Library

56.7% of senior management indicate that cyber security is their top concern in 2024, but many fail to incorporate it into their overall resilience efforts. Information security alone is not enough – you need to prepare both proactively and reactively as a broader cyber resilience strategy. Unfortunately, there are many issues holding organizations back, including confusion on roles and responsibilities, outcomes, and what the “end game” looks like. Join Jim Kastle, Chief Information Security Officer at Kimberly-Clark and Brian Zawada, General Manager, Business Continuity & Resilience at Riskonnect, as they discuss how information security contributes to cyber resilience and ultimately, at the most strategic level, business resilience.

There probably isn’t a resilience professional who hasn’t participated or facilitated tabletops and other exercises. As resilience professionals and functional experts, that’s an important part of your job. This session isn’t your average tabletop; here you’ll be asked to work through a disaster scenario in a new way. How would you respond to a railway disaster from a different perspective, such as a day care center employee, a local fire battalion chief, a railroad supervisor, utilities representative, or others impacted by an event? Participating in this interactive tabletop will give you the opportunity to consider how others react to crisis situations, allowing you to look at resilience from different viewpoints. And maybe you’ll see something you hadn’t seen before!

Consultant/Rear Admiral SEAL Donald M. Plummer will join us as a keynote speaker. He will reflect on his 30 years in the military as an admiral, Navy SEAL, and a corporate executive responsible for global operations and business continuity. He will identify similarities across all organizations and how preparation and strong leadership are critical traits for success.

Are you new to DRI, DRI Conferences, our profession? This session is for you! Based on feedback from previous attendees, newbies need a place to kick off their conference experience, and this is it! Led by DRI’s resident expert in certification and customer care, Maria Loduca, and DRI Instructor and subject matter expert Bobby Williams, you’ll have a hard time stumping these two with any question. In addition to walking you through DRI2024 and all things DRI (including how to get more involved!), you’ll also have a chance to network and get to know fellow newcomers.

When the worst-case scenario becomes reality, your organization needs to respond as one. It requires more than functional expertise from Business Continuity professionals. It calls on you to orchestrate coordinated and collaborative action across organizational and hierarchical boundaries—often wielding influence beyond your formal authority. That does not happen by accident. This session draws on 20 years of research and practice from the National Preparedness Leadership Initiative at Harvard University. NPLI Associate Director, Eric McNulty will present practical insights, tools, and techniques for leading up to the c-suite, across to peers, and beyond to stakeholders including suppliers, customers, and more. You’ll leave this session better understanding your potential as a system-wide leader and with tangible ways to increase your impact right away.

Join the members of DRI Foundation’s Women in Business Continuity Management Executive Committee for an interactive panel discussion focused on identifying and sustaining your strengths, which are paramount to achieving your personal and professional goals. As our industry evolves, we’ll discuss how we, as women, can zero in on our strengths, apply them to our many roles, consider the obstacles that may limit realizing our power, and create small opportunities to recharge throughout the day.

Have you ever experienced higher volumes of unexpected leaves of absence that negatively impacted operations? How is human capital integrated into your business continuity program? Going beyond tracking employee residential zip codes, are you integrating this essential part of your enterprise in more than a perfunctory way? Whether your entity’s dependencies involve union labor or a recruitment pool whose tastes are changing, to stay on the leading edge of resilience you must incorporate planning for human capital risk into your business continuity plan. In this interactive workshop we’ll talk through strategies to get started and encourage attendees to share from their experience.

This session will explore how effective third-party risk management protects against unforeseen vulnerabilities in your business ecosystem. Attendees will gain an understanding of the pivotal role third-party risk management plays in amplifying overall business resilience, ensuring continuity in the face of disruptions. Discover the role of cutting-edge technologies in automating and streamlining third-party risk management processes, making them more efficient and responsive. This session is part of our Sponsor Track. Thank you to our sponsors for sharing their expertise!

Modern society depends on critical infrastructure – the power grid, the water system, the oil and gas infrastructure. Over the last two decades, OT and IT infrastructures coalesced, with control systems such as SCADA for the power grid transitioning from proprietary communication protocols to IP (the internet protocol) for cost, availability, and simplicity reasons. This transition removed the air gap traditionally relied upon in securing critical infrastructure. While deploying critical infrastructure systems according to best practices may be sufficient to counter common hackers, it is less effective against well-funded nation-state actors. As the geopolitical situation deteriorates in recent years, the risk nation-state actors pose to our critical infrastructure increases dramatically. Beyond continuously improving best practices and enforcing them, it becomes necessary to construct control systems that are intrusion-tolerant: they continue to operate correctly even in the face of a successful attack, where part of the system is compromised by a sophisticated adversary. Such systems include AI-based intrusion-detection capabilities that are effective in providing the necessary situational awareness to well-trained operators. The session will describe our experience developing, red-teaming, and test-deploying an intrusion-tolerant SCADA system for the power grid as part of several DARPA, DoD, and DoE projects, with national labs (PNNL, SANDIA), SCADA manufacturers (Siemens, GE), and utility (Hawaiian Electric) partners. We aim to foster a discussion conducive to broader integration and deployment of such capabilities toward a cyber-resilient grid.

Attend this session to learn how DRI’s Professional Practices have been operationalized across the Maryland State Government and hear details on how the private sector’s best practices have been repackaged to build a robust continuity program, implement an integrated operationalize framework, and to make Maryland more resilient. The Maryland Department of Emergency Management has established and promulgated a culture of resilience through its preparedness efforts including planning, training, exercise, and stakeholder technical assistance highlighting the critical importance of operational resilience and mission assurance statewide.

Join us to build your toolkit for addressing uncomfortable workplace situations. In this session, we will examine these uncomfortable moments impact women’s behavior and career progress in the workplace. We will also share key phrases and resources to use during these situations, discuss the key role of advocates and practice using techniques we learn during live scenarios. By the end of this session, women and allies will have the tools and understanding to improve your responses and work toward a resolution in uncomfortable situations.

We all know that dogs are man’s best friend, but did you know that they can be a resilience professional’s BFF too? Attend this session to explore a little-known resource that could benefit your organization’s program and people. Members of the Tri-State Canine Response Team (the humans) will take attendees through actual crisis response deployments following recent mass shootings in Uvalde, Las Vegas, and Indianapolis. Learn what dogs, who have a way of de-stressing humans without even trying, paired with trained responders can do for you in those critical hours and days post-crisis. What began as a small, therapy dog group aimed at providing comfort and support to local first responders has grown to include nearly 100 teams in 7 U.S. states, provided national support during 18 mass casualty incidents, responded to hundreds of local incidents, and most recently expanded internationally. This presentation will provide insight into this unique approach, demonstrate why canine/human crisis teams are effective, and show how resources like these can help your employees bounce back after a crisis.

How prepared is your organization to respond to Digital Operational Resilience Act (DORA) requirements? MorganFranklin Consulting will discuss how financial institutions that serve companies in Europe might prepare for this mandatory regulation with which they must be compliant by Q1 2025. This session is part of our Sponsor Track. Thank you to our sponsors for sharing their expertise!

Science and scientific research & development are a crucial, yet underutilized resource for emergency management. The Science Advice and Guidance for Emergencies program, better known as SAGE, aims to normalize the use of science advice in the emergency management community. SAGE, the premier emergency management framework for S&T, is an emergency management resource used during homeland security threats, incidents, major disasters, and emergencies.

Join Jim Kinsman as he shares his experiences rebuilding, rebranding, and expanding traditional business continuity and disaster recovery approaches toward enterprise operational resilience leveraging third-party cybersecurity incidents and geo-political events impacting, or threatening to impact, business operations. He will also share lessons learned from these events, and other incidents, in the areas of crisis leadership, incident command, risk management, and public/private partnerships.

In a post-pandemic era, new ways of working require business continuity professionals to reconsider recovery strategies, which have traditionally weighed loss of location heavily. The pandemic revealed abilities to perform and sustain critical workflows at home, with many organizations shifting to a hybrid work environment. Hybrid work patterns and permanently remote employees prompted The New York Times team to invest efforts in strengthening “at-home” resiliency, as opposed to the maintenance and upkeep of traditional recovery sites.

Every organization must protect its information and ensure data needed to run the business is accurate and available, but knowing how to design effective continuity plans isn’t easy. Those that are successful start by intentionally coordinating teams of risk, compliance, security, and business continuity professionals. Standout teams then take five important steps to improve continuity and build resilience. During this session, Riskonnect’s Brian Zawada, vice president, strategy and innovation, and Michael Bratton, principal managed services consultant, will explore the ways that leading organizations are navigating the ever-evolving threat landscape to confidently create a more resilient business model. They will discuss defined outcomes for business continuity and operational resilience – and outline the five important actions to take in the next 12 months. Key Takeaways: - Trends and universal practices in organizations to maintain continuity when faced with information security challenges - The relationship between information security and business continuity / operational resilience - Concrete ways to break down the silos that decrease continuity and resilience - Definition of essential outcomes stemming from an effective continuity and resilience program - Practical next steps to improve continuity and resilience in the next 12 months This session is part of our Sponsor Track. Thank you to our sponsors for sharing their expertise!

For the Greater New Orleans Area, Katrina will always be remembered as a life altering experience for both the community at large and every aspect of people’s lives. This interactive session will offer insights from some of the best minds in understanding how this happened to NOLA and what YOU can do NOW to prevent this from happening in your community. Topics include: – Pre-disaster and post-disaster recovery planning toolkits – Challenges to disaster financing and accessing resources – Understanding the Re-insurance marketplace

This session will emphasize the importance of understanding the role of artificial intelligence (AI) in risk and resilience. We will cover why AI is good for our profession using present case studies and examples of AI-driven successes in resilience. We will also look at the potential risks and drawbacks of AI in the context of resilience – touching on concerns with ethics, privacy, and data security. As resilience professionals, what should we be asking – what are those critical questions and safeguards? We will conclude with what are the emerging trends and future scenarios related to AI and resilience.

Join us for a candid chat among 3 professionals whose roles are the same but different — a business continuity manager, an emergency manager, and a crisis manager. Coming from similar but diverse backgrounds, they will share their interchangeable skills, relatable stories and distinct perspectives from each discipline and how their line of work continues to mature and evolve.

Explore the essential elements of crafting and executing impactful tabletop exercises designed to enhance organizational resilience. Join the Comcast Corporate Business Continuity team as they dive into real-world case studies, discuss the integration of emerging technologies, and engage in an interactive session to elevate your understanding of business continuity in the fast-paced tech realm.

The most critical part of any resilience program is the ability to cultivate and retain the interest of stakeholders, but more often than not, risk management and resilience programs are associated with lengthy policies, pessimistic people talking about everything that could go wrong, and complex jargon—the buzzkill of the organization. To go from buzzkill to benefit, you need to change the way you engage your audience and forge deeper emotional connections by cultivating memorable experiences. To be successful, leaders must care about and want to participate in your program. Executive sponsorship alone won’t cut it. You need to rise above the noise of internal initiatives and focus equally on what your stakeholders need out of your program, and what you need from them. In this session, we will identify and understand the needs of your stakeholders and design a memorable user experience (UX). That experience will drive engagement by blending gamification; cognitive and behavioral sciences; branding and engagement strategies and technology. But all programs have limitations of time, budget, and resources. With this reality in mind, we will teach you how to leverage personas and user journey maps to focus your efforts on activities that yield the greatest ROI (Return on Investment). This session is part of our Sponsor Track. Thank you to our sponsors for sharing their expertise!

For decades, DRI and the DRI Foundation have maintained a set of core values and core behaviors that uphold those values as a resource for developing and maintaining an environment where diversity and inclusion are the norm. We have and will continue to support diversity and inclusion through action. This session brings the discussion to DRI2024 where we will explore the roles each and every one of us has to play in this effort across the profession.

This session explores AI’s transformative impact on business continuity & crisis management. Covering AI significance into business continuity principles, crisis management, real-world scenarios, AI’s rise, defense applications, benefits, and challenges. Synergy, case studies, ethical considerations, and future trends are also discussed. The presentation fosters engagement through informative material, Q&A and light-hearted AI-related jokes.

Operational resilience is a goal every organization strives for to maximize their value to employees, shareholders, and customers. Join us for an overview of Goodyear’s operational resilience journey spanning over two decades. This session will help you to evaluate your current program and practices and focus on the most efficient methods to improve your level of maturity. Among the topics covered are: - Assessing your strengths and gaps - Aligning your teams - Developing a “Resilient Deployment” process - Turning risks into opportunities - Maintaining progress

Crisis management is one of the most important parts of the company/organization response to emergency incidents. Crises must be handled correctly or the risk of the crisis getting out of control can have a severe impact. It is important to note, that crisis management is a learned skill. That being said, many executive and senior leaders do not have this skill. Strategic planning of possible incidents and how to handle them must be well thought out. This course is an overview those skills, time of disaster operations, prioritization of task, team activities, and training and exercise. Finally, this three-hour workshop will show the differences between activities of the crisis management team and business continuity teams and how they are interdependent.

You have been tasked to lead your organization’s risk management efforts. Your goal is to increase your organization’s resilience to the various risks it faces and provide recommendations to your Executive team on how to manage these risks. How do you do this? Through effective risk quantification. During this interactive session, we will delve into a methodology that will resonate with Executive management in order to drive action within your organization. As risk managers we must develop a deeper understanding of the business and related impacts. Through that understanding we will be able to develop an effective message that will drive resilience and gain support from the C-Suite. This session is part of our Sponsor Track. Thank you to our sponsors for sharing their expertise!

When Hurricane Katrina hit New Orleans, over 400 of the City’s almost 500 school facilities were damaged, over half catastrophically. We will walk through keys lessons from the $2B schools recovery program that shaped equitable and resilient rebuilding and brought back public education to 48,000 students and then pivot to resilience and climate adaptation strategies in New Orleans today. Our session will include clear and simple recommendations on how to assess your facility portfolio risks and implement near-term and long-term solutions that will protect your people and business enterprise in the face of major shocks and slow-onset hazards like climate change.

Attend this session to hear how one healthcare organization moved from having isolated recovery and continuity plans across departments toward implementing a unified continuity and cyber resilience program. From initial challenges and the need for a more integrated approach, to conducting 67 BIAs across 67 department and engaging with 224 stakeholders, to developing unified recovery and continuity plans, to transitioning to a cyber resilience model, program leaders built a solid foundation ensuing the health and well-being of the organization and those who entrust with their own well-being. Attendees will leave this presentation with key takeaways from the experience and recommendations for similar organizations.

In an era where uncertainty is the only certainty, businesses are increasingly recognizing the critical need for resilience – not just as a defensive mechanism, but as a strategic asset. In this presentation David Young will delve into the transformative potential of the Chief Business Resilience Officer (CBRO) – a position, that doesn’t yet exist, but will transcend traditional risk management and become a linchpin for competitive advantage. In this compelling session, David will explore how the CBRO operates at the nexus of foresight, innovation, and strategy to turn potential vulnerabilities into value-creating opportunities. He will unveil how this role, through a blend of visionary leadership and practical resilience strategies, can transform the very fabric of an organization, making it more agile, robust, and poised to capitalize on crisis. Key Takeaways: Understanding the Role of CBRO: Grasp the expansive scope of the CBRO, beyond conventional risk management, encompassing business continuity, emergency management, physical and information security, and crisis communications. Strategic Risk Re-framing: Learn how the CBRO’s unique vantage point enables them to identify and reframe risks as opportunities for strategic differentiation and market leadership. Resilience as a Competitive Advantage: Delve into real-world examples where resilient practices have not only mitigated risks but have also driven innovation, opened new markets, and enhanced customer loyalty. The Future-Ready Organization: Envision the future of business where resilience is embedded in the corporate DNA, making organizations not just survivable but thriving entities able to take market share in the face of adversity. This session is a must-attend for leaders who aspire to pivot their organizations from reactive risk management to proactive resilience building. It’s an opportunity to redefine the narrative of resilience in business and to equip your organization with the strategic foresight and agility needed in today’s dynamic business landscape. Join David as he details his vision to transform resilience from a concept into a tangible, strategic asset that propels your business forward.

Join us for a comprehensive session tailored to empower you with the tools and insights necessary to prepare for the dynamic AI landscape. From navigating the intricacies of the EU AI Act to identifying and mitigating emerging threats, our session offers a strategic roadmap to harness AI’s potential while ensuring organizational security and compliance. Dive into the complex AI threat landscape and explore the latest regulatory and standards shifts to keep your organization ahead of the curve. Experience an interactive Microsimulation session that not only showcases potential AI-related risks but also equips you with practical strategies for their mitigation, bringing to life emerging risk scenarios specific to your organizational context. Arm yourself with the Resilience Leader’s AI Toolkit, a comprehensive set of tools designed to help your organization navigate the challenges and seize the opportunities presented by AI. This session is an essential step towards securing your organization’s resilience in an age of rapid technological transformation. This session is part of our Sponsor Track. Thank you to our sponsors for sharing their expertise!

Recently organizations have dedicated more resources to cyber security while exposing physical security and threat gaps. The interdependencies and failure of one can impact another. Understanding threats, risk of traveling employees and executives, employee safety training, and succession in an organization is critical to developing a BC program. Fostering a corporate security mindset to approach business resiliency helps to confidently face uncertain and unplanned events. Attend this session to learn how!

During this discussion, we will examine what impacts a disaster makes on the everyday supply chains of a manufacturing facility. This topic will provide a baseline understanding of normal distribution models and dive into a real-world event and how an organization was forced to change its model. Participants will learn new insights into managing resources following a disaster and become more familiar with business continuity planning processes.

Metrics to show efficacy and return on investment are not new; the push for metrics have come and gone over the years but they are a great way to show return on investment (ROI). ROI leads directly to increased funding. For disaster recovery and business continuity programs this is often a struggle; as “insurance programs” of an organization DR/BC is often an afterthought. Just like the pandemic plans that were scoffed at for years; until… In our field we cannot readily track the number of widgets produced, the quality of those widgets, rejection rates, miles of road plowed, emergency medical calls per staff member, and such. We can track critical application uptime, but for DR/BC program managers; metrics can be very elusive. We are often beholden to someone else’s effort and focus to accomplish their task to keep our metric in good standing. It can be very frustrating. Having worked in emergency management, business continuity, and disaster recovery for over two decades we may have taken the perspective that this IS our lot in life. We ask, nag, cajole, and rely on our personal relationships to get things done. That is until we decided to flip our view of these interactions to make us the “good guys” who are trying to help everyone meet the metric requirement. Using our disaster recovery plans we selected key attributes (e.g. plan was updated, meets RTO and RPO requirement, etc…), assigned a pass fail to each then posted this on a companywide SharePoint site and began briefing senior leadership of the status of our critical applications. This changed our relationship from the person nagging for compliance to the helpful co-worker ensuring they look good at the next senior leadership meeting. In this session we will review the issue of metrics for a DR/BC program, describe the process used to develop our Disaster Recovery Scorecard, explain what attributes we used to create our metrics and show examples of our scorecard.

