New Service Can Help Identity Theft VictimsWorldwide Assistance Services Inc. (Washington, DC)offers ID Theft Assist, a service that helps combat thegrowing problem of identity theft. ID Theft Assist givescustomers the ability to make one call and receive infor-mation about whether an identity theft has occurred dueto a security breach and if there has, they have access toan experienced advocate able to help the customer repairthe damage. ID Theft Assist is a subscription service.Customers must be enrolled prior to an incident toreceive service. The service has been in operation over ayear, and has an emergency service center in the offices ofWorldwide Assistance in Washington, DC. www.idtheftassist.com

Succession Planning


StrategicSuccessionPlanning: AnOverlookedCompetitiveAdvantage (Part 1)� By Sherri McArdle and

Jim Ramerman

CPM strongly advocates the importance ofsuccession planning as part of the businesscontinuity process. Regrettably, it is toooften overlooked – until it is too late. In this,the first of a two-part series, Sherri McArdleand Jim Ramerman acknowledge the factthat companies need to think about succes-sion planning as a strategic activity, and torecognize the need to identify and groomcandidates for future senior positions.

Ask most CEOs whether they thinksuccession planning for their jobs isimportant and you will hear aresounding chorus of “yes.” This istrue except, of course, for those whothink:

• They are going to live forever; • No one could possibly take their

place; or • If they procrastinate long enough,

the problem will take care of itself.Only that last item is universally

true. Succession does take care of itselfin an emergency. In three privately-held companies we know of, CEOsdied suddenly and without successionplans. The months following eachdeath were harrowing struggles forcorporate survival. The newly-leader-less teams scrambled to keep thingsafloat while trying to select the nextleaders. Time was lost, opportunitieswere missed and the value of eachcompany was at serious risk.

In one case, the de facto succession“plan” was a succession war. Andwith the selection of a new CEO, sev-eral key executives departed and whathad been tragic disarray became abona fide disaster.

If CEO succession planning in anorganization is not well in hand, it is

also unlikely to be happening at otherorganizational levels. The issue reach-es down through the organization,each level dependent on those aboveand below.

Critical Strategic PlanningUnfortunately, succession planning

currently exists in many CEOs’ mindsas a standalone issue. It’s somethingthat has to be done to mitigate risk,like buying insurance. What if,instead, we began to see successionplanning as a critical part of the strate-gic planning process and as an over-looked potential competitive advan-tage for the organization?

Succession planning requires that apipeline of high-potential talentedleaders are identified and cultivatedthroughout the organization. Thatpipeline is critical to the ongoing suc-cess of any growing organization andshould be a foundation of corporatestrategy. Organizations that learn howto develop talent better and fasterhave a competitive advantage and abetter chance by keeping the talentthey develop, particularly if they pro-vide a range of career opportunities.

Effective succession planningrequires three key components:

• The commitment and visibleinvolvement of the current CEO

• A targeted and high-impact leadership development program

• Leadership development and suc-cession planning as top strategicpriorities integral to the organization’s strategic plan.

Regular High-GainConversations AboutCandidates

Led by the CEO and senior HumanResources Executive, the organization-al succession planning processrequires a gathering of top executiveson a regular basis. In an offsite retreatsetting, they can have high-gain1 con-versations about candidates in order toevaluate, compare their merits, andcreate a roster. The CEO and top exec-utives will deeply familiarize them-selves with these important individu-als. These same executives devise and

execute strategy as well as create lead-ership development opportunities forcandidates. In turn, these discussionscan inform corporate and divisionalbudgeting process.

It is easy for these conversations todevolve into whether candidates are“nice people”, how well a candidate is“liked” or who certain executives favor,without a clear focus and structure forthe discussions. So we recommend thatthe following high-gain questions formthe basis of the conversations:

• What are some of the candidates’observed leadership behaviorsand skills the company has identi-fied as critical to the business?

• What are the results candidatesare getting?

• Who have they developed?• What kind of targeted develop-

ment and career opportunitiesshould the organization providenext, and why?

Specific positive and negative exam-ples for each question must be provid-ed for a fully accurate read on eachcandidate.

