MERC

Nov. 8 , 2006, Institutional Representatives Meeting Keynote Presentation Information

A Business Model for Continuity Planning

William J. Rider
Manager, Data Security and Disaster Recovery
Johns Hopkins Hospital & University

Companies have been developing, implementing, testing, and executing I.T. Disaster Recovery Plans (DRPs) for years. Colleges and universities have now become increasingly aware of their extreme dependence on their information storage, communication and processing systems. Disasters such as hurricane Katrina vividly demonstrated the potential for damage, and greatly increased the awareness of risk among university administrators who once considered their environments safe.

As I.T. Disaster Recovery efforts have evolved over the years, so have the many and varied definitions and acronyms used to describe the recovery of I.T. services. Operational areas of the organization concerned with an interruption in critical business functions have built contingency plans (BCPs) to address an interruption in their business operations and their supply chains. Once again, the terminology has proven to be a moving target. The role of both Emergency Response (ERP) and Crisis Management (CMP) planning seem to be changing almost daily, in light of the expanding risks that global terrorism and large-scale natural events represent. It could very well be that this constant shift in roles and resulting confusion with terminology goes to the heart of our credibility as an industry.

Rather than attempt to impose a discrete set of definitions for all organizations, this session will discuss the roles of several of the risk management components, and the relationships that exist among them, so that an institution can, at a minimum, ensure that critical aspects of business protection are identified and addressed within the framework of their culture.

This session will develop a set of working definitions for components of emergency planning and elaborate on each of those components as they relate to an overall continuity of operations program, and will include discussions on:

• Emergency Response Planning
• Disaster Recovery Planning
• Business Continuity Planning
• Crisis Management Planning

Also, the Disaster Recovery portion will take a more detailed look at the evolution from a traditional recovery strategy to that of a hybrid solution of internal and external capabilities that strives to find the optimum recovery point based on the cost of recovery versus the cost of risk assumption.

William J. Rider
Manager, Data Security & Disaster Recovery Johns Hopkins Hospital & University

Mr. Rider is the Manager of Data Security and Disaster Recovery for Johns Hopkins Hospital and University. His responsibilities include managing the data security administration and analysis functions and the development, maintenance and testing of the disaster recovery and business contingency capabilities for the Johns Hopkins Hospital and University Information Technology areas. Prior to Johns Hopkins, Mr. Rider was the Manager of Business Recovery Services for Moore Business Communications Services where he managed a print/mail recovery center for high volume print/mail applications. Prior to that, Mr. Rider spent eleven years at Blue Cross and Blue Shield of Maryland as an auditor, disaster recovery coordinator, and the supervisor for data security and disaster recovery. Mr. Rider is a past member of the Certification Board of Directors for the Disaster Recovery Institute International, the Editorial Advisory Board for the Disaster Recovery Journal, the Editorial Advisory Board for Contingency Planning & Management magazine, a current member of the Editorial Advisory Board for Continuity Insights, and president of the Business Continuity Planning Workgroup For Healthcare Organizations (BCPWHO). Mr. Rider has thirty +  years experience in Healthcare I.T. with twenty-two of those being in disaster recovery and data security.