Cyber snuck up and sort of exploded on the scene, blowing past many of us, and it continues to move way too fast to stay ignorant. When it comes to cyber proficiency, cyber concepts remain consistent. Whether you missed some foundational cyber building blocks and are wondering what cyber related questions to even ask or you’re a pro who could use a reminder, this session is for you. Learning or refreshing the basics of cyber never hurts and in this session, we’ll bring everyone up to speed on the foundational concepts. We’ll tackle this serious subject with some fun as we cover essential terminology, a high-level overview of major cyber focus areas, and living with the ongoing threat.

Acceptable Risk – a term that should be at the foundation of your corporate risk program. When it comes to organizational risk management it should be foundational that a clear and singular definition of acceptable risk has been established that can be used to evaluate risk to the business. Too many companies operate with multiple definitions and blind spots in the identification of critical risks. Each enterprise must seek to have a unified definition that can be used to compare risk and facilitate the prioritization of risks and mitigation. There are three common challenges we will explore: First, the absence of a single encompassing definition of acceptable risk. Second, the tendency to focus on physical assets over other risk assets. Risk can present itself in many forms to include supply chain, processes, service providers, software, and even specific individuals or roles. Third is the energy that is spent collecting an inventory of critical assets that are not linked to risk mitigation actions. We will take a deeper dive into these three common challenges. Some tools we will look at include: • Governance principles • Understanding your critical assets • Risk management principles and strategies • Importance of a risk register supported by the business, without silos – updated regularly, communicated and reviewed • Data protection impact assessment • Postmortem reviews and lessons learned – when is a lesson really learned? This session will discuss how addressing these challenges and implementing these tools and principles will enable organizations to enhance their ability to better identify and achieve Acceptable Risk for their critical assets, and foster a culture of governance, compliance, awareness and management. The presenter will work with DRI to identify a company wanting to discuss a current issue in acceptable risk and utilize a portion of this interactive session as a workshop to identify potential risk mitigations.

Resilience has become a somewhat elusive concept, often defined with intricate jargon, akin to a magical word that promises to guide organizations through challenging situations. A fascinating concept, indeed. If we go back to the basics, BCM enables an organization to recover from planned events/incidents. However, the term resilience requires an organization to have special capabilities to be able to withstand and recover from difficult and fast changing situations. Therefore, merely having BC or ITDR plans is not sufficient to achieve true resilience. It requires that something extra to be truly resilient. Therefore, the question remains: What is that “something” an organization requires to be resilient and how can one implement and achieve resilience? Attend this session for the answer!

Traditional business continuity planning generally covers the most likely and most probable disruptions that organizations may face. Black Swan events, highly impactful, low probability events are excluded from the planning process. While this is often justified due to limited resource constraints, there have been recent events that are proving this planning strategy to no longer be effective. In today’s operational environments, organizations need to start planning for the most dangerous and impactful events and conditions. Instability in the current environmental, political, social, and market conditions have created a more volatile and challenging arena for organizations to operate. Organizations that do not prepare and consider the most extreme disruptions will not survive. For those that do, there will be tremendous opportunity for growth. This presentation will focus on a few examples of organizations that were prepared and able to respond to their own worst-case scenarios. Through these case studies, we will seek to better understand how we can better position our organizations not only to survive but to thrive in a business ending disruption. We will also examine how organizations can prepare with limited resource expenditure and evaluate potential strategies.

What risks are you most concerned about? How well prepared are you to manage them? How do you think our profession will change over the next few years? How does corporate ESG demands change your priorities? These are just a few of the questions the DRI Future Vision Committee (FVC) seeks to answer in its annual survey and reports. The Trends and Predictions Reports this year benefited from a record number of survey participants, which resulted in more informative analysis and wider insights for the future of our profession. This will all be shared in an interactive session led by FVC members opened up for comment and debate with attending conference delegates.

The presentation provides an overview of how Columbia University built a bubbled disaster recovery (DR) environment. All DR tests are performed during business hours in a bubbled environment without shutting down the production environments or staff coming in on the weekends to complete the tests. The various production application environments are being tested; their instances simulate an actual event as closely as possible.

Attend this session to learn some Critical Incident Stress Management (CISM) basics as applied to your people – your number one recovery resource. You’re not going to become a CISM expert in an hour. But this presentation will open your eyes to the need for and principles of this incident response staple. Speakers will review the seven components of CISM, in particular, response to disaster or large-scale incidents, defusing, triaging, acute symptoms, and more.

In 2023, we celebrated our 35th year serving this exciting profession of service. Because milestones are always a time for reflection, we’d like to dedicate this edition of our annual review to look back at some of the accomplishments of this venerable institution not just from this year but also to provide a review of all the various ways in which we support you every year.

DRI International's Ninth Annual Predictions Report offers resilience predictions for the profession by the profession, focusing on topics ranging from geopolitics to technology to the environment, and more. Providing a roadmap of the issues resilience professionals may face in the coming year, the report was developed by the DRI Future Vision Committee (FVC), a group of international thought leaders in the field. It was based in part on more than 500 survey responses from across all industries and sectors, the largest in the report’s history.

DRI International has published its Ninth Annual Global Risk and Resilience Trends Report. The report provides an independent analysis of current and emerging risks as viewed by those directly involved in resilience management. Supported by the DRI Future Vision Committee (FVC), a group of international thought leaders in the field, it is based on a survey of more than 500 professionals across all industries and sectors, the largest response in the report’s history.

DRI Canada's quarterly magazine includes articles on Hurricane Dorian, London's incident command training, the RIE Toronto Symposium, and more.

This edition of DRI Canada's magazine includes articles on supplemental BCM software, implementing the Professional Practices, telecommunications, and more.

Join DRI Australia and New Zealand's Rod Crowder, CBCP, for this webinar discussing how the Covid-19 pandemic brought about rapid change for businesses and industries across the world, who were forced to implement years of planned digital solutions in a matter of weeks or months. The unexpected need to transition large numbers of employees to a work-from-home model required a major rethink to business and IT delivery models, with risks quickly transitioning from premises and office environments to data centres, networks, software applications and data security. In this webinar, we will discuss how this transition has impacted business continuity planning and how it is evolving to keep pace with the emerging digital-era.

What are the top risks that worry resilience professionals as we emerge into a post-pandemic world? This session will open the event with an overview of how we, as members of this exciting and evolving profession, prioritize and respond to some of our biggest challenges. Based on DRI’s annual survey of nearly 500 professionals across all industries and sectors, our research shows a variety of major issues such as cyberattacks, natural disasters and economic uncertainty. With so many risks at play, DRI’s President and CEO Chloe Demrovsky will provide guidance on how we can build a more resilient future together.

Join us for an insightful presentation from Melanie Subin, Managing Director of Future Today Institute. In this discussion, Subin will delve into the fascinating landscape of risk in an era of ever-evolving technological sophistication. As we stand at the intersection of innovation and uncertainty, this discussion will explore how cutting-edge technologies like generative AI and quantum cryptography are fundamentally reshaping risk across a wide variety of industries.

A proper cyber resilience approach has always required business and technology stakeholders to interact, decide, and set appropriate risk tolerance. But with the National Institute of Standards and Technology (NIST) adding the term “govern” to its framework, what is the opportunity for change and improvement? In this session, we will discuss how merging cyber resilience and cybersecurity under the NIST framework will enable organizations to be better prepared for and better able to respond to and recover from cyberattacks in a more tangible manner.

We live in a post-modern polycrisis world. Our organizations – governments, public and private sector organizations, hospitals, universities – are besieged by a multitude of human-caused, natural and technological risks. Given this, what is the role of the emergency management and business continuity professionals? Our organizations need us to bring order to the chaos. But are we ready to do that?

In this session, we will explore how to navigate the complex landscape of cybersecurity, focusing on the human element. We’ll showcase the power of nurturing a security-conscious workforce through compelling success stories and practical insights. Key highlights of this presentation include: - Understanding the pivotal role of a cybersecurity-focused culture, characterized by resiliency, in safeguarding your organization - Proven strategies for cultivating a mindset of resilience in every member of your team, from top executives to front-line staff - A deep dive into real-world cases where a security-driven and resilient culture has not only defended against cyber threats but thrived amidst challenges, and - Insights into building a culture that not only protects against cyber threats but adapts, endures, and emerges stronger in the face of adversity.

Join UNDRR’s Nehali Anupriya for a unique perspective on cyber risk governance challenges, including the potential risks to international stability posed by artificial intelligence and emerging technologies, and how we can work together through international cooperation to achieve resilience.

Created and maintained by Disaster Recovery Institute (DRI) International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Creadas y mantenidas por el Instituto de Recuperación Ante Desastres Internacional (Disaster Recovery Institute International - DRI), las Prácticas Profesionales para la Gestión de Continuidad del Negocio son un cuerpo de conocimiento diseñado para ayudar en el desarrollo, implementación y mantenimiento de programas de continuidad del negocio. También pretende servir como una herramienta para realizar evaluaciones de los programas existentes.

Créé et maintenu par Disaster Recovery Institute International, Les Pratiques Professionnelles pour la Gestion de la Continuité des Activités est un ensemble de connaissances conçu pour aider à l'élaboration, à la mise en œuvre, et le maintien d’un programme de gestion de la continuité des activités. Il est également destiné à servir d’outil pour effectuer des évaluations des programmes existants.

De “Professional Practice” is samengesteld en wordt onderhouden door Disaster Recovery Institute International. De “Professional Practices voor Business Continuity Management” is een kennisdocument en is een leidraad voor de ontwikkeling, implementatie en het onderhoud van business continuity programma's. Het document is ook bedoeld als een leidraad voor het uitvoeren van evaluaties van bestaande business continuity programma's.

Criadas e mantidas pelo Disaster Recovery Institute (DRI) International, as Práticas Profissionais para a Gestão da Continuidade de Negócios são um conjunto de conhecimentos que visam auxiliar no desenvolvimento, implementação e manutenção de programas de continuidade de negócios. Também podem ser utilizadas como uma ferramenta para a realização de avaliações de programas existentes.

Created and maintained by Disaster Recovery Institute (DRI) International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Created and maintained by Disaster Recovery Institute (DRI) International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Created and maintained by Disaster Recovery Institute (DRI) International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Creato e mantenuto da Disaster Recovery Institute (DRI) International, le Pratiche Professionali per il Business Continuity Management (BCM) sono un corpus di conoscenze progettato per assistere lo sviluppo, l'implementazione e il mantenimento dei programmi di business continuity e anche uno strumento per la valutazione dei programmi esistenti.

Natural disasters, civil unrest, transportation disruption and crime are just a few of the threats that can affect your operations in an instant. How do you actively monitor everything? The answer is threat intelligence. Threat intelligence is increasingly becoming an important early-warning part of broader business continuity programs. This webinar explains the value of threat intelligence, how it connects to broader continuity and resilience program outcomes, and how you can incorporate it into your program. You'll discover how to get ahead of risk and learn from the threats that are actively affecting your operations, locations, and people. NOTE: This is a sponsored webinar with content produced by Riskonnect. The information contained in this presentation represents the views and opinions of Riskonnect and does not necessarily represent the views or opinions of DRI International.

Environmental, social and corporate governance (ESG) has become a major topic of discussion. How should the resilience community navigate ESG to better manage sustainability and develop best practices for their organizations? A new report from DRI International and the National Preparedness Leadership Initiative at Harvard (NPLI), based on input from a wide range of business sectors, will shed more light on the subject.

A recent experience by the Maryland Department of Emergency Management (MDEM) offers a road map that illustrates the challenges and rewards for integrating continuity into public sector planning, and in the process, creating cohesive plans and people skilled in carrying them out.

With natural disasters on the rise and cyber attacks on the nightly news, are state governments ready to meet the challenges and risks of the modern world? For the state of Maryland, the answer to that question is a resounding YES! In this live webinar, hear how Maryland state emergency managers are taking a uniquely effective approach to improving resilience: Training! A two-year program aims to increase resiliency by cross-training staff in business continuity, IT disaster recovery, and cyber resilience. Learn from Maryland OEM's Brian Bauer and Ken Maloney how it’s working, as well as how this approach also benefits both the private sector and public-private partnership initiatives.

As part of the DRI Webinar on incorporating business continuity into statewide emergency management, Alex Abdun-Nabi, Emergency Preparedness Manager for Capital Metro (CAPMET), Austin's public transportation system, discusses his experiences incorporating private sector resilience practices into public sector operations.

What are the top risks that worry resilience professionals as we emerge into a post-pandemic world? This session will open the event with an overview of how we, as members of this exciting and evolving profession, prioritize and respond to some of our biggest challenges. Based on DRI’s annual survey of nearly 500 professionals across all industries and sectors, our research shows a variety of major issues such as cyberattacks, natural disasters, and economic uncertainty. With so much to think about, what should resilience professionals focus on? This year’s predictions highlight still more potential threats on the horizon, including divided public opinions on global climate change measures, cyber vulnerabilities among major IT service providers, unprecedented flooding in the developed world, economic uncertainty in China, and much more. With so many risks at play, DRI’s President and CEO Chloe Demrovsky will provide guidance on how we can build a more resilient future together. DRI Chief Knowledge Officer Lyndon Bird will join her to discuss the latest findings on how business continuity professionals are contributing to climate-related disclosure within their organisations.

This presentation will discuss the importance of carbon capture projects in increasing community resilience. We will highlight the benefits of these projects and explain how traditional business continuity tools like Business Impact Analysis and Risk Assessment can be updated to include climate change data. Additionally, we will present a case study on how New Orleans is utilizing blue carbon projects to increase resilience and better protect that community from future hurricanes. This presentation is designed to provide valuable insights and practical tools for individuals and organisations seeking to enhance their resilience to the impacts of climate change.

This session will outline a case study of a business that found itself at the start of the COVID-19 pandemic without an insurer, a broker, or any risk data. It will explain how they dealt with this situation, the long-term impact on the business, and how they are now turning this situation into a positive by building a roadmap to resilience.

Many of us understand the benefits of aggregating data across disciplines to get a more holistic view of an organisation; but how can we make sure that data is put to use and brought to life? How can we ensure resilience programmes add value, rather than being seen as tick-box compliance exercises? This session will explore some of the ways you can utilise resilience data to help you respond quicker in a time of polycrises, direct your investment strategy to ensure critical services remain resilience, push back on any green-washing of risks, and retain knowledge and functionality in an ever-evolving world.

The private sector is facing a number of new challenges associated with complex scenarios distinguished by cascading effects and concurrencies. As many countries and enterprises now look towards this new normal, it is helpful to reflect on the distance covered so far, and to anticipate what lies ahead starting from the assumption that disruptions will happen. This session will explore the transition from crisis management to the development of a new approach more focused on the strategic role of resilience, including the adoption of new tools and roles, or changes in corporate functions. It will include considerations on lessons learned on adapting to changing conditions, including aspects such as foresight, flexibility and data-driven decision making.

The shift from a traditional business continuity approach to operational resilience is challenging in a global multinational which spans high risk operations to trading and treasury functions. bp is transforming at the same time as the VUCA (volatility, uncertainty, complexity, and ambiguity) world presents complex interconnected risks. In this session, the speaker will explore the challenges involved in applying operational resilience in bp.

We are approaching the midway point of the implementation of the Sendai Framework for Disaster Risk Reduction, 2015-2030. As the first major agreement of the post-2015 development agenda (including the Paris Climate Accord and the Sustainable Development Goals), it provides Member States with concrete actions to protect development gains from the risk of disaster. It advocates for the substantial reduction of disaster risk and losses in lives, livelihoods and health and in the economic, physical, social, cultural and environmental assets of persons, businesses, communities and countries. It recognizes that while the State has the primary role in reducing disaster risk, that responsibility should be shared with local government, the private sector and other stakeholders. This session will discuss the progress with a focus on the support and activities from the private sector including through the ARISE Initiative, UNDRR’s private sector partnership.

Al Berman, President of the DRI International Foundation and recognized expert in business continuity, will provide an overview of this exciting career. Full of opportunity, continuity careers are a chance to affect real change within organizations and this job is never boring. Bring your questions about the current state of continuity and what’s to come. Al Berman has the answers.

As one of the most highly-regulated industries, the final sector understands the value of business continuity and invests in it too. Marsha Buehler, VP of Business Resiliency and Oversight Management, JP Morgan Chase will share her experience in the financial sector and discuss its unique continuity requirements. Buehler is also the Mentorship and International Development Lead for the DRI Foundation’s Women in Business Continuity Management Executive Committee.

Talk about risky business! One of the most fascinating and mind-bending aspects of business continuity is its relationship with insurance and risk. Michelle Cross, Vice President, Fidelity Institutional Business Continuity will discuss how these disciplines should co-exist for maximum resilience.

During this discussion, we will examine what impacts a disaster makes on the everyday supply chains of a manufacturing facility. This topic will provide a baseline understanding of normal distribution models and dive into a real-world event and how an organization was forced to change its model. Participants will learn new insights into managing resources following a disaster and become more familiar with business continuity planning processes.

If audits give you agita, this hands-on workshop is for you! Sure it can be nerve-wracking when the auditors come knocking but if you attend this workshop, you can toss your TUMS and sleep soundly…even when it’s audit season. In this workshop, we will explore planning for an audit (standards/guidelines; purpose, scope, and objectives; and timeline), fieldwork (kick-off, documentation, and interviews); analysis (testing, evidence, and initial draft report); and reporting (communication with key stakeholders, obtaining management response, and issuing a final audit report).

Is your company prepared for the imminent threat of cyber attack? Attend this session to learn how to better prepare for cyber threats, using a practical approach and robust, NIST-based cybersecurity framework. The presenter will demonstrate how to apply the framework in order to measure cyber resilience and improve resilience overall.