Leadership assessment for succes-sion is a skill that develops over time,with practice. In fact, many of ourCEO and key executive client teamsstruggle with their first high-gain suc-cession conversations. Over time, exec-utives generally become more com-fortable putting forth their candidatesand debating each choice with col-leagues. It will take time for the groupto warm up to the task and reach ahigh level of candor. �

About the authorsSherri McArdle and Jim Ramerman

are co-founders of McArdleRamerman Inc., a firm that providesleadership and executive developmentservices for CEOs and senior execu-tives at private, public and not-for-profit organizations. www.leadershiprising.com. Copyright 2005 McArdle Ramerman Inc.

1 “High-gain conversations” and questionsare an essential part of McArdleRamerman’s Leadership Rising Practiceand a key executive skill. These are conver-sations that drive clarity, timely decision-making and effective action.

Product Test Lab: VERITAS


Product Test LabVERITAS Cluster Server 4.0Fire DrillOverview

Like most businesses, you probably use servers in a vari-ety of applications, e.g., general applications, electronicmail, or databases. Regardless of how many servers are inuse, the loss of any server represents a potentially seriousloss to your organization. One technique for protectingservers is called clustering, and involves a group of comput-ers working together, running a set of applications, and pre-senting the image of a single system to the user. See Figures 1and 2 below. The computers are physically connected anduse special clustering software for communications. Thevalue of clustering in an outage situation is that if one serv-er or resources running on a server become unavailable –for whatever reason – clustering brings in another server totake over the disabled functions. This process is calledfailover. The effect on users is that they are unaware of anychange in system operation; the failover is completelytransparent.

Figure 1 Figure 2

CPM examined VERITAS Cluster ServerTM, an exampleof a popular clustering product. While the system per-formed very well in an emergency situation – as weobserved during the test – we were more interested in howclustering technology can be incorporated into ongoingbusiness continuity planning and maintenance activities.

Therefore, we focused our efforts on a complementaryfeature available within VERITAS’ Cluster Server (VCS),labeled Fire Drill. This application is designed to test theresults of a system/data replication activity initiated by theVCS software. After all, if you want to ensure that you canrecover applications, data, or entire servers, the ability totest and verify the recovery ought to be very beneficial.CPM learned that the Fire Drill process is easy to learn andinitiate, and can be integrated into the recovery andrestoration components of a business continuity or disasterrecovery plan.

Operationally, VCS Fire Drill uses available storage prim-itives such as Fast Mirror Resync III (FMR-3) SpaceOptimized Snapshots or hardware-based snapshots toobtain a temporary point in time copy of data being repli-

cated from the main to the emergency recovery site. Afterthe point in time copy has been created, Fire Drill facilitatesautomated testing of the quality and usability of the recov-ery site data with the actual applications needed post-disas-ter. Users can customize their Fire Drill using an automat-ed setup wizard. The wizard creates a special purposefunction that automates point-in-time copy creation plusstartup/shutdown of the desired application(s).

Installation CPM participated in a walk-through of the VCS Fire Drill

activation process. The Fire Drill wizard prompted us viaquestions that are used to create the Fire Drill ServiceGroup. Once the Service Group has been created, it can bebrought online and offline, create and destroy snapshots,and start/stop applications. Fire Drill can also be added toa scheduling utility, which makes it easy to launch FireDrill unattended, while the administrator performs otherduties. Fire Drill logs can be easily reviewed post-test.

OperationVCS Fire Drill is available around the clock. VCS as a

system supports two methods of data replication: host-based replication and hardware-based replication. In theformer, a FMR-3 Space Optimized Snapshot (SOS) is takenat the recovery site. FMR-3 obtains the point-in-time copyof data; the data is immediately available at the recovery

Product Name VERITAS Cluster Server 4.0; VCS Fire Drill

Company VERITAS SoftwareAddress 350 Ellis Street, Mountain View,

CA 94043Contact Customer Service Phone 1-650-527-8000 (outside US) Fax 1-650-527-2908Toll-Free 1-800-327-2232 (US) E-mail Please call or visit Web siteWeb Site www.veritas.comPrice Contact vendorDistribution Direct, several national and

international distributorsTraining On-site, online and at numerous

learning centers; consulting servicesalso available

Warranty LifetimeMaintenance E-mail, Web site, telephone, technical

forums (www.van.veritas.com), con-sulting and technical support services

System Environment Solaris, Windows, HP-UX, Linux(SuSE, Red Hat), VMware AIX support