TMX Group are winners of the 2022 DRI Award of Excellence for COVID-19 Response and Recovery of the year. In the context of joining the organization mid-pandemic, TMX Group’s Mark Evans shares practical examples of how strong organizational values, effective use of data, and prompt, bold decision-making helped preserve the safety of approximately 1500 staff globally. The end result was zero workplace transmission of COVID-19 and zero disruption to any business processes throughout the pandemic.

While many people have heard of the U.S. National Institute of Science and Technology (NIST) and some have even used some of their resources, most don’t know the full capacity and wealth of information and research available to them, for free. NIST resources include major continuity, resilience and emergency management topics and guidance, such as the Risk and Cybersecurity Risk Management Frameworks, Security and Privacy Controls, contingency and test, training and exercise planning, among others.

Words matter. How we understand each other depends at the very least on the definition of the words we use. When looking within communities, how do you measure resilience? How do you define or rank an asset? There are so many converging issues around community resilience. This session will help unfold and define the most misunderstood terms in community resilience, while enabling attendees to acquire the first steps needed to build community resilience through understanding the who, what. when, where, and how of asset mapping a community.

The basic rule of threes was first recognized by Aristotle who recognized that humans relate and latch onto things that are presented in threes. Fundamentally, eat, drink, and sleep. In writing, we have a beginning, middle, and end. In presentations we have agenda, content, summary. Fire only burns when heat, oxygen, and fuel combine. Survival puts it in a live or die perspective: make a decision in three seconds, breath in three minutes, shelter from a hostile environment in three hours, drink water within three days, eat within three weeks. You get the idea. The rule of threes has many applications in all different areas, including BC/DR efforts. Attend this session to learn how Aristotle can assist with your BC/DR thought process, help you structure your program, and bring a fresh perspective to planning.

The session is a post-Uvalde school shooting report that has changed the dynamics of active attack incidents in schools by empowering all of the people on campus — not just the staff and teachers — as a part of school safety. This case study shows that when data, direction, and emotional reinforcement are made available to people during a crisis, it changes the outcome positively, reduces the number of victims and injury, and increases resilience.

SESSION HANDOUT ESO Tools - The Vision/Traction Organizer In this session, Shane Mathew shares some of the lessons he’s learned from his years of building business continuity programs in various industries, including in government, healthcare, manufacturing, and tech. The focus of the presentation is the concept of transforming your BCM program into a high functioning initiative, by approaching it as one would approach a successful business. Through this lens, attendees will learn some of the common pitfalls businesses and BCM programs face to their success, how to develop and market products that improve demand, and how to manage the whole effort through proven methodologies like the immensely effective Entrepreneurial Operating System (EOS) – a set of simple concepts and practical tools that have helped thousands of entrepreneurs around the world get what they want from their businesses. Additionally, he will share some practical steps on how to implement these concepts into your program- transforming it into one that has direction, executive buy-in, and stakeholder support.

SESSION HANDOUT 5 Eye-openers From the Pandemic. TMX Group are winners of the 2022 DRI Award of Excellence for COVID-19 Response and Recovery of the year. In the context of joining the organization mid-pandemic, TMX Group’s Mark Evans shares practical examples of how strong organizational values, effective use of data, and prompt, bold decision-making helped preserve the safety of approximately 1500 staff globally. The end result was zero workplace transmission of COVID-19 and zero disruption to any business processes throughout the pandemic.

SESSION HANDOUT - Wheel of Assessment Learn practical tools to reverse the condition of burnout and depletion — which is far too common among professional women — while addressing the root cause of unhealthy boundaries. We will look at the impact of long-term crisis exposure and how it affects the nervous system. Participants will walk away with simple, actionable techniques in this session.

Roberto Coronado, Senior Vice President in Charge of El Paso and San Antonio Branches, Federal Reserve Bank of Dallas, is an expert on La economía de frontera – the US/Mexico border economy. As a Senior Economist, Coronado has devoted decades to researching this richly unique region. Coronado’s plenary address will welcome us to Texas with a deep dive into how the US/Mexico border economy fared during the recent COVID-19 pandemic, what’s ahead for this region, and what lessons learned can shape our understanding as resilience professionals.

Globalization is defined as the process by which businesses or other organizations develop international influence or start operating on an international scale. The 21st century was heralded as “The Global Century” with the widespread use of the internet opening up both international markets and supply capabilities that previously seemed impossible. As a result of technological achievements and economic integration, the world has become more interconnected than ever before. Businesses began entering these global markets and developing a just in time” supply chain that took advantage of the lowest prices from single vendors, often importing different parts from multiple locations around the globe to make one finished product. But globalization also brought challenges. Just in time manufacturing opened a risk to sales if just one element of the supply chain failed. The increased transport of parts and finished goods added to the greenhouse gasses causing climate change. The gap between developed and underdeveloped nations grew. The ease of air travel expedited the spread of COVID 19, quickly causing a global pandemic that shuttered the world. Globalized companies quickly felt the impact and “supply chain issues” became part of the daily vernacular of their customers. How do globalization and resilience come together to be convergent forces? Can companies manage cost, efficiency and resilience in a global world?

What risks are you most concerned about? How well prepared are you to manage them? How do you think our profession will change over the next few years? How does corporate ESG demands change your priorities? These are just a few of the questions the DRI Future Vision Committee (FVC) seeks to answer in its annual survey and reports. The Trends and Predictions Reports this year benefited from a record number of survey participants, which resulted in more informative analysis and wider insights for the future of our profession. This will all be shared in an interactive session led by FVC members opened up for comment and debate with attending conference delegates. An issue which emerged as of current and future concern was the relationship between the role of traditional business continuity and the ever increasing demands for corporate sustainability, whether that be climate resilience or the wider ESG agenda. In a discussion between DRI and NPLI (National Preparedness Leadership Initiative) this topic will be explored with the help of strong audience participation. A conference app will allow attendees to provide their further thoughts and opinions during and after the session.

Whether you are a veteran tabletop writer or brand new to the field, this workshop is a creative space to take your tabletop exercises to the next level. The secret to a riveting and compelling tabletop exercise is not hiring a Hollywood screenwriter – the secret is actually thoughtful research and in-depth planning. Our workshop instructors are seasoned tabletop facilitators who will help you hone the art of blending practical considerations, collaborations with external parties, and focused research to create riveting tabletops that keep people thinking long afterward – and lead to significantly improved confidence and resilience for your stakeholders. The workshop will include time for hands-on planning; the goal is for all attendees to leave inspired, refreshed, and with an actionable list of tabletop ideas for implementation.

Learn practical tools to reverse the condition of burnout and depletion — which is far too common among professional women — while addressing the root cause of unhealthy boundaries. We will look at the impact of long-term crisis exposure and how it affects the nervous system. Participants will walk away with simple, actionable techniques in this session.

Join the members of DRI Foundation’s Women in Business Continuity Management Executive Committee for a panel discussion focused on planting the seeds for a growth mindset to keep our plans, our organizations, and – most importantly – ourselves resilient. As our industry evolves, we’ll discuss how we, as women, can expand our capabilities, anticipate future needs, and increasingly adopt best practices from BIAs to incident management to testing – while staying authentic, establishing boundaries, and developing critical skills for success.

Will members of a board of directors like their duty of care served with a side of negligence lawsuits from not investing in preparedness? Are law firms the ones that should be offering business continuity as part of a suite of services on top of regulatory compliance? Will force majeure become a force no more when protecting businesses? The “new normal” is impacting more than we realize. This session will shed some light on the emergence of business continuity and preparedness combining with the legal world.

This session is the culmination of nearly a year of research, surveys, and C-Suite interviews while Young was at the Harvard Kennedy School NPLI studying Executive Meta-Leadership. In this presentation, he explains why the time has come for resilience to be elevated to the C-Suite and how to turn it from a cost center into a business competitive advantage. This paradigm-shifting idea is backed up with case studies, interviews with Fortune 500 C-suite executives, and data visualization.

In this session, Shane Mathew shares some of the lessons he’s learned from his years of building business continuity programs in various industries, including in government, healthcare, manufacturing, and tech. The focus of the presentation is the concept of transforming your BCM program into a high functioning initiative, by approaching it as one would approach a successful business. Through this lens, attendees will learn some of the common pitfalls businesses and BCM programs face to their success, how to develop and market products that improve demand, and how to manage the whole effort through proven methodologies like the immensely effective Entrepreneurial Operating System (EOS) – a set of simple concepts and practical tools that have helped thousands of entrepreneurs around the world get what they want from their businesses. Additionally, he will share some practical steps on how to implement these concepts into your program- transforming it into one that has direction, executive buy-in, and stakeholder support.

Women leaders shine in crisis, absorb chaos, maintain stability, and communicate hope – placing premiums on communicating clearly, responding rapidly, and attending to social protections. A whopping 65 percent of women said the pandemic has made them rethink how and where they work. Come explore why women in STEM careers help the resilience field succeed.

We have lived through the biggest social, health, and economic crisis in the world in the last decades. The pandemic wreaked financial devastation across all industries. The aviation value chain was not the exception, most notably for airlines. Based on McKinsey studies, all subsectors reported massive losses in 2020, except for freight forwarders and cargo airlines, which benefited from a rise in demand for air cargo. The IATA estimates that even though global revenues for airlines rose by 27 percent last year compared to 2020, they were still 44 percent less than what they were in 2019. During this session you will learn about the BCM program that Copa Airlines developed pre-pandemic, the plans that they activated, and how they faced the COVID-19 pandemic to recover the passenger confidence, the business, and their most valuable resource: their people.

Our speakers will share how Texas worked with federal, state, and local organizations to further develop continuity policy and guidance documents, such as the Continuity Guidance Circular (FEMA, 2018). They will also share current resources and opportunities for collaboration available to continuity practitioners to create a continuity community. Their efforts in tearing down silos and creating cross-sector collaboration will be presented along with their plans for the future in bringing private and non-profit organizations into conversations with government.

Attend this can’t miss session to hear from a C-Level executive who truly understands resilience, as DRI Board Director Ray Seid sits down with Uniper CIO Damian Bunyan. About Uniper Düsseldorf-based Uniper is an international energy company with activities in more than 40 countries. With around 7,000 employees, it makes an important contribution to security of supply in Europe. Uniper’s core businesses are power generation in Europe, global energy trading, and a broad gas portfolio. Uniper procures gas – including liquefied natural gas (LNG) – and other energy sources on global markets. The company owns and operates gas storage facilities with a capacity of more than 7 billion cubic meters. Uniper plans for its 22.5 GW of installed power-generating capacity in Europe to be carbon-neutral by 2035. The company already ranks among Europe’s largest operators of hydroelectric plants and intends to further expand solar and wind energy, which are essential for a more sustainable and autonomous future. Uniper is a reliable partner for communities, municipal utilities, and industrial enterprises for planning and implementing innovative, lower-carbon solutions on their decarbonization journey. Uniper is a hydrogen pioneer, is active worldwide along the entire hydrogen value chain, and is conducting projects to make hydrogen a mainstay of the energy supply.

As part of DRI International’s ongoing efforts to maintain the relevance and utility of the DRI International Professional Practices for Business Continuity Management, an extensive revision of substance, form, and function was undertaken beginning on November 1, 2021, and finishing August 1, 2022. Join the members of the Professional Practices Committee to learn about these and other important changes: An enhanced version of Professional Practice Five: Incident Preparedness and Response to include more of the preparation activities related to incident management; More information on identifying various cyber threats and strategies for remediation by integrating cybersecurity activities into business continuity management; Enhancing the use of insurance as a risk transfer tool and providing more specific types of insurance policies that should be an integral part of business continuity management; Introducing more robust data backup techniques; More technology-specific strategies, and; More manufacturing strategies.

This session will present proven practices for managing vendor disruptions. Applying “the best defense is a good offense” approach (the strategic offensive principle of conflict), rings true for planning and mitigating the risk of supply chain disruptions. The presenter will explore general planning practices to manage vendor risk and continuity of operations in the procurement process. Attendees will leave this session with an understanding of a due-diligence approach to engaging and including essential vendors in exercises to identify gaps and surgical actions needed to respond quickly to minimize the impact when a vendor cannot deliver its product and service to your organization which your organization relies upon.

This workshop is intended to be a community-based way of creating a richer database of capability questions. Participants will be provided with access to all questions that were generated during the workshop which they can use in their own organizations. This workshop will present the enterprise continuity program as it is used at Netflix. After a brief presentation, attendees will work in small groups to review one existing asset type with the associated capability questions and be asked to provide additional questions that could be added to a capability survey. The questions must apply to the capability survey categories of availability, response, and recovery. After a short discussion, the same working groups will create their own new asset type and be tasked with identifying three to five questions for each category as it relates to the asset. Then as a collective, we will share our ideas and discuss how the questions affect the availability, response, and recovery of the asset. At the conclusion of this working session, each participant will be given a copy of the work everyone contributed towards which they can use in their own organizations. This is an effort to present a different way of performing capability assessments.

The “Great Resignation” or the “Great Shuffle” provides business continuity professionals a chance to reevaluate careers and explore new professional opportunities. There is no turning back from the workplace changes brought about by the Great Resignation/Shuffle. The move to remote work and changes in job flexibility may not have occurred for another 30 years if not for Covid-19. If you are looking to change your career (internally or externally), you can still land your dream position. It just requires some strategy on your part. This session will focus on how to reposition yourself, ask for better pay, improved work-life balance and flexibility, and more opportunities for advancement at your new job.

With natural disasters on the rise and cyber attacks on the nightly news, are state governments ready to meet the challenges and risks of the modern world? For the state of Maryland, the answer to that question is a resounding YES! Attend this session to hear how Maryland state emergency managers are taking a uniquely effective approach to improving resilience: Training! A two-year program aims to increase resiliency by cross-training staff in business continuity, IT disaster recovery, and cyber resilience. Attend this session to learn how it’s working as well as how this approach also benefits both the private sector and public-private partnership initiatives.

Stepping into a company with a business continuity program that had been dormant for years is quite a challenge. Attend this session to hear about those challenges as well as how the program got back on track. The speaker will discuss the challenges and actions taken to get the program back on the right path. If you had the chance to guide a BC program in a new direction, what changes would you make, and what foundational items should you have in place to move forward? This is a great discussion for those who have stepped into a company to revive a program or for those who are trying to find a new path forward in their own program.

The world of business is now interdependent more than in any other time in history. In addition to the expansion of multi-national companies, local and regional organizations of all sizes and industry sectors maintain cross-border relationships and global supply chain dependencies (human capital, raw materials, and data) that increase operational risk. Business Resiliency Professionals should have a clear understanding of these direct and indirect interdependencies, monitor these threats, and plan for anticipated impacts to their operations. Armed conflicts by their very nature are volatile, multi-regional, and non-linear; security conditions can deteriorate, and aggression escalate without warning. The unique impacts of each conflict must be evaluated and considered. While some will experience the direct impacts of an armed conflict because it is their country/entity involved, exponentially more will experience the indirect impacts. For example, recent conflicts have caused high fuel prices world-wide even for countries not directly involved or directly dependent on the warring parties. This is a key consideration for why business resiliency professionals should include this type of planning in their resiliency planning approach – their businesses are not insulated just because their country is not at war. The panel will share recommendations for ACM pre-conflict planning, crisis response and ongoing crisis management including: Geopolitical Threat and Risk Analysis Critical Staff Resiliency Strategies Scenario Based Exercises Crisis Management and Response Management and Employee Training and Awareness, and Internal and External Collaboration and Communication

The Fire Protection Department of Saudi Aramco has taken proactive measures and demonstrated resiliency by sustaining continuity of operation during recent major disruptive events. They launched a comprehensive study for the business continuity plan to be aligned with the Center for Public Safety Excellence (CPSE) requirements, international organization for standardization (ISO) requirements, and Cooperate Internal Operation Excellence Model which have minimized information and asset losses and played a significant role assisting the recovery and restoration of business normal operations in a timely manner. This will be an exciting and informative session and not limited to the following: business continuity planning and critical elements, risk and threat identification methodology, and leveraging GIS technology in emergency management.

Business continuity professionals are called upon to be as versatile as they are prepared to handle any and all potential disruptions. Versatility is augmented by experience. In the session, an MBCP and veteran of three industries shares lessons learned and best practices for logistics, healthcare, and IT. Discussion will include privacy, supply chain, SLAs, and more. Attend this presentation to ensure that your program will meet both requirements and expectations.

As business continuity professionals, we may be asked to be part of the vendor selection or management process. “Where do I start?” and “What should I be looking for?” are just the start of many questions to come. During this interactive workshop, you will learn to look at vendor management through a continuity lens — from contract language to contract expectations. We will offer suggestions for what to include – and not include – in your contracts and discuss how to review vendor contracts to help ensure that your organization is getting the RTO, RPO, and service levels specified. We will dissect a force majeure clause and discuss the ramifications it could have on your contract. The goals of the workshop are to provide sample language that could be used in your company’s service agreement boilerplate; provide examples of language that should NOT be in a service agreement; and provide tips on how to help your procurement team with reviews from a continuity viewpoint. Bring your questions or examples of difficult language that you have had to live with. NOTE: For this workshop, a vendor is supplying goods or services that your company is consuming while doing business. This is not a workshop on supply chain management.

The Journey to Resilience continues to evolve, and is different in many cases, based on your Enterprise, business requirements, and relevant regulations. As a result, the program components and areas of desired improvement are also different. In this session, David Halford will explore program areas you should consider as part of your Resilience journey, discuss the overall journey, and share practical ideas on how to plan and move the relevant journey along. In addition, Halford will demonstrate the value of using a system to support your program, enabling you to easily manage, visualize, and use your information effectively. You’ll leave the session more confident and ready to continue your Operational Resilience journey.

Companies in all industries are committing to adopt Operational Resilience (OpRes) models. But, without the regulatory guidelines imposed on banks, most companies struggle to explain the need for change, what an operational resilience program looks like in their industry, or what they will do differently. During this session we will discuss what successful operational resilience programs look like for companies that aren’t banks. We will outline the journey to transition to OpRes, highlight some successful operating models and discuss the pitfalls you will need to navigate to make OpRes a reality for your organization.

Operational Resilience (OpRes) seems to be the new buzzword in the industry. Is there something interesting about it, or is it just the next flavor of the day? In this session, three industry leaders will discuss their take on Operational Resilience. They will present an overview of recent drivers for OpRes, namely regulatory requirements in the Financial Services Industry (FSI) and the increasing pressures of unhindered operations in an interconnected customer-centric world. They will then outline what it means for organizations inside and outside the regulated industry. Finally, they will wrap up with challenges to consider when thinking about adopting Operational Resilience capabilities in your organization.

2022 was a landmark year at DRI International. Our community is not only rebounding from the pandemic but also has been growing by every metric. From our popular Cyber Resilience training and certification program which continues to break records, to finding unique ways to serve you through organizational certification and custom training programs to continuing strong demand for our core Business Continuity programs, it is clear that the resilience profession is growing in visibility and prestige. We are continuing to find fresh ways to engage with you across every platform and can’t wait to see more of you in person again in 2023 whether at DRI2023: The Business Continuity Conference, a newlyreturning DRI Collegiate Conference, or an in-person class.

DRI International's Eighth Annual Predictions Report offers resilience predictions for the profession by the profession. Providing a roadmap of the issues resilience professionals may face in the coming year, the report was developed by the DRI Future Vision Committee (FVC), a group of international thought leaders in the field. It was based in part on nearly 500 survey responses from across all industries and sectors, the largest in the report’s history.

The DRI International Global Risk and Resilience Trends Report is now in its eighth year and continues to provide a global view of resilience trends. Written by the DRI Future Vision Committee (FVC), it gives an independent analysis of current and emerging risks as perceived by professionals directly involved in managing resilience. The FVC consists of international thought leaders and experts in all aspects of resilience management. The key input is the annual survey of certified resilience professionals which provides much of the base data for the conclusions,

DRI has partnered with CRJ to provide DRI Certified Professionals access to a PDF version of the most current issue. To access the ‘Flipping Book' version of the current digital issue plus access to the CRJ 15 year back issue library will require a separate subscription. CRJ offers DRI Certified Professionals a digital subscription for only $15 and hard copy subscription for only $100, a significant discount from the list price. To take advantage of this offer, go to https://crisis-response.com/discounted_subscriptions and enter the discount code DRI15 or DRI100.

De acuerdo con el reporte de la Contraloría General de La República de Costa Rica sobre la continuidad de la entrega de servicios por Covid, el Banco Nacional de Costa Rica es la única institución pública en el país que alcanzó un nivel óptimo en la Continuidad Institucional. Este Webinar busca mencionar las acciones y caso de éxito que han hecho que el Banco Nacional de Costa Rica lidere procesos exitosos para dotar de resiliencia a sus procesos, beneficiando al cliente final con productos y servicios de alta calidad. El expositor, Randall Villalobos, CBCP, es el Gerente de Continuidad de Negocio del Banco Nacional, banco líder en el mercado financiero costarricense con un enfoque a la experiencia del cliente y con la innovación como su estandarte. Randall es líder con amplia experiencia en desarrollo e implementación de proyectos. Es líder con conocimientos de normas y mejores prácticas internacionales como las del DRI Int., respaldado por la experiencia en su implementación y mejora en las organizaciones. Ha sido el encargado de la Oficina de Continuidad de Negocio del Banco Nacional desde el 2013 y hasta la actualidad.

In this fascinating case study session, you’ll see how Delta Dental created an entire business resilience program in under 18 months, all during a pandemic. It will examine the four sectors of the program: - Workplace Safety - Emergency Response - Crisis Management - Business Continuity The session will cover the importance of creating an operational roadmap, getting the right people on board, policy development, realistic budgeting, equipment purchasing, program implementation, training & exercising, and continuous review. You’ll learn how each sector was created with the overarching ideal of being ready to respond, while also keeping continuous improvement in mind. While creating and developing these sectors, Delta also created cross functionality with all groups within the enterprise. Additionally, the speakers will show how the team took the lead on enterprise screening, contact tracing, case tracking, and responding to compliance requirements during the COVID-19 pandemic. Finally, you will learn how Delta took a holistic approach to its Workplace Violence Program, focusing on prevention and awareness, to lessen the likelihood of a workplace incident.

With over 20 years’ experience building, developing, and leading program governance frameworks and strategies for three major companies, Walmart’s Robyn Kimbro joins us to share the key elements for experienced resilience practitioners addressing ongoing program maturity and building resilience. So, you have an established, mature program – now what? The answer is a lot, and that includes answering questions like these: Are your program requirements not stringent enough, just right, or really complicated and time-consuming to meet? If you’re a global company – is your program globally relevant, and does it meet regulations or requirements for other countries? How strong and far-reaching are your partnerships? How do you benchmark with other companies? How do you market your program? What programmatic stats are you collecting through your enterprise tool? Are executives interested in those metrics, and what do these statistics drive your leadership to do?

Peter Morris embarked on his journey with disaster recovery, business continuity and now operational resilience over twenty years ago. His “Distant Lands” presentation will offer his observations on crisis events and from his experience comment on what connects them, how their impact ripples across the world and their consequences. He will also share some new thinking which may change the resilience community’s strategic approach to disruptive events.

DRI welcomes Dr. Gianluca Pescaroli for an in-depth tour of his research on building and improving the continuity of operations during disruptive events, minimizing their impacts, and increasing resilience of the public and private sectors. This includes managing complex challenges such as cascading risks, critical infrastructure failures, systemic and compound dynamics. His work is impact -oriented, aiming to bridge academia and practice. In 2016, he co-founded the Research Group on Cascading Disasters at UCL. Since then, he contributed to strategic documents such as the UN Office for Disaster Risk Reduction’s Guidelines on National Risk Assessment, and edited reports such as the Guidelines on Cascading Effects of Wide-Area Power Failures in collaboration with London Resilience.

"Those who cannot remember the past are condemned to repeat it." Whether you align to this original quote communicated by George Santayana, or the latter summary by Winston Churchill, the underlying message is spot on. The year 2020 brought with it a pandemic, civil unrest, and multiple natural and human-made disasters. What have we learned? Are there things that we should have known? Better yet, what approach can we use to apply the results of our lessons (mid-stream or post), to move the needle of resiliency forward? During this session, leveraging hindsight, we will align the three Cs (clarity, communications, and connections) to industry strategies, such as the Stockdale Paradox, to build next steps. Looking back, to see the path forward. “It is in the challenge, in the change, that we learn our greatest lessons.”

Join us for a discussion from a global manufacturer’s perspective on how their supply chain has been impacted with their business continuity teams playing a key role in its resiliency the past few years. Included in this session are: • Key supply chain components and contributors • Common known and unforeseen supply chain challenges • How Covid-19 played a role in magnifying them • Improving visibility and structure • Forward planning with benefits of agility over accuracy • Forward planning with benefits of agility over accuracy

As IT threats continue to grow, IT outages will remain a rising challenge for organizations. Therefore, it becomes crucial to develop disaster recovery strategies and implement IT resilience capabilities to protect the most valuable assets and services. Advancements in communication and technology have reshaped the development of disaster recovery solutions over the cloud that have become an attractive approach and a fundamental part to sustain business operations. The presentation provides an overview of the evolved service continuity concept and capabilities of IT resiliency in a cloud environment, and other elements necessary to enable the effective implementation and operation of an IT service continuity program.

Wondering if you've got your business resilience bases covered? Attend this session to find out. We'll cover plans for emergency response, crisis management, IT/DR, and business units as well as industry standards, regulations, and guidelines. We'll also take into account the unique business sector needs of financial services, food and beverage, manufacturing, retail, and healthcare.

Taking Netflix’s unique culture into account, we have developed a strategic vision for the Enterprise Resilience (ER) program to identify where our critical assets are, how resilient they currently are, and how to increase their resilience when and if needed. This process includes: • Educating leadership and risk owners of their resilience risk posture • Developing a critical interdependency map to identify areas of unseen risk • Providing guidance and mitigation expertise to risk owners who require it The framework is built on the development of standardized, intuitive, and quantifiable business continuity, technology continuity, and corporate resilience measurements enabling teams to be aware of their resilience posture and to make the best possible resilience decisions.

Cyber resilience and business continuity — both are important and work best when they work together! That’s not easy to accomplish, but not to worry. Attend this mind-blowing session to learn how to establish cohesion between the two at an entity level without sacrificing your sanity. We will tackle typical organizational barriers impacting resilience and what to do about them. Where does business continuity sit in the organization and why does that matter? How do you get the CISO and BCO on the same page? How do you link plans and processes? What about including BC in cyber incident response planning? And how do you bring it all together? You’ll leave this session energized, informed, and with a BC and cyber resilience checklist to help you obtain and maintain cohesion — and calm.

Are you aware of the various chokepoints that may be affecting your organization? During this session, we will look at physical and/or natural issues, as well as operational issues, that ultimately affect your day-to-day production capabilities. The discussion will involve topics global in nature, including technical threats to your supply chain or delivery chain. Don’t forget that delivery of your products may be just as important to your customers as supply chain issues are to you. You will leave this session with a better understanding of chokepoints or obstacles within your organization and how to address them. You will also gain a better understanding of the cyber issues that arise in operations today, as we look at some of the more well-known cyber threats including ransomware.

When we boil it all down, people are a business' single most critical asset. Of course, we plan to have backups for key personnel, but what happens when our people are also affected by the same disaster and repercussions that impact our business? This presentation is intended to provide insight into why it's in a business' best interest to encourage people to have their own disaster preparedness plans and what their plans need to include. Disasters impacting your personal life are no joke and neither are family and household preparations. This session will refresh you on what we planners sometimes forget about: why people are so critical and what’s involved with personal disaster preparedness.

We are entering the third year of the COVID-19 pandemic. The Omicron variant has caused an extremely high case rate that has disrupted many businesses’ operations. What do business continuity professionals need to do now? When and how can a safe return to the workplace resume? There have been many lessons learned from the pandemic, but what measures should be retained to improve worker safety and business continuity? This session, provided by a 30+ year CDC expert, covers all of these topics and more. There are CRITICAL steps that every business needs to take NOW to protect the workforce and business continuity going forward.

In this session, we will explore the supply chain landscape and boundaries in today’s world. How do these issues affect our risk and impacts, and most importantly how do we prepare, protect and recover? The presenter also will share the best options to test supply chain continuity plans and the benefits of this approach.

Every Tuesday, the WBCM Committee hosts a lively “2 Question Tuesday” discussion in the WBCM LinkedIn group, with one personal and one professional question posed to group members. This Tuesday, it’s 10 Question Tuesday LIVE in Las Vegas! All are welcome to attend this fast-paced, participatory session. This is your chance to be candid, curious, and part of the most vibrant new discussion group in the profession!

That’s a good question! Attend this session to find out the answer and to explore the hidden risks in your cloud backup strategy. We’ll also discuss how to ensure that backups are occurring, data restoration exercises to validate your backups, segregating production backups, using redundant systems, the dangers of accepting mirrored data as backups, database corruption, and ransomware.

What risks are you most concerned about? How well prepared are you to manage them? How do you think our profession will change over the next few years? In this highly-interactive session, participants will have the opportunity to vote on a number of the key issues which have emerged from the DRI Future Vision Committee regular reports (Trends, Predictions and Careers). The presenter will respond to voting as it happens, providing instant feedback and opinion. Please come to this session ready to participate, debate, and even argue if you wish. Challenging and controversial opinions are welcome. Your input and the conclusions we reach as a group will be included in future FVC reports and will influence DRI thought leadership perspectives.

The presenter will review recent crisis communications case studies and lessons learned from events across the globe. By the end of this interactive session, attendees will learn how to turn challenges into opportunities during a disaster, and how to communicate effectively to both internal and external audiences through a solid crisis communications plan.

Climate change, globalization, and the intricate complexity of multiple operational risks (e.g. supply chain, technological innovations) have challenged Business Continuity Management Professionals to quickly respond to and recover from a growing number of business disruptive events. The need to strengthen business resiliency cannot be questioned, yet promoting the physical and mental well-being of recovery teams and continuity professionals is, in many cases, still not being prioritized. This session teaches participants how to leverage mindfulness to optimize incident management while lowering stress and increasing emotional intelligence and effective decision-making. Scientific research and an overview of how the human brain works will be provided to understand how and why mindfulness is a value-add discipline. Short-guided meditations and practical “mindfulness on the go” tools will be included as part of this training session.

Imagine walking into your boss’ office announcing that you just helped your organization save up to 20% of its annual insurance spend for the next 5-10 years. In this “hard market”, executives are struggling to find the balance between investing in business continuity programs and investing in insurance. However, this creates an opportunity to find new ways to add value to your organization and demonstrate a return on investment. During this session, we will discuss how the insurance industry looks at business interruption insurance, how business continuity and disaster recovery programs can improve the outcomes of your insurance negotiations, and how to more effectively work with risk managers. We will explore how re-framing the roles that insurance and business continuity play can help you improve the efficiency of your insurance programs, “right size” your insurance and resilience programs, and leverage your claims data to be more effective.

Year after year of unprecedented change has necessitated that organizations be prepared for a crisis situation. What can you expect to happen in 2022? Is your company ready for the next crisis? In this session, Experian provides five predictions from their 9th annual report of what disasters may lie ahead in 2022. They will also provide the latest insights to be released in the annual Ponemon Data Breach Preparedness study – letting you know how others in the industry are faring, the latest threat vectors, and pitfalls to avoid. This is a session you don’t want to miss.

Using Costa Rica as a reference for the Business Continuity Management in Latin America, this presentation makes a review of the public management in the face of the COVID-19 emergency for management of institutional continuity, management of financial sustainability for the continuity of critical public services and management and state of the continuity of public services in the emergency.

Understanding third party vendor risk is essential for organizational resiliency. This session will address best practices for assessing vendor risk and resiliency. We will review how to evaluate residual risks and potential impacts to incorporate vendor risk into a comprehensive resiliency program. We will also review using data analytics to better quantify and rate residual risk.

Organizations can play an active role in the resilience of their communities by establishing a Center of Excellence in Resilience. Community resilience builds by utilizing ground-up/grassroots efforts and a Center of Excellence is a top-down approach. By bringing these together in this session attendees will learn what, why, and how to build a grassroots community resilience program into the creation of a Center of Excellence.

There are many ways to describe the global events that have unfolded over the course of the last year. Overwhelming, uncertain and pivotal come to mind. But also courageous, caring and resilient are a few ways that we might describe our collective experience as resilience professionals. Our goal at DRI International is always to provide you with learning-focused opportunities that will add value to your certification, help you grow as professionals and empower you to give back to your community. In 2021, that goal felt more meaningful than ever. We worked hard to bring you quality virtual programming to support you through your response to the ongoing COVID-19 pandemic and the seemingly never-ending onslaught of cyberattacks, severe weather events, supply chain disruptions and the like. Read on to learn about just a few highlights from our activities over the last year.

What does 2022 hold for the resilience community? Find out with the DRI Future Vision Committee's 7th Annual Predictions Report - resilience predictions for the profession by the profession. This report looks at what to expect in the coming year, including the continuing pandemic response, climate change, global inflation, power grid attacks and much more.

DRI International has joined with Harvard’s National Preparedness Leadership Initiative (NPLI) to develop a new report, “Covid-19: An Analysis of Leadership Styles and Outcomes.” This research uses the coronavirus pandemic to inform future preparedness and response efforts. Researchers interviewed executives from a variety of industries to gain understanding of their “meta-leadership” capabilities, a holistic view of the challenges leaders take when managing complex crisis situations.

The DRI International Global Risk and Resilience Trends Report is now in its 7th year and continues to provide a global view of resilience trends. Supported by the DRI Future Vision Committee (FVC), it gives an independent analysis of current and emerging risks as perceived by professionals directly involved in managing resilience.

Communication is key -- especially in a crisis! In this webinar, you'll hear from crisis communications experts who will draw on their experiences to help you get a handle on what to say -- and what not to say -- as well as how to craft messaging that will inform others while serving your organization. Featured presenters: - Suzanne Bernier, CEM, CBCP, MBCI, CMCP, President, SB Crisis Consulting - Bob Jensen, Senior Managing Director, Strat3 LLC - Jessica Kindig, Exercise Program Manager, Indiana Department of Homeland Security

For DRI’s latest webinar we look at the relationship between organizational and operational resilience, and the regulations in-between, with three of the UK’s top professionals: - Dr Aaron Gracey, Managing Director of Squared Apples, will introduce listeners to the concept of Organisational Resilience and how organisations should start to review how they develop their frameworks in order to incorporate the capability. - Mike Price, Managing Director of Resilius Consulting, will introduce listeners to two new policy and regulatory landscape changes. While they target principally the finance sector, he will explain why they have wider implications into others. - Steve Yates, CBCP, Director of Acertia Unlimited, will close the presentation by delineating the relationship between organizational and operational resilience.

During the mindfulness webinar, presenter Karina de Allicon led an exercise following the LABEL technique: - Label the challenging thought or emotion - Allow it to be here - Breathe - Explore how the thought or emotion manifests itself in the body - Listen to the sounds around you

DRI International is proud to welcome Michael Berkowitz, Founding Principal of Resilient Cities Catalyst, who will draw upon real-life experiences from around the world to address reducing risk and increasing resilience in a post-Covid world.

It’s what you’ve all been working on - so let’s talk about it. Success, challenges, strategies for returning to work, it’s all fair game for our pandemic panel. - Kristina Cory, AVP – Network Planning – AT&T Technology Operations, AT&T

It’s what you’ve all been working on - so let’s talk about it. Success, challenges, strategies for returning to work, it’s all fair game for our pandemic panel. - Eric McNulty, Associate Director, National Preparedness Leadership Initiative, Harvard T.H. Chan School of Public Health

It’s what you’ve all been working on - so let’s talk about it. Success, challenges, strategies for returning to work, it’s all fair game for our pandemic panel. - Deb Ladendorf, Senior Manager – Global Compliance Program Management, Transunion

Welcome to the 2021 DRI Resilience Excellence Summit! DRI President and CEO Chloe Demrovsky offers some updates on DRI's activities over this challenging year and some information on what our resilience community can expect in the future.