Installation CD and occasional Web site down-loads in certain cases

Competition Vendor-specific solutions (i.e.,Microsoft Cluster Services, Sun Cluster,Red Hat Cluster, HP Service Guard,AIX HACMP)

Product Test Lab: VERITAS • Product Test Lab: Grapevine


Product Test LabGrapevineTM SoftwareOverview

As business continuity professionals we tend to spend alarge part of our time conducting analyses and writingplans. Tests may be scheduled once or twice a year, unlesswe conduct system tests, business unit plan tests, or otherfocused exercises. However, it can be argued that mainte-nance is probably the most important part of the businesscontinuity process. Why? Most companies rarely remainstagnant. Personnel changes, new job assignments, newproducts and services, and revisions to policies and proce-dures make for a dynamic environment. Ideally, BC plansshould reflect those changes in real-time. After all, disas-ters can occur at any time, and an out-of-date plan –regardless of how well documented it may appear – couldmake an otherwise easily handled disaster even worse.Haven’t we advocated BC plans as living documents?Doesn’t it make sense, therefore, to have a way to keepplans current?

This brings us to Grapevine Software LLC, which recent-ly launched Version 3.0 of its plan maintenance and man-agement product, called GrapevineTM. The companydescribes Grapevine as full lifecycle management software, foremergency, contingency and disaster recovery plans of all types.It is an IP-based, scenario-driven system that helps businesscontinuity professionals create, test, maintain and shareplans in a single, interconnected visualization of data, with-in a single web-accessible interface. Figure 1 depicts

Grapevine’s role. While it is possible to develop BC plans with Grapevine,

a normal situation envisions creating your own businesscontinuity or emergency response plans, using whatevermethod is available. Once the plans are done, they can beimported into the Grapevine “engine” which expands yourability to handle change management, testing, and sharingwith other team members. Once imported, future editing isdone directly from within Grapevine’s web-browser con-tent editor, using familiar Microsoft Word™-like controls.Owing to its scalability and pricing structure, Grapevine isideal for medium to large organizations, although smallbusinesses can use it as well.

Grapevine is built on a Multi-Agent System (MAS) envi-ronment that establishes a workable structure despite thetypical cross-enterprise hierarchies, accountabilities anddependencies. This encourages communication and inter-

site. This method needs very little disk space at the recov-ery site, and after testing has finished, the space-optimizedsnapshot is destroyed so that the disk space can be avail-able for future tests. In the latter, the FMR-3 SOS functioncannot be used; rather, the VCS Fire Drill uses native hard-ware-based replication functions to create/delete a datasnapshot.

Documentation In addition to the VCS Fire Drill wizard, which simplifies

the testing process, full documentation is available for both

VCS and the VCS Fire Drill feature.

Usefulness in a Disaster Situation In a disaster, VCS is designed to seamlessly turn on

applications and replicated data (or whatever the customerhas designated) at an alternate recovery facility so that pro-cessing can be resumed quickly. As soon as the systemdetects an out-of-normal condition, the replication processlaunches, based on customer-supplied parameters. TheVCS Fire Drill makes it easy to test various data replicationconfigurations, and should be used before a disaster occurs.As a key part of the change management process, VCS FireDrill makes it easy to test and validate new data/hard-ware/application configuration changes.

In CPM’s opinion, the VCS Fire Drill provides an excel-lent tool for testing data recovery arrangements in advanceof a disaster. The user interface is easy to learn, installationis straightforward, the system runs 24x7, and delivers aspromised. As an ideal component of BC/DR plan testingand maintenance, CPM recommends you check out VERI-TAS Cluster Server and the VCS Fire Drill feature. �

Ratings * Poor, ** Fair, *** Average, **** Very Good, ***** Excellent

Installation (CD) **** Operation *****Documentation **** Usefulness *****Value for Money ***** Overall Rating *****

Figure 1

operability between systems and people, and helps distrib-ute planning process execution, freeing senior manage-ment to concentrate on broader strategic goals. For BCprofessionals and emergency managers, productivity canbe enhanced for critical processes, both structured and adhoc, across diverse networks of partners, governmentagencies, and the community.