BlackBerry's David Wiseman and Ramon Pinero discuss how AI and machine learning will completely transform the Critical Event Management landscape, what a next-gen critical event management system would look like with a use case to illustrate the dramatic impact AI/ML can have on a cyberattack disaster response. David and Ramon will also provide a visionary roadmap of how BlackBerry sees these capabilities evolving over the next few years to manage modern-day threats.

If there’s an issue bigger than the pandemic, it’s cyber resilience. Take note as our cyber resilience panelists cover current issues and challenges. Panelists: Wade Richmond, CEO, CISO ToGo

If there’s an issue bigger than the pandemic, it’s cyber resilience. Take note as our cyber resilience panelists cover current issues and challenges. Panelists: Lincoln Geode, Cyber Security Consultant, Xcel Energy

If there’s an issue bigger than the pandemic, it’s cyber resilience. Take note as our cyber resilience panelists cover current issues and challenges. Panelists: Rakesh Pande, Founder/Instructor, DRI India

2020 was a difficult year for everyone and the crisis is far from over. I want to acknowledge the ongoing challenge presented by Covid-19 and share what DRI is doing to continue assisting you. We know that our resilience professionals around the world are still actively responding to the public health crisis. Our continuity community is rising to the mounting challenges brought on by this pandemic. We have tremendous faith in your skills and dedication and we are beyond proud to be associated with such tireless and innovative professionals. Please know that we are here for you during this unprecedented global response.

What does the future hold for the resilience community? Find out with the DRI Future Vision Committee's 6th Annual Predictions Report - resilience predictions for the profession by the profession. This report looks at what to expect in 2021, including the COVID-19 vaccine rollout financial challenges, extreme weather, global unrest, and much more.

Has India Managed to Convert the Pandemic Threat Into an Opportunity? The answer to this is two parts: 1) The decisions taken by the Indian government in dealing with the threats/risks, analyzed by Rakesh Pande, and 2) The operational industry insight by Harsha Sastry, providing a brief of industry responsiveness and uncertainties, and strategies adopted to secure people, assets, environments, business operations and the overall federation enabling continuity and resilience overall.

Supported by the DRI Future Vision Committee (FVC), the annual Risk and Resilience Trends Report gives an independent analysis of both external issues (current and emerging risks) and internal concerns (resilience management as a profession). The FVC consists of international thought leaders and experts in all aspects of resilience management.

El DRI se complace en anunciar el siguiente webinar gratuito en español del 2020. Este es un evento que se entrega como un beneficio para nuestros profesionales certificados y a la comunidad de Continuidad de Negocio.

As a business leader, you may be tasked with advising about or making reopening decisions in the midst of the ongoing COVID-19 pandemic. With the health of both your business and employees at stake, this is not a simple undertaking, and the choices you make now will have far-reaching-and potentially future-defining-consequences. Before committing to any one course of action, you and your team will need to answer many fundamental questions, such as: - When, and how, can we return to the workplace? - What are the most effective ways to protect our team and customers? - What are the six key parameters that inform return to the workplace decisions? - How should we interpret and apply emerging evidence and public health guidance? Dr. Lisa Koonin will provide these answers and more!

Is the coronavirus pandemic actually the death of the city or will our superstar megacities bounce back brighter than ever? Experts have debated the issue without consensus, so I decided to go directly to a leader who is not only an expert on cities, but also on what makes them resilient to shocks like the Covid-19 pandemic. As the Founding Principal of Resilient Cities Catalyst and the former President of 100 Resilient Cities, Michael Berkowitz has made a career of assessing what ails cities and how to free them from those constraints. Does he think it’s possible to get out of a challenge as big as this?

Summer is drawing to a close, schools are reopening (maybe), and the pandemic feels like it’s going to slog on forever. The future is wildly uncertain and yet the days drag on predictably. How can we create moments of serendipity to break up the monotony? To find out, I spoke with Dr. Christian Busch, Director of the CGA Global Economy Program at New York University and author of The Serendipity Mindset about how we can pursue moments of serendipity or “smart luck”. I hope that his words bring you some optimism and inspiration.

Community management expert Lisa Orloff provides an overview of effective disaster exercises to assess your business continuity plan. The webinar reviews the key learning objectives of successful models including DRI's Professional Practices for Business Continuity Management, The Homeland Security Exercise and Evaluation Plan and World Cares Centers Boots on the Ground X. The training is meant to be flexible, scalable, and adaptable so that participants can adapt what is useful to the size and type of organization.

Hiring the right business continuity professionals will enable your organization to withstand any crisis and come through even stronger. Because of the importance of these positions, more and more organizations are exclusively recruiting certified business continuity professionals. As the oldest and largest nonprofit institute representing business continuity management and resilience fields, DRI International has developed a guide to help you entitled Hiring a Business Continuity Professional.

Juan Carlos González Cardozo, CBCP, consultor, conferencista e instructor internacional en materia de Gestión del Riesgo Empresarial, Resiliencia Organizacional, Gestión de Continuidad del Negocio y Gestión de Crisis conversa sobre los lineamientos estratégicos de la Gestión de Continuidad del Negocio en momentos de Pandemia, como orientación a la Dirección de las organizaciones en la preservación de sus operaciones y en la mitigación de los efectos del Covid-19.

While organizations are overwhelmed meeting the challenges of a pandemic, cyber criminals have found a perfect opportunity to attack. On May 14 at 2pm ET, DRI welcomes Dr. Pano Yannakogeorgos of the NYU Center for Global Affairs for an up-to-the-minute look at cybersecurity in the age of COVID-19. The Faculty Lead of MS Global Security, Conflict & Cyber, Dr. Yannakogeorgos will cover recent examples of how hackers have taken advantage of the crisis, how governments and grassroots efforts have responded, and the risks of shifting to remote work without cybersecurity procedures in place, before addressing questions from attendees.

En este momento seguramente ha sido bombardeado con material sobre COVID-19. Desde una amplia gama de proyecciones para la propagación del contagio, hasta consejos sobre cuánto tiempo lavarse las manos, el uso y la eficacia de máscaras quirúrgicas, retórica política y personas en negación, el flujo de información nunca cesa. El objetivo de este documento técnico es alejarse de lo dramático y dirigirse a los aspectos más prácticos de la situación actual y los problemas que enfrentaremos ahora y en el futuro.

Businesses will have to show they have adequate safety measures in place when they reopen during the coronavirus pandemic, according the CEO of a nonprofit that helps businesses with disaster recovery in an interview with CNBC.

From a safe social distance, I’ve been fielding frantic calls from organizations that don’t have a business continuity plan to help them respond to the spread of the COVID-19 global pandemic. I’ve also gotten calls from those who do, but there is nothing in it for a pandemic scenario, which manifests itself differently from natural disasters or cyberattacks. If you don't have a business continuity plan in place, these basic steps will help get you started.

Join us for a presentation and discussion on COVID-19 and what it means for businesses with Megan Coffee, MD, PhD, Clinical Assistant Professor, Dept. of Medicine, NYU Langone. She offers an up-to-the-minute presentation on the current state of COVID-19 response and answer questions from the audience in a special live Q&A.

Working from home during a crisis can be challenging. Here are a few pointers to help you set yourself – and your new workspace – up for success.

By now you have certainly been bombarded with material about COVID-19. From a vast array of projections for the spread of the contagion, to tips on how long to wash your hands, to the use and effectiveness of surgical masks, to political rhetoric and deniers, the flow of information never ceases. The objective of this white paper is to veer away from the dramatic and head toward the more practical aspects of the current situation and the issues that we will be facing now and in the future.

From concept to operation and then operation to maturity, it is a journey. Present during this eight year journey, our speaker will talk with you about maturing the business resiliency program including tools, processes, and managing risk. The evolution of the toolset and the challenges to reach mature alerting and response, compliance, data integrity, and the continuous improvement process that produced a streamlined model meeting the needs of a dynamic customer base.

In our busy lives, we work hard personally and professionally to solve problems, respond to incidents, and help others. Yet we often forget to take care of ourselves. In this session we’ll explore techniques for bringing together what we’ve have learned from WBCM’s earlier sessions to develop individual action plans to achieve the success we desire. Attend this interactive session as we share tips and tools to nurture our mental, physical and emotional health while building a professional brand and personal road map that is aligned with our values, work style, and personal preferences. We will harness the power of visualization and other strategies to transform our thoughts and create powerful new narratives.

This hands-on, interactive workshop promotes preparedness among public and private entities when faced with a long-term power outage caused by a cyber-attack. The National Preparedness goal describes what it means for the U.S. to be prepared for all types of disasters and emergencies, including the possibility of a cyber-attack aimed at our Nation’s infrastructure. In May, the President signed an executive order on cybersecurity designed to protect critical infrastructure, including the national power grid. Large-scale power outages are not a new concern for emergency managers. A December 2016 power outage in Ukraine linked to a cyber-attack. An organization’s ability to perform its essential functions is based on key elements of leadership, staff, communications, and facilities. When faced with a prolonged power outage, lasting several weeks, will public and private continuity plans allow organizations to continue to provide these essential functions? This workshop will present participants with the opportunity to examine plans and procedures to discover the ability to sustain operations.

Calling all DRI2020 attendees! You have an important job in real life…and at this year’s conference. The DRI Glossary Committee will be surveying all conference attendees for your opinions on new terms under consideration for inclusion in the DRI International Glossary for Resilience. New terms being considered reflect our changing and expanding profession, with terms in cyber resilience, healthcare continuity, public sector and plan testing. Terms will be discussed and results revealed during this session. The Glossary is carefully curated by industry experts to present best-in-class definitions for terms used in our profession. Regularly updated, the aim of the Glossary is to promote a common set of universal terms in order to reduce confusion and remove inconsistencies. For information, visit the DRI International Glossary for Resilience.

We have fire drills in school and in the work place to prepare: we know who the class monitor is, we know the “safe” place we are supposed to go, and we know with whom we have to check in with … Given that a fire is very disruptive to business operations, businesses prepare. So, why aren’t businesses doing the same BEFORE a cyber incident – or worse yet – breach? Even if you put numbers on paper for your local FBI office, your insurance agent and your cyber attorney, have you sat down with them and ran drills to prepare for the “when” or are you waiting for when your business is already in turmoil? Having established lines of communication before, during and after any crisis is critical for a business to weather the storm and to successfully emerge from the settling dust. Hear from legal experts, law enforcement officials and business executives on how to establish these relationships and how to manage your response and your messaging internally and externally to ensure ongoing operations despite threat actors’ best efforts.

A pandemic occurs when there is the emergence of a new virus that spreads rapidly between people all over the world, causing illness and death. Pandemics can have a significant impact on businesses, producing high levels of worker absenteeism and disruption of business functions. Although the emerging outbreak of the novel corona virus has not yet been declared as a pandemic as of February 2020, cases are mounting and disruptive global impact on supply chains is increasing. Currently few businesses have incorporated specific plans for a pandemic in their business continuity plans, leaving them vulnerable when a pandemic strikes. This highly interactive workshop will be conducted using a “table-top” exercise format. Information will be provided about pandemics and their potential impacts on businesses. Practical steps that businesses can take to protect their business, workforce, and customers will be discussed, and participants will have the opportunity to discuss these strategies in an interactive tabletop exercise. By the end of the session, participants will have essential information to begin to incorporate pandemic planning in their business continuity plans.

Leaders – whether in business, government or the nonprofit sector – take risks but often without fully understanding risk at a strategic level. Expanding upon the well-known “ESG” risks, this book explains the key nonfinancial (environmental, social, governance and technological or ESGT) risks. For many leaders (including board members), taking risk without knowledge or preparation can lead to organizational crisis, scandal and value destruction. For those who are prepared, resilience follows and so does the ability to transform ESGT risk into opportunity and value for stakeholders. In this session, global governance, risk, ethics and cyber strategist, author and board member, Andrea Bonime-Blanc, shows practitioners at all levels how to effectively identify and manage their top ESGT risks to avoid crises and transform risk into sustainable long-term resilience and value.

Natural and man-made disasters can strike without warning. During a large-scale disaster, no one expects to be left alone by municipal emergency responders. However, when a large disaster strikes, emergency responders will be hours, if not days away from assisting corporations. Corporate self-sufficiency is paramount not only to the successful recovery to business normalcy, but for the well-being of its employees and the company’s reputation. This session examines the thought processes and subsequent actions all corporations should take to attain self-sufficiency during major disasters. It also includes a hands-on component to demonstrate thinking beyond the incident itself.

This presentation examines the specific relationship between Business Continuity Planners (BCP) and Human Resources (HR) personnel regarding crisis management. Through examples, participants will see the need for HR-specific group training and exercises. Most HR professionals are not formally trained to handle crises. Hence, they fall short when it comes to responding to large-scale emergencies affecting their companies and their employees. BCP professionals write plans for execution during emergencies of all types, but HR must be prepared for employee interaction. This presentation will give specific activities HR personnel must learn to deal with crises. A key point of the training is to show how business continuity professionals should engage HR in times of crisis.

What risks are you most concerned about? How well prepared are you to manage them? How do you think our profession will change over the next few years? In this highly-interactive session, participants will have the opportunity to vote on a number of the key issues which have emerged from the DRI Future Vision Committee regular reports (Trends, Predictions and Careers). The presenter will respond to voting as it happens, providing instant feedback and opinion. Please come to this session ready to participate, debate, and even argue if you wish. Challenging and controversial opinions are welcome. Your input and the conclusions we reach as a group will be included in future FVC reports and will influence DRI thought leadership perspectives.

Larry Chase will speak to his unique and proven approach to smashing through traditional barriers and earning a sustained executive buy-in. Larry will share logistics of key successes in gaining ground in program maturity and execution through proven and thoughtfully targeted training/awareness programs. Learn more about his winning strategic model which time-and-time-again results and focused on a ‘practice like we fight’ mindset. See what happens when you color outside the lines and ‘challenge everything’ so as to closely align a rapid program elevation agenda to a company’s most treasured values…and how to win with a top performing capability.

Attend this session to learn the “real world” lessons of building community resilience from 30 years of “on-the-ground” experience facing annual disasters. Learn the best corporate and community resilience practices from former Tropical Shipping CEO Rick Murrell. From the company’s Virgin Islands Hurricane Hugo experience in 1989 to the 2019 Dorian experience, Rick imparts a wealth of “real world” disaster resilience wisdom. Tropical shipping has employees operating in ports from Canada, South Florida, and throughout the Caribbean to Guyana in South America.

Learn about JetBlue’s Business Continuity and Emergency Response Team and how we respond to crisis events to provide support to our Crewmembers and community, most specifically during Hurricane Dorian that devastated parts of the Bahamas in September 2019.

The Illinois Department of Innovation and Technology (DoIT) is the IT service provider for the majority of the 63 agencies, board, and commissions (ABCs) under the governor. Their cyber resiliency, business continuity, and disaster recovery (CRBC) team is tasked with ensuring information systems and infrastructure are resilient and available for continuous delivery of services provided by the state to the constituents of Illinois. The CRBC team acts as the recovery and continuity experts who liaise with the business owners and translate business needs into disaster recovery and cyber resiliency data points. The CRBC team succeeds by providing business impact analysis (BIA) workshops with those 63 ABCs to create a holistic view of the priorities of the customer agencies in an enterprise approach. The CRBC team gathers a business-driven set of data-points which provide for informed recovery decisions based upon the realistic implications of different outage scenarios provided through the informed feedback of the business owners and subject matter experts who hold the intimacy of operations. This enables more effective and efficient spending surrounding disaster recovery and business continuity. The presenters will discuss how this effort got off the ground, the strategy, the tools, and techniques used to ensure consistent understanding of the BIA throughout the enterprise ensuring in the end, DoIT’s CRBC team has gathered apples from each of the ABCs and not a fruit cocktail.

Are you new to Business Continuity? Is your company getting started with a BC program? Join us for an interactive discussion to review what worked, what didn't and what we would change if we had to do it again.

The headlines are full of new technologies that are presented as threats to companies’ resilience. Have you ever stopped to consider how new technologies will impact the practice of business continuity beyond simply what types of events to consider in planning? In this presentation, we will look at how business continuity professionals will analyze risk and mitigate potential threats by leveraging new technologies in the next five years.

Our increasing reliance on 3rd party vendors has launched vendor risk as a top concern among leaders and resiliency professionals. When organizations invite a vendor in, they are placed in potential jeopardy from that vendor’s disruption, failure and bad behaviors. Proper onboarding is essential to mitigate this exposure. This session looks at a three tiered approach to completing a vendor assessment : vendor management; vendor resiliency and vendor oversight. The end result is a vetting process where inherent risks are uncovered; mitigation strategies are developed and residual risks are exposed and understood.

Many organizations do not have effective Business Continuity Plans (BCPs), which may result in unnecessary delays when attempting to restore services and operations to business functions. Business Impact Analyses (BIAs) are essential to evaluating an organization’s essential and non-essential functions, which could increase the risk of revenue loss, and/or data due to the application of ineffective controls. Initiating a Business Continuity Management (BCM) process does not have to be difficult, or costly. Learn how Virginia Commonwealth University's Office of Emergency Preparedness is building a robust Business Continuity Management (BCM) program with key insights including: · Creating a phased planning approach from initiation to roll out. · Understanding and applying lessons learned in each phase. · Facing the challenges of organizational culture and management buy-in. · Understanding and managing complexity in an organization.

Cyberattacks focused on business disruption are a reality. Traditional recovery solutions protect businesses from physical disasters, but often fall short in the face of a digital disaster. In this session, participants will explore lessons learned from recent cyberattacks and be provided with a risk-based approach to protecting critical services through a cyber recovery capability.

From natural disasters to man-made disasters and beyond, resilience professionals facing these challenges count on qualified individuals to work in a capacity to weather the storm and rebuild. But often, during and immediately after an event, resources are unavailable or spread thin. How do you get the individuals you need? Do you even know who you need — clinical, non-clinical staff or both? What should you expect from emergency and recovery staff? This session will provide you with foundational information on how to approach this often-overlooked, yet crucial, issue.

Only in the past few years have resilience and risk-reduction practitioners have to develop strategies for engaging public and private sector stakeholders in implementing resilient strategies. The “resilience industry” is now an identifiable economic sector bringing creative ideas, innovations, and strategies from several areas. Whether addressing flood mitigation, green infrastructure, transportation or reducing climate-driven inequities, today architects, urban planners, civil engineers and policy designers are now connected by a common language of resilience. This session will discuss how this is coming together, where further engagement can take place and what are the future paths.

In this session Ms. Orloff and Dr. Jones will present a blended exercise-assessment model intended for professionals to adapt in gauging the efficacy of their company’s business continuity plans. Traditional methods with be discussed alongside virtual and hands on exercises with the Homeland Security Exercise and Evaluation Program is used as a foundation. Ms. Orloff will present the use of physical disaster simulation exercises while Dr. Jones will present his work using the St John’s University simulation lab and the Advanced Disaster Management Simulator (ADMS™) training suite. Through ADMS, a variety of scenarios can be exercised, including an active shooter, HAZMAT and CBRNe situations, medical emergencies and natural disasters.

Nothing in life happens in a vacuum and disasters are at the top of that list. Like a pebble dropped in a pond creates ripple effects, disasters always spawn multiple and various types of after effects in all possible directions, dimensions, timings, and each with their own consequences. Known risks usually have mitigation options. After Effects are not known until they happen. BCPs usually guide handling a singular disaster incident. However, BCPs rarely identify and document steps to resolve the spreading, pervasive, collateral, and consequential ramifications of after effects. Come join us and learn methods to identify and tackle different aspects and considerations of after effects and how to reduce their consequences. This session includes such things as definitions, a repeatable process methodology, characteristics for consideration, a practical walkthrough, and much more. Ripple effects tend to be two dimensional and far less consequential. What really happens are after effects. I thought of this topic because a disaster causes a multidimensional scattering of consequential after effects; each of which occurs at different times, has multifaceted characteristics and effects, with unique timelines and life cycles (my definition).

No matter if your company is small, medium or a global company we all have risks and we all have business continuity management programs. Our approach to supply chain risk will work for your organization as well. We have partnered with our internal business partners to create a fully integrated risk platform for supply chain risk management. During this session, we will cover supply chain and interdependent organizations, how risk is interpreted and the use of risk assessments, the crisis management continuum and mapping critical resources both internal and external. We will also discuss the use of environmental monitoring and your business continuity management system (BCMS). The 2019 and 2020 supply chain disruption predictions have been understated in my opinion. This approach to integrated risk management is our way to resilience and a more resilient organization.

Imagine a railroad track, a solid structure used to guide trains to their destination safely and securely. This track incorporates switches, to move trains from one track to another, controlling the flow of traffic, and mitigating risk. Now apply this same analogy with cybersecurity and business continuity. Two trains carrying precious cargo of tools and techniques which can fortify and build resiliency within the organization. Whether the dinner car has a cybersecurity menu of identify, protect, detect, respond and recover, or a BC menu of prepare, assess, remediate or sustain, the end result is a great meal. How then, can we utilize the structure, cargo and menus from both, to create a superliner or Eurostar type of train that will get us to safety in style! During this session, we will take a look at the framework and methodology for both cybersecurity and business continuity, the challenges requiring a “flip of the switch,” and how these two trains, not colliding, but merging, can create a ride like no other.

The North Carolina Wing of the Civil Air Patrol (CAP) has a fleet of 17 airplanes, 70 ground vehicles, a secured radio network, and 2200 volunteer members. Unlike the business response teams that most of us are part of, CAP volunteers are responsible for the planning, operations, and logistics of personnel and equipment over the entire state of North Carolina. Utilizing the Incident Command System, CAP interfaces with the US Air Force, the North Carolina Emergency Management Program, and FEMA to respond to national, regional, and local emergencies. The all-volunteer Incident Command staff spent many hours preparing for a consolidated response in anticipation of Hurricane Dorian in early September 2019. CAP planes had to be moved out of the immediate area of forecasted impact. Volunteer pilots had to move the planes to a safe location, but also a location to support efforts after the hurricane passed. CAP personnel needed to be ready to respond on the ground to provide food, water, and shelter material in affected regions. CAP plane crews planned to provide FEMA with aerial damage assessment photographs. CAP search and rescue teams had to plan assistance to local emergency personnel to assist with search efforts, if necessary. Just like corporate and professional emergency management teams, CAP Volunteers must be ready for any emergency at any time. This session will highlight the planning and response of the North Carolina Wing during the period leading up to Hurricane Dorian as well as other emergency incidents that are part of the operational structure of the Civil Air Patrol.

Security breaches are an almost daily occurrence. As business resilience professionals, we have a seat at the table. It is becoming commonplace for security groups to include BC professionals in their planning. Now we need to have an active part in the conversation. This session is designed to familiarize you with a few security trends for 2020 and their impacts on our work as business continuity professionals. Topics covered will include passwords and passphrases, browser isolation, security automation, artificial intelligence and machine learning, awareness training, and insider threats.

With over 400 buildings on 415 acres, including 4.4 million square feet of research space, Yale University was challenged with conducting a university-wide risk assessment and BIA. This session will explore how Yale incorporates financial information, specifically grant funding, into their risk assessment and BIA process to help identify and prioritize facilities and departments.

A pandemic occurs when there is the emergence of a new virus that spreads rapidly between people all over the world, causing illness and death. Pandemics can have a significant impact on businesses, producing high levels of worker absenteeism and disruption of business functions. Although the emerging outbreak of the novel corona virus has not yet been declared as a pandemic as of February 2020, cases are mounting and disruptive global impact on supply chains is increasing. Currently few businesses have incorporated specific plans for a pandemic in their business continuity plans, leaving them vulnerable when a pandemic strikes. This highly interactive workshop will be conducted using a “table-top” exercise format. Information will be provided about pandemics and their potential impacts on businesses. Practical steps that businesses can take to protect their business, workforce, and customers will be discussed, and participants will have the opportunity to discuss these strategies in an interactive tabletop exercise. By the end of the session, participants will have essential information to begin to incorporate pandemic planning in their business continuity plans.

The Illinois Department of Innovation and Technology (DoIT) is the IT service provider for the majority of the 63 agencies, board, and commissions (ABCs) under the governor. Their cyber resiliency, business continuity, and disaster recovery (CRBC) team is tasked with ensuring information systems and infrastructure are resilient and available for continuous delivery of services provided by the state to the constituents of Illinois. The CRBC team acts as the recovery and continuity experts who liaise with the business owners and translate business needs into disaster recovery and cyber resiliency data points.

The Illinois Department of Innovation and Technology (DoIT) is the IT service provider for the majority of the 63 agencies, board, and commissions (ABCs) under the governor. Their cyber resiliency, business continuity, and disaster recovery (CRBC) team is tasked with ensuring information systems and infrastructure are resilient and available for continuous delivery of services provided by the state to the constituents of Illinois. The CRBC team acts as the recovery and continuity experts who liaise with the business owners and translate business needs into disaster recovery and cyber resiliency data points.

The Illinois Department of Innovation and Technology (DoIT) is the IT service provider for the majority of the 63 agencies, board, and commissions (ABCs) under the governor. Their cyber resiliency, business continuity, and disaster recovery (CRBC) team is tasked with ensuring information systems and infrastructure are resilient and available for continuous delivery of services provided by the state to the constituents of Illinois. The CRBC team acts as the recovery and continuity experts who liaise with the business owners and translate business needs into disaster recovery and cyber resiliency data points.

The Illinois Department of Innovation and Technology (DoIT) is the IT service provider for the majority of the 63 agencies, board, and commissions (ABCs) under the governor. Their cyber resiliency, business continuity, and disaster recovery (CRBC) team is tasked with ensuring information systems and infrastructure are resilient and available for continuous delivery of services provided by the state to the constituents of Illinois. The CRBC team acts as the recovery and continuity experts who liaise with the business owners and translate business needs into disaster recovery and cyber resiliency data points.

Leaders – whether in business, government or the nonprofit sector – take risks but often without fully understanding risk at a strategic level. Expanding upon the well-known “ESG” risks, this book explains the key nonfinancial (environmental, social, governance and technological or ESGT) risks. For many leaders (including board members), taking risk without knowledge or preparation can lead to organizational crisis, scandal and value destruction. For those who are prepared, resilience follows and so does the ability to transform ESGT risk into opportunity and value for stakeholders. In this session, global governance, risk, ethics and cyber strategist, author and board member, Andrea Bonime-Blanc, shows practitioners at all levels how to effectively identify and manage their top ESGT risks to avoid crises and transform risk into sustainable long-term resilience and value.

Leaders – whether in business, government or the nonprofit sector – take risks but often without fully understanding risk at a strategic level. Expanding upon the well-known “ESG” risks, this book explains the key nonfinancial (environmental, social, governance and technological or ESGT) risks. For many leaders (including board members), taking risk without knowledge or preparation can lead to organizational crisis, scandal and value destruction. For those who are prepared, resilience follows and so does the ability to transform ESGT risk into opportunity and value for stakeholders. In this session, global governance, risk, ethics and cyber strategist, author and board member, Andrea Bonime-Blanc, shows practitioners at all levels how to effectively identify and manage their top ESGT risks to avoid crises and transform risk into sustainable long-term resilience and value.

In this session Ms. Orloff and Dr. Jones will present a blended exercise-assessment model intended for professionals to adapt in gauging the efficacy of their company’s business continuity plans. Traditional methods with be discussed alongside virtual and hands on exercises with the Homeland Security Exercise and Evaluation Program is used as a foundation. Ms. Orloff will present the use of physical disaster simulation exercises while Dr. Jones will present his work using the St John’s University simulation lab and the Advanced Disaster Management Simulator (ADMS™) training suite. Through ADMS, a variety of scenarios can be exercised, including an active shooter, HAZMAT and CBRNe situations, medical emergencies and natural disasters.

“Why are markets so spooked? The economic concerns are not so much about the virus itself. They are about the prolonged impact of supply shortages paired with wavering consumer confidence and reduced spending due to response measures. With case numbers growing in Italy, supply chain fears increase. The spread of Covid-19 and attempts to contain it are now affecting European industrial hubs as well manufacturing in China, South Korea and Japan, which could cause prolonged shortages across a variety of sectors. As for the U.S., it’s a matter of when, not if. Are we prepared?” DRI President and CEO Chloe Demrovsky addresses the resilience community and its pandemic preparedness status for Forbes.

A preparedness program is more than a plan. It is a management program designed to safeguard employees, protect facilities, minimize business interruption, prevent environmental contamination, and protect brand, image, and reputation. The only way to determine whether your preparedness program meets the needs of your company is to conduct an audit.

Future Vision Committee members including Lyndon Bird, David Porter, and Boris Issavi will discuss highlights from the Fifth Annual Global Risk and Resilience Trends and Predictions reports. Discover how your job will be impacted by world events – including cyber threats, natural disasters, and much more – and what you can do about them.

Introducción a la Resiliencia Cibernética, como una figura que integra soluciones dentro de la organización y se plantea cómo la gestión de riesgos bajo la premisa de la resiliencia cibernética, permite innovar y aumentar la competitividad empresarial, brindándole conceptos y casos reales de aprendizaje.

“The headline-making coronavirus that originated in China continues to spread with nearly 3,000 confirmed cases and 80 deaths across 12 countries according to the World Health Organization. The potential business impacts could be devastating. What should all businesses be doing now?” DRI President and CEO Chloe Demrovsky looks at how careful pandemic planning can mitigate travel bans, supply chain issues, and more for Forbes.

2019 was a truly remarkable year. Our community is growing in exciting ways. From the launch of our popular new Cyber Resilience training and certification program to surging growth in the Public Sector track and continued record numbers in our core Business Continuity programs, the future looks bright for the resilience profession. We are bursting with even more ideas for how to serve you and can’t wait to get you more involved in 2020. Since it is the time of year to look back as well as forward, I want to take a moment to celebrate a landmark year for DRI and our larger community. I am very proud to release this year-at-a-glance report to showcase all of this activity. Read on to see exactly what DRI has done for you lately.

Since 2015, the DRI International Future Vision Committee (FVC) has produced an annual set of predictions. These predictions are drawn from a wide range of subject areas, including political, economic, and social issues as well as environmental and technological developments.

The DRI International Global Risk and Resilience Trends Report is now in its fifth year. It continues to provide a global perspective and comprehensive trends analysis of the resilience profession from both an internal and external perspective. It provides expert opinion on the key trends and changes that have happened in the past year.

Since its inception, the DRI Foundation’s Veterans Outreach Program has had a tremendous impact on connecting transitioning military service members with resilience careers, and these efforts are only growing. Learn more about how this program can benefit your organization – and the resilience community. You’ll hear first-hand the lessons learned from transitioning from the military to the private sector, what resilience professionals can learn from their colleagues with military service experience, advice for both companies hiring veterans and veterans thinking about careers in BCM/resilience careers, and much more.

Take a look at how a major public event - in this case, the 2012 London Olympics prepares for and plans against mega-sized risks. This presentation will take you through the steps that were used during the preparation, planning and execution of the London Olympics and Paralympics Games, for which such “Mega Events” are classified as the “Greatest Show on Earth.”

Join DRI for a discussion of the latest trends and issues facing resilience professionals. Patrick Alcantara will discuss the latest risks and resilience trends in Asia and Oceania from our Future Vision Committee. In his presentation, he will give an overview of the most pressing economic and political concerns facing resilience professionals. Patrick will be joined by Lim Sek Seong of Marsh Risk Consulting who will share their perspective on the risk and organizational landscape and trends in the region.

Listen to an impressive panel of MBCPs answer your questions from various industries and with a wide range of expertise during our “Ask the MBCPs” webinar.

Adrián Sanchez, CBCP, profesional con 15 años de experiencia profesional en BCM y Resiliencia, será el expositor principal del webinar sobre la resiliencia desde una perspectiva integral en la organización y se darán recomendaciones para impulsar la resiliencia organizacional.

The DRI International Career Survey was intended to assess how the role of the resilience professional is changing. We wanted to know how resilience professionals feel about their roles, where they sit within organizations, and how they interact with related disciplines. What we found reaffirmed our belief that there is still considerable confusion about the exact makeup of a resilience professional and even resilience management itself, despite broader acceptance of the common goal of improved organizational resilience.

Complex and often confounding, all things cyber resilience are challenging continuity and resilience professionals worldwide. We go beyond the theoretical to provide thoughtful answers to your real-world questions.

In recognizing the critical importance of effective communications within the resilience community, DRI created a committee to develop a new reference document that combines the most common business continuity and resilience terms and definitions into a single guide. Most terms were relatively straightforward in their definition, and others required more discussion and analysis by the committee. The analysis of one term, incident, became a long-term discussion, with no consensus reached. The Glossary Committee presents this white paper on defining incident to showcase the continuing effort for effective communications in our community.

Join Chloe Demrovsky as she welcomes DRI2019 attendees to Las Vegas. She will address key updates from DRI and our profession as a whole as she sets the tone for our annual event.

Join our WBCM Committee members as they lead an informative and enlightening panel touching on the issues important to women in our profession. This session will kick off the WBCM track by sharing the latest news from the committee – including 2018 WBCM survey results. Look forward to an engaging, interactive session where you are certain to learn and welcome to share!

Attend this session to learn the essential elements necessary to manage an exercise on a large scale. The presentation walks through the process used by Texas Children’s to manage multiple large-scale exercises involving multiple external agencies and hundreds of participants. While the presentation is from a healthcare organization, the lessons are applicable to all. Topics covered include working with external partners (such as law enforcement and EMS0, internal and external communications, and developing after-action reports and corrective actions.

With a look back and one ahead, the chair of the Future Vision Committee, will take attendees through trends observed in 2018 and provide predictions for what to expect in the year to come. Based on the Fourth Annual Trends and Predictions reports, this year’s content features a first-ever geographic breakdown of threats and preparedness worldwide.

At the core of a successful BC program is leadership, support and engagement. Articulating the value from an employee safety, customer commitment,organizational resiliency, and potential risk and liability perspective is key. Once that support is received, how do we continue to “savor that flavor”? During this session, we will explore the inclusion of leadership as continuity is percolated throughout the organization. What information does leadership need to continue to validate/fund the brewing approach, based on change in strategy? What type of “in store training” is needed at their level, to confirm roles in the event of a business interruption or “bad pour.” We’ll review case studies of where things went well, and where some things were quite bitter in taste. Continuity when done right…great to the last drop!

In June 2017, Merck experienced a cybersecurity incident that identified the need to bolster preparedness for business disruptions. From the fall of 2017 through the present, the Global Regulatory Affairs and Clinical Safety (GRACS) organization prepared its first ever business continuity plan (BCP), including table top exercises and training. This was a massive undertaking for an organization of such breadth (regulatory science, clinical safety, labeling, licensing, operations, etc.) and large size (2200 employees globally), starting from scratch, and an illuminating experience regarding the risk susceptibility of our systems and processes. GRACS is in a much better place today with a completed BCP across the entire organization and connections with ongoing business continuity, risk management, and resiliency efforts across the company.

Attend this session for a true multidisciplinary presentation, as Goodyear’s business continuity and risk management experts explore how the two disciplines work together at this global manufacturing giant. Using Hurricane Harvey as a jumping off point, the presenters will detail Goodyear’s hurricane response, with a focus on how risk management is integral to overarching continuity and resilience efforts. Get ready for a eye-opening success story that does more than just tell you that business continuity and risk management should work together and instead shows you how to actually do it during events and every day.

Business moves faster every day with increased demands from regulatory, compliance, risk and increased market complexity. How then do we as continuity professionals compete for time to ensure the safety of personal and the continuity of services for our clients? Consistent and persistent contact with the continuity community and coordinators that creates a partnership and value while mitigating the risk. We will look at ways to keep it simple but authentic, reduce the noise and focus on the mission, provide value to the community and the individuals supporting the program as well as investing time to create aids for the community to navigate the program efficiently to produce the desired objectives. We’ll take a look at our shared experiences with the communities we support, laugh a bit and walk away with elements that can be incorporated into your program to help all those involved.

This session will not only cover the best approach for effective business continuity audits, but it also will show you how to gauge your organization’s preparedness. Attend this session to learn how to prevent simple check box audits while discovering what to look for beneath the hood. When you complete this session, you will have sufficient information to be confident in your BC audit and show your leadership the most accurate assessment of the business continuity program.

Cyber-resilience can be thought of as the ability of an enterprise to anticipate, withstand, recover from and evolve to improve capabilities it needs to function brought about as the result of cyber threats and/or attacks. This enhances both the cybersecurity function and the BCM function (e.g. the whole is greater than the sum of its parts). To be resilient, a holistic approach to understand and prioritize entity risk, and implement risk management activities needs to be integrated into day-to-day operations (across all entity functions). But what does all this mean to the CISO? Attend this session to find out as you take a look at t day in the life of a CISO from a cyber-resilience perspective.