When implementing Grapevine, professionals from

Grapevine Software are available to assist with importingplan files, develop the required databases, and provide train-ing. The company also provides an ASP model designed forplanning professionals, which helps them remotely auditand maintain their clients’ plans. Although the companyemphasizes the fact that most everything needed for imple-mentation is available via the Web, hardcopy installation andadministration guides will be available just in case. The sys-tem is easy to learn, and the company provides demos andother tools to facilitate the learning process.

Installation The principal installation activities are: 1) server configura-

tion; 2) software loading and testing; 3) database setup; and4) user access via Internet browsers. Grapevine will alsosecurely host a customer’s vine for them. The followingtables summarize the recommended hardware and software.

Once these elements are in place, users begin by import-ing plans into Grapevine using specific conventions. Plansare separated into nodes called grapes that are given indi-vidual content editing fields, availability and status. Theyare next arranged on a graphical interface, called the vine,

and are assigned specific responsibilities to members. Thevine is the principal navigation tool, and quickly providesaccess to all plan elements. Grapevine separates plan con-tent into seven types of grapes: issues, actions, resources,team resources, documents, Grapevine members (users),and organizations. Grapes are then linked graphicallyonto the vine using standard conventions for ease ofaccess, use, and interoperability. Multiple layers of securi-ty are built into Grapevine to ensure confidentiality anddata protection. Once users learn the various icons andtheir functions, the product’s capabilities will be readilyapparent.

OperationCPM participated in a Grapevine demonstration. Figure

2 provides a sample member screen. The system’s capabil-ities are extensive, and, once learned, make it easy to main-tain plans in whatever level of detail is needed.Collaboration with team members, especially those withresponsibility for updating specific portions of the plan, isfacilitated using e-mail. Once the plan has been convertedinto grapes linked to a vine, plan data is presented tomembers in a drill-down arrangement from the vine level(big picture) to the grape level (specifics). Each membercan develop a fully customized view relevant to his/herarea of responsibility, without the need to leave the largerview context. With this process, members can performnumerous change management functions simply by work-ing with and moving grapes around on the vine.

Additional Grapevine features include the following:• Community Portal – Non-members, such as communi-

ty officials, can view selected plan elements• Document Attachments – Various types of files, such

as Microsoft Office files, floor plans, organizationcharts, and maps can be attached to any part of theplan

• Map Navigation – Members can navigate using thestandard grape/vine interface or with grapes superimposed on a map

• Cloning and Grafting – Cloning makes it possible to collaborate with other organizations by establishing links to them; grafting replicates grapes and/or other information elsewhere within the vine or a different vine

• Bottling and Labeling – Bottling provides security sothat content can be shared across different vines; label-ing establishes the author’s rights to distribute content

• Dashboards – Custom versions of the plan (e.g., usingcolor-coded symbols) can be produced and distributedto management or other designated individuals toensure compliance and understanding

In a disaster or crisis situation, users must have access tothe Internet to utilize the plan. CPM recommends printingout hard copies of the plan as a backup.

Product Test Lab: Grapevine

Table 1Recommended Hardware• 2 X Pentium family

multiprocessor @ 2.0 MHZ• 1024 KB L2 cache• 2 GB memory• 4 X 18.2 GB 10K rpm SCSI

Drive (RAID 1)• Dual-ported 10/100 Mb NIC• NCR LifeKeeper & Recovery

Kit

Table 2Software Requirements• OS: Microsoft Windows 2003

Advance• Web Server: IIS 5.0, IIS 6.0• Database: SQL Server 2000,

Oracle 9, DB2• Browser: IE5.5, IE6.0

Figure 2


Documentation Grapevine requires a Web browser for member opera-

tion. On-line assistance is available either via the system orvia live technical support and audio/video files. Hardcopyinstallation and administration guides are also available.

Usefulness in a Disaster Situation While Grapevine was designed primarily for plan mainte-

nance, it can certainly be use during an incident. Assumingmembers have Internet access, they have full access to theirplan(s) via Grapevine. Considering the product’s powerfulchange management and collaboration functions, CPMbelieves these capabilities should help improve the plan, asit can be updated in real-time based on actual experience.Once members are comfortable with the system interface,Grapevine can be an important part of a crisis response.