Following on her smash hit Women in Business Continuity Management Ask Betsy webinar, Betsy Sayers is back with tips from the trenches. She promises that attendees will walk away with solid examples and templates that you can use – plus some more of those handy “Betsyisms” that are pretty much guaranteed to get you out of any tight spot. Always creative in her approach to continuity, Betsy will show how she uses the Professional Practices for status reporting and teach you all how to play pandemic poker!

Should your business take an approach successfully used by first responders across the U.S. and, with some modifications, use it temporarily to enable more efficient and effective business continuity and disaster recovery? This session will help you identify benefits of Incident Command (IC) and provide you with the opportunity to observe the practical workings of IC so you more fully understand what it means to shift to a temporary IC management during and after a disaster. In this jam-packed two-hour session, the speaker will bring her years of real-world disaster experience (and humor) to talk about IC benefits and implementation. You'll walk through examples of: a temporary IC reporting structure modified for business; incident related documentation and forms to track progress; and an execution method to continuously and effectively keep incident efforts focused. Then, with the help of a strawman business and disaster scenario, reinforce what you've learned with some hands on learning. Participants will work together to establish an IC reporting structure, apply an operational period approach, complete incident documentation, and observe post-disaster incident documentation reconciliation."

Attend this session for an in-depth look at McKesson Corporation’s Information Risk & Security Program. First, learn about Information Protection at McKesson (IPAM), a strategic initiative designed to improve the maturity of cybersecurity defensive, preventative, and resiliency controls as well as instill clear lines of governance over information security risks. IPAM’s roadmap ensures accountability, transparency, robust governance, and a strong advocacy model with staff. A discussion of IPAM will include driving necessary improvements over a three-year, accelerated timeframe. Next, attendees will be introduced to McKesson’s iSecurity Operations Center (iSOC) process which addresses growing cyber threats across the globe. Rounding out this presentation is a discussion of McKesson’s Trust, Risk, Assurance, and Compliance program, which provides a level of confidence that software and systems are free from conditions, either intentionally designed or accidentally inserted at any point during its lifecycle, and customer solutions and internal business platforms function in the intended manner. This program ensures that capabilities and prescriptive consults are designed to embed security throughout the development lifecycle, address risks and vulnerabilities early, and reduce cost with unplanned R&D spend.

National preparedness is first and foremost a partnership between private and public sectors. Learn how presidential policy links private and public domains underpinning the security of the United States and American society. And understand how the FEMA 2018-2022 strategic plan is now inclusive, utilizing whole of community effort toward a collective preparedness posture. Attend this session to find out what all this means to you.

In this era of Enterprise Risk Management and Strategic Risk Management, we will examine some of the latest trends that keep risk managers up at night. Amid government shutdowns, artificial intelligence, unmanned aircraft systems, self-driving cars and climate change, what is the impact on the practice of Risk Management?

This session will explore how a Fortune 6 company manages business continuity; discussion will include the tools McKesson uses to manage one of the largest programs in the business. Learn how McKesson’s internal business continuity (BC) consulting service works very closely with business units as a center of excellence to execute BC policy and drive best practices into operating processes and procedures. BC Consulting conducts assessments, develops strategies, builds plans and conducts both exercises and reviews. The group is also called on at times to train sales teams on BC capabilities and to work directly with large customers alongside corporate leadership and account managers. Next learn how McKesson’s internal disaster recovery (DR) consulting group provides services across business units that focus on the validation and sustainability of a DR capability via performing impact assessments, DR implementation support, DR validation coordination, and procedure plan support. Validation exercises coordinated by DR Consulting can range from individual infrastructure or application-level validation through to complex business process validation. Finally, hear how McKesson’s DR as a Service is integrated with McKesson Technology’s Public Cloud Adoption Plans and provides business units with a customized DR solution leveraging key technology partners. DRaaS supports DR solution design, engineering, and implementation, and has proven to be both highly capable as well as extremely cost effective and presents a very compelling business case for McKesson’s disaster recovery needs.

How do you go from crisis management to business continuity mode? Attend this workshop to find out how to make the transition smooth and avoid common pitfalls. The two-hour session will explore “hour zero activities,” including setting up the event, getting the smartest people in the room, communications and notifications, and bringing in business continuity personnel early. Next, you’ll walk through the “48 hours later” transition, including transferring to business continuity and the long-term issues involved in going from crisis response to continuity and recovery.

Northwestern Mutual (NM) has embarked on a digital transformation which has created greater client visibility to and demand on technology services, thus raising the importance of availability and resiliency of those services. The NM Enterprise disaster recovery and technology infrastructure teams will describe how disaster recovery practices have matured to support the firm’s transformation. Over a two-year period, disaster recovery exercises have moved from solely application focused walkthroughs to business process workflow exercises which include production technology and business user participation. Learn how NM made these improvements happen, lessons learned on the journey, and what still lies ahead to reach a highly performing DR program.

Financial institutions are facing challenges that test their ability to protect the assets of their customers by securing records and one which may threaten the very existence of these institutions.; In addition, government regulations at the international, national and state levels are demanding that the individual be able to have protection of their information, its use and its distribution. This session will discuss the challenges (cyberattacks, data protection, blockchain, etc.) and how financial institutions are preparing to cope with these issues.

Capital One is raising the stakes for resiliency by adding the practice of regional isolation (ring fencing) of cloud regions to ensure real and effective regional independence. This presentation will cover the approach and the lessons learned from this important evolution in our practice.

Northwestern Mutual is transforming to be at the center of our client’s financial lives by delivering world class products to meet their financial needs through our best in class financial representatives. In support of these efforts, the Campus and Event Experiences teams are evolving to provide an enterprise risk management strategy that integrates physical security, safety and business continuity programs. This session will share how independent, siloed teams are transforming into a proactive, integrated risk management approach to meet the new digital technology demands, to support the increase in public community events, to evolve with the changing workforce and to prepare for the uncertain external environment.

As BCM matures and moves from a business recovery model to an integrated risk partnership within organizational resilience, its use cases and purpose are evolving. In this session, the speaker will share one example of where BCM/OR is uniquely qualified to become a core component of the operational risk landscape. Through three stages of maturity – compliance, readiness, and resilience, this session will discuss how to create the infrastructure to leverage BCM as your organization’s primary operational risk service provider.

In March of 2018, the City of Atlanta, GA was the subject of a massive cyberattack. Many city services and programs were affected by the ransomware attack, including online services for citizens to pay bills and request utility service. The attack was notable for the extent of services affected and the duration of service outages, as well as the importance of Atlanta as a major American economic and transportation hub. Attend this session to hear lessons learned from the attack and learn how you can transform and strengthen your organizations cyber-resilience through operational effectiveness, change management, and business continuity.

U.S. and global critical infrastructure protection for cyber and physical events, recognize the effectiveness of trusted information sharing and peer communication during cyber and physical events. In this session, the Financial Sector Information Sharing and Analysis Center’s(FS-ISAC) information sharing lifecycle model will be discussed. The goal of this session is to spread awareness within the business continuity community, and encourage their increased participation in resilience information sharing. The session will describe the operational activities FS-ISAC members participate in and lead, the various peer communities of trust members may join and examples of how company’s incorporate ISAC participation into their resiliency plans and exercising.

Assessment and pricing of climate and disaster risk by the global financial markets is changing based on increases in global disaster costs and a clearer understanding of the threats and vulnerabilities to physical assets as well as supply and value chains. Business continuity planners are more frequently being called on to demonstrate how companies are effectively planning to reduce and manage these risks as part of overall valuation of company equity and corporate strategy planning. Josh Sawislak, a global expert in climate and disaster resilience and continuity planning, will conduct an interactive discussion of why these issues are becoming more and more salient to BCP professionals as well as company financial and operations executives and boards of directors, including the overlap of climate adaptation and climate mitigation (sustainability) issues. He will cover issues including: Financial market and investor interest Corporate responsibilities and disclosures Tools and resources available to support strategy development and compliance Strategies and approaches to drive executive leadership understanding, engagement, and support The resilience/sustainability nexus. Session attendees will gain a clearer understanding of why these issues are already salient to their organization and why the importance will likely grow over the next few years. They will also learn about and have the opportunity to discuss tools, resources, and strategies to address these risks, how to talk to management and gain their support, and how to engage other groups within their organization who have overlapping and aligned missions and resources.

With a major revision recently released, the DRI International Glossary for Resiliency is both an in-demand resource as well as a hot topic. Since its first release in 2014, the glossary has been a major resource for business continuity and resilience professionals around the world and is currently published in four different languages. This session will share the thought process behind the recent changes and explore the future of the glossary – with a new version due out in 2022.

In 2011, the Jerry Sandusky scandal hit Penn State. This session, conducted as a workshop, will examine how the scandal was handled, what went right (very little) and what went wrong. The attendees will be asked to make decisions that the Penn State Board did. The session will also briefly discuss the view of Boards and Crisis Management, and actions the speaker has taken as a member of the PSU Board and founder and chair of the risk sub-committee.

This presentation will discuss the current and future state of organizational resilience across multiple management disciplines including business continuity management, information security and more. Using the five layers of culture, people, process and infrastructure, we will address the role of the chief risk/strategy officer and present a framework for developing a business/organizational resilience program in the organization.

Fires, floods, blizzards, burst pipes. Sound familiar? Attend this session for a look at continuity from a higher education perspective. From the recent California wildfires to the East Coast arctic freeze, hear from resilience professionals from Yale University and UCLA about unique, and not-so-unique challenges faced by these two world renown universities. Explore actual case studies, talk about what worked and what didn’t, and share solutions that can be applied regardless of your industry. You’ll want to take notes, but no final exam…we promise.

Join Future Vision Committee members Lyndon Bird, Richard Knowlton, and Patrick Alcantara, along with DRI President Chloe Demrovsky, for highlights from the Fourth Annual Global Risk and Resilience Trends and Predictions reports. Discover how your job will be impacted by world events - including sustainability, cyberthreats, and more - and what you can do about them.

One way of promoting our relevance to the wider business community is to look at what might happen and evaluate how well we can deal with it to minimize impact. Most professionals will have developed tests and exercises based on scenarios – these give realism, focus, and interest to our resilience programs. Predictions are really an extension of that – a look at the wider world and how such trends and possible events might threaten our ability to respond.

“GDPR: Considerations for Continuity Professionals" is DRI's first webinar designed for European audiences. We will be discussing GDPR and its implications across business continuity. We will hear first from Lyndon Bird, DRI’s Chief Knowledge Officer, who will provide background on the regulation and its considerations. Lyndon will be joined by Ovidiu Diaconescu, who will be discussing cross-border data transfers, and Luuk Akkermans who will expand on the impact of GDPR on supplier contracts.

Join cybersecurity expert Wade Richmond for an information-packed hour of important information on one of the profession’s hottest topics. Explore aspects of cybersecurity and business continuity, with the goal of integrating the two and achieving the ultimate goal -- cyber resilience. Learn how to talk to top management about these issues and sell them on the concept of cyber resilience.

Organizations today are confronted by a wide range of cyberattacks, so it comes as no surprise that cyberattacks and data breaches have consistently ranked high on the list of key issues identified for the resilience community according to the DRI International Global Risk and Resilience Trends Reports, issued annually by DRI’s Future Vision Committee. This year’s report revealed that although the top issues remain the same, there appears to be an even greater focus on technological risk. Given the development of technologies and the growth of business data, this is likely to remain the case moving forward … which may provide new opportunities for hackers to cause such massive disruptions.

The DRI International Global Risk and Resilience Trends Report provides a global perspective and comprehensive trends analysis of how resilience professionals view their industry and the external factors that are shaping it. It provides insight into the key trends and changes that have been observed since the last report, and has been extended this year to give an even more detailed picture of the state of the profession.

Part of the 2018 Global Risk and Resilience Trends Report, a worldwide survey of business continuity professionals revealed the following top 10 risks depicted in this infographic.

During DRI2018’s WBCM panel discussion, nearly 50% of session attendees responded that the stereotype they were most concerned with was being labeled as “too aggressive,” particularly when disagreeing with others’ views. Please join us as we take that conversation further with Betsy Sayers, MBCP, ITIL, ICS – IT/DR. With more than 25 years of industry experience, including serving as a DRI Instructor, Betsy shares her views on the best tools to communicate clearly — and with objectivity – while maintaining a style that honors who you are and what you believe. Special thanks to our webinar sponsor OnSolve.

When Betsy Sayers is in a tough spot, she always knows exactly what to say. That’s because she’s awesome...and she has a few handy phrases written in the back of her notebook at all times. She’s generously shared those words of wisdom with you (see...awesome, right?). If you haven’t checked out the Women in Business Continuity Management Committee’s “Ask Betsy” webinar, you really should, right here at https://drii.org/webinars

El DRI se complace en anunciar el webinar en español del 2018. Buscamos entregar beneficios a nuestros profesionales certificados y a la comunidad del DRI en general, por lo que no solamente brindamos webinars en inglés, sino que ahora también los traemos en el idioma español. Anota en tu calendario este 12 de Octubre de 2018 en el horario 9:00 a.m. – 10:00 a.m. CDT, el siguiente webinar educacional del DRI: Tendencias y Predicciones en Continuidad de Negocio Chloe Demrovsky, Presidente y Directora Ejecutiva del DRI Internacional y Karol Cordero, Directora de Mercadeo para América Latina del DRI, serán las presentadoras del Webinar. Con base en los eventos y resultados del 2017, el Comité de Visión Futuro del DRI Internacional ha elaborado el tercer informe anual de tendencias y predicciones para la profesión de Continuidad de Negocio y Resiliencia. En este webinar presentaremos los resultados de este informe, mirando hacia atrás en lo que ha ocurrido y viendo lo que podría estar a la vuelta de la esquina para nuestra profesión. ¡No te pierdas este webinar gratuito totalmente en español!

Join DRI board member Jerome Ryan and Director of Global Operations Kelsey Rose for an interactive discussion of the career options in business continuity and related fields. Their talk will cover everything from the current state of the industry to future trends in the resilience job market. In addition to learning the latest insights and resources from DRI, you will get to hear personal career experiences and advice from our speakers.

In the wake of the terrorist attack on September 11, 2001, the 9/11 Commission Report revealed that this country was not prepared for such a horrific tragedy, and in hindsight, for any other major humanmade/natural disaster. Since that date, the world has seen numerous tragedies from mass shootings: Newtown, Connecticut, wildfires, tornadoes (more than $300 billion in losses in 2017), superstorms, hurricanes (Puerto Rico), and other catastrophes. It is now 2018 and we need to assess our preparedness not only to major events, but every day activities such as crime, vehicle accidents, etc. This presentation will focus on where we are today, and where we need to be in the future. Specifically, the will be focus on the 2010 National Security Strategy for Achieving Resilience Through Public Private Partnerships (PPP). PPP is the logical strategy for a democratic society in that it recognizes two things: the government cannot do it alone, and preparedness requires each of us to be responsible to the degree of our individual capacities. In this session, you will learn about emergency operations center (EOC) activation criteria, stakeholder identification and prioritization during critical incidents, in addition to returning to normal operations while managing recovery

Morgan Jones, AVP at the New York City Economic Development Corporation describes his Hurricane Sandy Experience. Morgan A. Jones is AVP at the New York City Economic Development Corporation. Previously, Jones was Chief Operating Officer of the US-China Strong Foundation, Senior Emergency Management Specialist at NYU Langone Medical Center. Mr. Jones also served at the NYC Mayor’s Community Affairs Unit (CAU) and the Mayor’s Office of Housing Recovery under Mayors Michael R. Bloomberg and Bill de Blasio from 2010-2015.

Current cyber response frameworks are incomplete and cyber programs in a silo are a major vulnerability. Lost business is the number one component of cyber breach cost because of customer turnover, brand reputation loss and diminished goodwill. Cyber threat and breach are business problems and business continuity professionals have the expertise that can be leveraged to reduce both the time and money associated with a cyber breach. Join Tejas Katwala to build your business case.

Planning anything in a vacuum is virtually impossible. Resiliency and continuity planning – especially searching out dependencies and preparing for them – highlights the critical connections between the sectors. Various models exist to bring us together but these partnerships, like plans, are dynamic and cannot be put on a shelf to be “referenced” when necessary. In order for everyone to be successful these mutually beneficial relationships need to be nurtured and maintained on a regular basis. In this session we will discuss some of the strategies that can be used for engaging both sides of these “institutions”.

Overview of State Street Bank’s Business Continuity Program

Lou Drapeau, Vice Chairman of the Board of Directors for DRI International, presents on enterprise risk management and business continuity. How do we define resilience? Why is resilience important? What makes a system resilient? What does resilience mean for an organization? The answers to these questions will be revealed through a discussion of the roles of business continuity and risk management as well as where these functions reside in organizations. You’ll learn about the terminology of resilience, relevant trends identified by DRI’s Future Vision Committee, as well as cyber resilience and developing strategies for resilience.

DRI Foundation President and CEO Al Berman discusses the issues facing organizations today and into the future. This includes; cyber issues surrounding mobile devices and the Internet of Things (IoT), the impacts of supply chain in a global economy and privacy of individuals vs. security needs of governments.

Mike Epstein, Vice President, Risk Management & Business Continuity, The E. W. Scripps Company, discusses how his passion for business continuity has lead him to recognition as a leader in his field and a diversification of his skills into his current role. He shares lessons learned from some of the 800+ incidents he has managed over a 20 year career grounded in business continuity.

Joe Monroe, Chief of Police for University of Kentucky, presents on how the nation’s colleges and universities can prepare to respond to various types of operational interruptions. Campuses face a variety of risks that can disrupt teaching, research, extension services, and healthcare. These risks can be all-encompassing, localized, or personal. Because disasters often cause loss of life, loss of income, property damage and adversely affect individuals and families, universities must make plans to continue their core functions as seamlessly as possible.

The International Glossary for Resilience is a language guide designed to improve communications and increase clarity across the business continuity, disaster recovery, and resilience community.