In CPM’s opinion, Grapevine Software is a worthwhile

tool for business continuity plan maintenance. In a disas-ter situation it can also provide added value via its collabo-ration capabilities and change management functions. Theuser interface is unique and intuitive; and installation willtake some time (given the nuances of the vine/grape struc-ture). If you are as concerned about plan maintenance aswe are here at CPM, we encourage you to look intoGrapevine Software. �

Product Test Lab: Grapevine

Product Name Grapevine SoftwareTM

Company Grapevine Software LLCAddress 65 Enterprise

Aliso Viejo, CA 92656Contact Jim KilmurrayPhone 949-330-6592Fax 949-606-9578Toll-Free N/AE-mail [email protected] Site http://www.grapevinesoftware.comPrice From $25K to $100K, configuration

dependent Distribution BCP consultants and plan

developers; direct via several national and international distributors

Training On-site training for large groups;Web conferencing via gotomymeeting; video; audio file and read-along script

Warranty Annual Maintenance and SupportPlan per price list; 90–day warranty(maintenance and support)

Maintenance Annual Maintenance and SupportPlan per price list; e-mail, Web siteand telephone support

System Windows 2K Server(s); MS SQLEnvironment Server; MS IIS Web Server; ASP.Net

Ex: Pentium III/IV with 200MHz;min 128MB memory; 20GB disk storage

Installation Server installs over the Internet withvalid destination IP; or by CD whenlocal to target server

Competition Strohl LDRPS; Sungard ePlanner;others

Ratings * Poor, ** Fair, *** Average, **** Very Good, ***** Excellent

Installation (Web; CD) **** Operation ****Documentation **** Usefulness ****Value for Money **** Overall Rating ****

Handy Tips for BC Professionalsby CPM Staff

1. Work with a well-defined project plan, typically using MicrosoftProject 2000/2003

2. Set up regular plan updates on a weekly or bi-weekly basis 3. Provide minutes of all meetings for future review/audit 4. Use PowerPoint presentations when discussing an activity with a

business unit manager or other client representative 5. Use e-mail as part of awareness programs; send out regular

blasts advertising the program, and its value to the company6. Print up laminated wallet-sized cards with critical phone numbers,

emergency response activities7. Integrate business continuity activities with other corporate and

operational change management functions8. Check fire extinguishers for proper charging, location in clear view

of an area, overhead signage pointing to the device’s location

9. Clearly written emergency exit details on every floor, not only at elevators but also at stairwells, within work areas and in com-mon areas

10. Quarterly review of power protection equipment to ensure thatdevices are correctly rated for the equipment they serve

11. Weekly review of fuel levels in emergency generators to ensurethey are topped up

12. Include security and emergency management staff in your project team; encourage them to participate in meetings,training sessions, exercises

13. Arrange to meet with local police, fire, emergency rescue depart-ments; have them review your plans, physical site, procedures

14. Following an incident, have processes and procedures to manage the disaster and to manage the business.

15. Keep things simple - plans that are too detailed may be lesseffective, as they may be too complex to use during the recovery process

15


Events Calendar


EV

EN

TS

C

AL

EN

DA

R April 20054-6: InfoSec WorldConference & Expo2005Orlando, FLWeb:http://www.misti.com/infosecworld

5: How to Create aBusiness ContinuityPlan...That Works!Boston, MAWeb:www.dspnetwork.com

6-7: Workshop -Physical SecurityInspections & AuditsArlington, VAEmail: [email protected]

7: Information SecurityWebinarEmail: [email protected]

7: How to CreateDrills...That Work! Chicago, ILWeb:www.dspnetwork.com

11-12: NationalStandard onDisaster/ EmergencyManagement andBusiness Continuity(NFPA 1600)Nashville, TNWeb:http://www.nfpa.org/catalog/product.asp?pid=DEM2

12: The DisasterSimulationNew York, NYWeb: www.ContingencyPlanning.com/Events/Symposia

14-15: ProjectManagement forBusiness ContinuityManagementSingaporeWeb:www.bcpasia.com/BCPA0405

17-20: ASISInternationalEuropean SecurityConference:Security Solutionsfor the FutureCopenhagen, DenmarkWeb:http://www.asisonline.org/education/programs/noframe/copenhagen/default.html

18-19: NationalStandard onDisaster/ EmergencyManagement andBusiness Continuity(NFPA 1600)Atlantic City, NJWeb: http://www.nfpa.org/catalog/product.asp?pid=DEM2

20: Special Ops NYC— Spies Among UsNew York, NYWeb: http://www.isc2.org/events/ny.html

20: Secure Detroit2005DetroitWeb: http://www.isc2.org/events

20-22: EnterpriseWide RiskManagementAustralia 2005Sydney, Australia.Web: http://www.terrapinn.com/2005/EWRM_AU/

24-28: ESS EXPO.05Phoenix, AZWeb: www.ess-expo.com/

25: Hot Topics inBusiness ContinuityHawthorne, NYWeb: www.ContingencyPlanning.com/Events/Symposia/#Hottopics

25-27: CBRNResilience 2005London, UKWeb: www.iqpc-defence.com/GB-2348/2020

26: IEEE Conferenceon Technologies forHomeland SecurityBoston, MAWeb:www.ieeeboston.org/homeland2005

26-28: InfosecurityEuropeLondon, UKWeb: www.infosec.co.uk/index.cfm

26-29: AircraftRescue ResearchProject (ARRP) -Forcible Entry &Victim ExtricationSan Bernardino Airport,CAWeb: www.edmus.info

May 20052-3: NationalStandard onDisaster/ EmergencyManagement andBusiness Continuity(NFPA 1600)Farmington, CTWeb:http://www.nfpa.org/catalog/product.asp?pid=DEM2

6: Hot Topics inBusiness ContinuityCleveland, OHwww.ContingencyPlanning.com/Events/Symposia/#Hottopics

9-10: NationalStandard onDisaster/EmergencyManagement andBusiness Continuity(NFPA 1600)Ft. Lauderdale, FLWeb:http://www.nfpa.org/catalog/product.asp?pid=DEM2

9-10: Infosecurity2005 LeadershipConferenceWashington, DCWeb: www.securityleadershipseries.com

11-12: Security MexicoConference & ExpoMexico City, MXWeb: www.ejkevents.com

12-13: Conducting anEffective RiskAssessment andBusiness ImpactAnalysisHong KongWeb: www.bcpasia.com/HK0505

15-18: Fifth AnnualDisaster ResistantCalifornia ConferenceSacramento, CAWeb:www.sjsu.edu/cdm/drc05

17: HomelandSecurity – ExportSecurity DevelopmentsWebinarEmail: [email protected]

19: Supply ChainIssues in BusinessContinuityLondon, UKWeb: www.survive.com

23-24: NationalStandard onDisaster/ EmergencyManagement andBusiness Continuity(NFPA 1600)Atlanta, GAWeb:http://www.nfpa.org/catalog/product.asp?pid=DEM2

24-26: CPM 2005WestLas Vegas, NVWeb: www.contingencyplanningexpo.com

24-25: The 2005Homeland SecuritySummit & ExhibitionWashington, DCWeb: www.mcgraw-hill-homelandsecurity.com

❐ My check for $149, payable to Witter Publishing Corp., isenclosed.

Charge $149 to my:❐ VISA ❐ MasterCard ❐ American Express ❐ Discover Card

Account: Exp:______

Signature:_______________________________________________(Required for all orders)

Name:__________________________________________________

Title: ___________________________________________________

Company:_______________________________________________

Address 1: ______________________________________________

Address 2: ______________________________________________

City/County/Province: ____________________________________

Zip/Postal Code: _________Country: _______________________

Phone: _____________________ Fax: _______________________

*E-mail: _________________________________________________(required)

YES! Send me the next 12 issues ofCPM Global Assurance E-Newsletter at the special subscription price of $149 — a savings of almost $50 off the charter rate of $195.

Complete and mail or fax to:CPM Global Assurance E-Newsletter

Witter Publishing Corp.20 Commerce St., Suite 2013

Flemington, NJ 08822 USA908 788-0343 • Fax 908 788-4209

www.ContingencyPlanning.com

✄

Priority Code: 05GA04

Limited Time Special Subscription Offer

Documents

Volume 2 • Issue 4 April 2005 Global Assuranceeval.veritas.com/mktginfo/products/Misc/High_Availability/fire... · Volume 2 • Issue 4 April 2005 CONTENTS ... Succession Planning