Creadas y mantenidas por el Instituto de Recuperación Ante Desastres Internacional (Disaster Recovery Institute International), Las Prácticas Profesionales para la Gestión de Continuidad de Negocios se trata de un cuerpo de conocimiento diseñado para ayudar en el desarrollo, implementación y mantenimiento de programas de Continuidad de Negocio. También está designado a servir como una herramienta para realizar evaluaciones a programas BCM ya existentes.

Créé et maintenu par Disaster Recovery Institute International, Les pratiques professionnelles pour la gestion de la continuité d’activités est un ensemble de connaissances conçu pour aider à l'élaboration, à la mise en œuvre, et le maintien d’un programme de gestion de la continuité des activités. Il est également destiné à servir d’outil pour effectuer des évaluations des programmes existants.

Criadas e mantidas pelo Disaster Recovery Institute International, as Práticas Profissionais para a Gestão de Continuidade dos Negócios são um conjunto de conhecimentos que visam auxiliar no desenvolvimento, implementação e manutenção de programas de continuidade dos negócios. Elas também podem ser utilizadas como uma ferramenta para a realização de avaliações de programas existentes.

Created and maintained by Disaster Recovery Institute International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Created and maintained by Disaster Recovery Institute International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Created and maintained by Disaster Recovery Institute International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

Elaborate e aggiornate da Disaster Recovery Institute International, Le Pratiche Professionali per il Business Continuity Management sono un corpus di conoscenze create per fornire assistenza durante le fasi di sviluppo, implementazione e aggiornamento dei programmi di business continuity. Intendono anche costituire uno strumento per condurre valutazioni di programmi esistenti

De "Professional Practice" is samengesteld en wordt onderhouden door Disaster Recovery Institute International. De "ProfessionalPractices voor Business Continuity Management" is een kennisdocument en is een leidraad voor de ontwikkeling, implementatie en het onderhoud van business continuity programma's. Het document is ook bedoeld als een leidraad voor het uitvoeren van evaluaties van bestaande business continuity programma's.

Created and maintained by Disaster Recovery Institute International, The Professional Practices for Business Continuity Management is a body of knowledge designed to assist in the development, implementation, and maintenance of business continuity programs. It also is intended to serve as a tool for conducting assessments of existing programs.

DRI President Chloe Demrovsky presents on upcoming BCM predictions and trends.

Ken Baker and Butch Brennan present on enterprise risk management and business continuity for the city of Edmonton.

Business Continuity Coordinator Claire Mechan, ABCP, and David Melanson, BSc, discuss continuity and cyber security at NorQuest College.

Jim Ross, Campus Alberta Risk Assurance Committee Director, Risk and Assurance Services, MacEwan University presents on collaboration as a BCM system for the Alberta post-secondary sector.

Ramon Zulueta, CBCP, Risk Manager, Corporate Business Continuity Office (CBCO), presents on communications during disasters.

Garth Tucker, CBCP, CORP – Manager, E/DM Covenant Health Canada, discusses his experience with the Humboldt EOC.

When a sudden devastating flood put a public-private partnership to the test, results were remarkable! Ryan Miller, CBCP, CBCLA, Director of Emergency Management for Howard County, MD, and Larry Twele, CEO of Howard County Economic Development Authority, offer lessons learned in recovering from a record-breaking flood – and detail the partnership between emergency management and economic development as one of the key elements that resulted in more than 95% of businesses surviving! You’ll learn about the plans in place before the flood, the immediate response, and how to create a meaningful partnership between public and private resources. For additional context, watch the NBC Nightly News coverage of the flood here: https://www.youtube.com/watch?v=9WgI9bUUsJM

Columbia University Doctoral Candidate Elizabeth Watkins presents on innovative emergency preparedness and cyber security strategies for a tech-obsessed world.

Join Chloe Demrovsky as she welcomes DRI2018 attendees to Nashville and sets the tone for her first annual conference as DRI’s President and CEO. She will address key updates from DRI as well as speak to our profession as a whole.

DRI is honored to have Mary Rose McCaffrey as our day one keynote speaker. McCaffrey will draw from her three decades of security experience, including leadership positions at the Central Intelligence Agency, the National Reconnaissance Agency, Director of National Intelligence and the Department of Defense. Currently, Vice President, Security, ES &CSO, Northrop Grumman where she leads global security responsible for the protection of Northrop Grumman employees, facilities, and customer information, McCaffrey will address issues of great concern to all DRI2018 attendees.

Have you done a Risk Assessment lately, ever? Do you have a risk methodology to work with? Do you know the critical assets that really allow your organization to meet its business goals? What keeps you and your leadership up at night? This risk assessment workshop will put your conference time to good use and go beyond talking about risk assessments – you’ll actually do a risk assessment. Using a combination of lecture and practical exercise you will be able to go back to your organization and put your new risk assessment skills to use/ The workshop will cover risk methodology (analyzing, reporting, managing); undesirable events; performing the analysis (impact, threat, vulnerability) risk identification; risk mitigation; and risk reporting.

Have you ever wondered how the military gets involved with disaster response? How does the military fit into the Incident Command System (ICS)? Why are military assets committed to some disasters and not others? Is there a difference between support provided by active duty, National Guard, and reserve components? Is it martial law?! Join this session to hear from our panelists and learn more about the nuances of military response and capabilities during a disaster.

Attend this panel discussion, led by the legendary Al Berman, to learn how the BCM market is reacting to DRI’s recently updated and expanded Professional Practices. Based in part on feedback from DRI Certified Professionals worldwide, the revamped Professional Practices now include the most current concerns to our community – worries like supply chain and cyber risks. Attend this session to see how the BCM market is handling those changes. With myriad product and services offerings built on the foundation DRI provides, the vendor community is now challenged to ensure that those offerings also are in line with your concerns and DRI’s Professional Practices – the most used standard in our profession by a mile!

Please join us as we welcome Linda Conrad, Principal of corporate and information security risk management at Exelon Corporation, to kick off our Technology Track with a discussion on how cybersecurity trends will affect BC/DR in 2018. At Exelon, a Fortune 100 Energy company, Conrad is responsible for driving strategic risk activities and engagement with the Chief Security Officer team, Information Technology, and Enterprise Risk Management. She oversees cyber and physical security Key Risk Indicators and mitigation. Conrad is partnering with the National Institute of Standards and Technology (NIST) and Robert H. Smith School of Business on development and predictive analytics of the cyber supply chain risk portal, which received the 2017 Cybersecurity Award for Practice from Institute of Electrical and Electronics Engineers.

Are you a government, healthcare, or financial organization? Then your business continuity and disaster recovery (BCDR) program is likely driven by regulatory requirements. The purpose of this presentation is to discuss BC/DR program management for private or non-traditional organizations. The goal of this session is to explore common challenges like: What if you don’t have regulatory drivers to guide your program? How do contractual requirements guide your program? What are some effective strategies to ensure that you are strengthening resiliency in your environments? We will review a case study on how Asurion’s Global Business Resilience Team managed the recent events of Hurricane Harvey and Irma, and Mexico City’s earthquake.

Since its first release in 2014, The DRI International Glossary for Resiliency has been a major resource for business continuity and resilience professionals around the world. Currently in four different languages, the glossary provides a common language for resilience professionals to use. The Glossary Committee is ready to release a major update to the Glossary in February, 2018. This session outlines the changes to the glossary, provides information on the new glossary, and discusses the future of the glossary.

Japan is a country that continues to suffer serious natural disasters such as earthquakes, typhoons, and floods. In most cases, these are widespread incidents that impact a fairly large geographic region. In planning or such wide area disasters, the DR strategy may depend on the location where the incident occurred. Using real-lie case studies, this session will explain the unique approach the Japanese have to BC and DR.

Attend this session for an informative analysis of how resilience in the built environment from natural hazards affects business continuity. The built environment is not limited to a company’s own facilities and supply chain. There will be a discussion of the underlying root causes of vulnerability and why resilience is a prerequisite to sustainability. The speaker will explore the emergence of the resilience movement that will change the way we do business, but also create new market opportunities, and will share what companies need to consider in their investment and operating strategies.

Newsflash! Hackers are attempting to damage or destroy the computer network at one of the world’s biggest global banks, and your job is to manage the response. This is anything but routine! Join this session to experience the cyberattack simulation. Do your teams have what it takes to lead in a crisis? In this session, you will experience a learning simulation that depicts crises – and assess your team’s predisposition to succeed. The session shares research that confirms that having the right people with the right attributes is far more effective than investing in training those who do not.

Join us for a special and intense session delineating a programmatic approach to defining the long-term value of your BC program. A tale of two core disciplines – each essential in our profession but not absolute equals—with focus on burden of effort as it relates to ground gained and how each layer of the organization perceives (and expects) value in plan and risk management. This session will lay out critical points, trips and traps, and keys to success.

What separates a “good” BCM program from a “great” one? How does an organization’s investment in BC risk mitigation systems and processes measure up against leading practices? At a time when risks are increasing, what are the building blocks upon which to build a world-class BC program that not only protects an organization from internal and external threats, but also enhances its brand and strengthens its relationships with all stakeholders? With that as the backdrop this session will explore the unique nuances and journey of building out a world class BC program at HCL Technologies. Founded in 1976 as one of India’s original IT garage start-ups, HCL is a pioneer of modern computing with many firsts to its credit, including the introduction of the 8-bit microprocessor-based computer in 1978 well before its global peers. Today, the HCL Enterprise has a presence across varied sectors that include technology, healthcare and talent management solutions and comprises three companies – HCL Infosystems, HCL Technologies and HCL Healthcare. The enterprise generates annual revenues of over US $7 billion with more than 115,000 employees from 140 nationalities operating across 32 countries, including over 500 points of presence in India. The session will include curated insights from HCL Technologies’ journey on its BCM roadmap on the following themes: Money Goes Where Strategy Goes: Connecting your BC program to the long term business strategy of the firm Never waste a Crisis: Tales of business opportunism to accelerate the BC program at the wake of incidents Culture is King: Fixing the balance of accountability and the three lines of defense The Three E’s: Exciting, equipping, and empowering a cross-generational workforce Modernization of a BCM program to keep pace with evolving times Creating a Differentiated Industry Offering Attendees will leave this session with a rich understanding of the complexities of excelling in BCM in a multi-client and multi industry environment like HCL Technologies and how we leveraged BCM to create value for the firm.

Attend this session to learn how McKesson – a Fortune 5 company delivering medical supplies, drugs, and services to the healthcare industry – transitioned from legacy disaster recovery (DR) methodologies to provide a new way of delivering DR by leveraging new state of the art technologies available in the public cloud. The presentation will take you on a short flight to disaster recovery in the cloud, which resulted in significant reduction in costs, streamlined processes with minimal effort, and the ability to test anytime and ensure application recoverability. Topics include reasons why this journey was necessary, what technology options are available, and some of the turbulence encountered along the flight path to delivering DR in the cloud.

Building on the tremendous success of DRI2017’s Women in Business Continuity Management (WBCM) session and the continued work of the DRI WBCM Committee, this session will explore the latest research and writings of the committee and facilitate a discussion of women in our profession.

The University of Texas Medical Branch at Galveston was recently invited to meet with the Department of Homeland Security, Office of Health Affairs to present on UTMB’s 3-year effort to develop a national model for response to major chemical incidents such as releases of toxic industrial chemicals like Hydrofluoric Acid (HF). Unlike other chemical releases, HF produces a heavier-than-air persistent vapor cloud that is toxic to people, animals, and plant life. Specific medical countermeasures are needed to treat HF injuries, yet these are in short supply. Department of Homeland Security also recently completed a three-year effort to develop a new framework and strategic approach to chemical incident preparedness (for terrorist incidents and accidents). Although the efforts were independent, there were many commonalities, including the use of advanced computational modeling by Lawrence Livermore National Laboratory to simulate chemical release scenarios. Another significant similar approach was to enhance the risk assessment process to incorporate information about the jurisdiction’s response capability. A new toolset was developed called a Response Risk Assessment (RRA). In its pilot program, DHS completed the RRA at five cities across the United States (including Houston as part of the Super Bowl preparedness effort). At the conclusion of the meeting, the Office of Health Affairs and UTMB agreed to pilot test the RRA Toolset in Galveston County Texas with the assistance of UTMB. The ultimate goal is to roll out the toolset to all U.S. jurisdictions for self-assessments. The presentation will use HF as a case study on use of an enhanced risk assessment process to build healthcare continuity. Another aspect of preparedness examined is the use of a combination of an all-chemical hazards approach – with – a specific planning approach for Priority Risk chemicals in a given region. UTMB now sponsors an annual HF incident symposium that includes national and international experts in various aspects of the response. Honeywell, the world’s largest producers of HF, participates in UTMB’s annual HF Exercise and Symposium. The project won a University of Texas National Security Excellence grant and was the basis for a recent award of a Combined Coordinated Terrorist Attack (CCTA) preparedness grant from Department of Homeland Security/FEMA.

Whether you’re struggling with program implementation, experiencing the continuous program ‘reboot’ cycle, or just want to investigate ways to improve your BC program, this presentation will describe clear and useful strategies you can use to address the most common program roadblocks and go from initial program implementation to true business continuity resilience. Based on the experiences of many BC professionals from around the world, this presentation will provide you with tried and tested practical steps you can use to create or improve your BC program.

Ever wonder why some business continuity and crisis management programs succeed while others do not? Traditional program methodology paved the way for our firm’s highly successful enterprise resiliency program, but over time, it also led to our BC/CM approach getting stuck in the proverbial rut. How did we dig ourselves out of that rut and gain the unparalleled support of our enterprise’s executive team? By innovating. Join us as we share stories and the lessons we’ve learned about stepping out of our comfort zone, taking a business-centric approach to continuity risk, moving from a tactical mindset to a strategic focus and the value of building relationships.

The threat of ransomware has risen with the increased existence of sensitive digital information. Businesses and individuals have experienced their computers and servers being seized by variations of ransomware that encrypt their data and hinder their computer accessibility, which can only be resolved with a decryption key upon payment of a ransom. Through any method of data hijacking, criminals are able to access privately held information through various intrusion techniques for financial gain. Ransomware tactics have evolved, with the introduction of software that instead of requiring payment to free a compromised computer provides victims with the opportunity to obtain a key in exchange for compromising others. As the threat of ransomware has risen, so has the sophistication of the attacks, to include the use of social engineering techniques. This presentation will explore the future of ransomware, the likely evolution of tactics, techniques and procedures over the next three to five years; better understand how these intrusions occur, how social engineering techniques are used to facilitate, perpetuate, and manage ransomware operations, strategies to prevent such exploitation, and appropriate responses and mitigation efforts in the event of an attack.

Active Shooter events at a healthcare facility present unique challenges; healthcare professionals may be faced with decisions about leaving patients; visitors will be present; and patients or staff may not be able to evacuate due to age, injury, illness, or a medical procedure in progress. Workplace violence is another challenge that every organization may face; however, in the healthcare setting, there are more vulnerabilities due to patients and unique tensions that may result in a higher risk of injury. In this presentation, we will discuss how to effectively utilize threat assessment teams and how to develop a healthcare workplace violence program that will minimize the destruction if violence occurs.

Auditing is an objective activity that should add value to an organization by following a systematic, disciplined approach. If you’re striving to improve your business continuity program or need to audit critical suppliers, this workshop is a must. Whether you are self-assessing your program (auditing the preparedness of your suppliers) or preparing for certification, this two-hour, hands-on workshop will provide the guidance you need. Auditing methodology will be defined, evaluation criteria including international standards will be identified, and lessons learned from decades of auditing will be shared. Project management, collecting “evidence,” corroborating information gathered, and using objective criteria to identify program gaps and support your opinion will be covered.

Supplemental worksheet. See presentation listing. Auditing is an objective activity that should add value to an organization by following a systematic, disciplined approach. If you’re striving to improve your business continuity program or need to audit critical suppliers, this workshop is a must. Whether you are self-assessing your program (auditing the preparedness of your suppliers) or preparing for certification, this two-hour, hands-on workshop will provide the guidance you need.

Attend this session to discover why disaster resilience is a winning strategy and how the ARISE Initiative may bring public and private sector together to make a difference. Sands has served as Vice Chair, United Nations’ Private Sector Advisory Group for International Strategy for Disaster Risk Reduction (2013 – 2015), and was a Board member (2011 – 2013). While Vice Chair, UNISDR Private Sector membership grew to 100 companies from 42 countries. Working with IBM, he developed the first Disaster Resilience Scorecard based upon the UN’s Ten Essential for Disaster Risk Reduction in 2014; the Scorecard is an innovative tool to assess preparedness of communities to respond to, and recovery from, natural disasters. The Disaster Resilience Scorecard received international acclaim, was recognized as a best practice by the UN International Strategy for Disaster Risk Reduction and received the Notre Dame Climate Adaptation Index 2015 Prize. He also developed a private business resilience survey tool that was applied to over 200 businesses in New Orleans in 2016.

The world of continuity planning is evolving. We face more diverse risks and our influence extends beyond traditional continuity. The lines dividing emergency response, DR, and BCP are becoming blurred and the expectations of continuity planners had grown in both scope and magnitude. The traditional continuity planning methods are no longer sufficient to meet these evolving demands and risks. As an industry we need to be nimble and adapt the fundamentals into a more flexible continuity planning model. This session addresses how a company can take traditional continuity planning and morph itself into a risks and resiliency culture.

The 2017 hurricane season hit healthcare organizations hard. Hear from your peers at healthcare institutions as they relate their experiences before, during, and after the storms with a focus on lessons learned. While our panelists are from the healthcare sector, the information they will share is informative and applicable to all.

It seems that every industry or government agency wants DR and BC to be done a little bit differently. Some overlap and some don’t. Throw in a standard or two, and the plot really gets complicated. If your company touches multiple industries or agencies, how can you be in compliance? Let’s take a look at some regulations, standards, and guidelines and turn the heap of ingredients into alphabet soup that we can digest. We will look at BC and DR requirements and see if we can serve up components that can help your program be palatable and in compliance with multiple menus. Start participating now by helping out the beforehand. Send Bobby Williams a message detailing the standards, regulations, or guidelines with which you must comply. This session is meant to have gobal reach so North and South America, Europe, Africa, Asia, Australia, or Antarctica, get in on this! We don’t want anything to be left out and this is one time where there can’t be too many cooks in the kitchen. You can find Bobby on LinkedIn here or email your message to brojas@drii.org.