IN THIS ISSUE:
- November TUG MoM - Register now...
- Corporate Resiliency Policy - article by Garth Tucker
- iDev Cloud
- Stay Connected - Confirm your subscription to TUG Buzz
Registration is now open for the
November Meeting of Members!
Date: Wednesday November 21, 2018
LOCATION: Monte Carlo Inn, Markham Downtown
7255 Warden Ave (at Denison Street)
Markham, Ontario L3R 1B4
** FREE Parking **
SPEAKERS: (from the IBM Toronto Lab)
AGENDA for November 21st MoM
ADMISSION: Free for TUG members ($60 non-members)
Registration starts at 4:30 pm
5:00 pm - Session 1:
Barbara Morris with Edmund Reinhardt
Test Driven Development - Leveraging Best Practices for RPG and IBM i Development
• Current best practice for producing high quality software is Test-Driven Development.
• These practices can be applied to RPG development on IBM i.....read more.
7:00 pm - Session 2:
Best Practices for RPG Coding
How using service programs can modernize your development, both new function and maintenance....read more.
Back to Top
[article] Corporate Resilience Policy
By Garth Tucker
Whether you call it disaster recovery, business continuity, emergency management, or any variant thereof, you will likely not be truly successful in your resilience program without a corporate policy endorsed by the senior leadership team.
Why is this?
Direction. Left to their own devices, business unit managers/administrators will either ignore requests from the team building the program because they're "too busy" or, even worse, believe that they know better how to deal with a crisis. In my experience, the policy is an often-overlooked part of a program or it's not effective enough to provide the clout required to ensure compliance from all business units/departments. With a well thought out policy that has the stamp of the C-Level on it, there is no room left for argument or interpretation and all involved will be rowing in the same direction in the building and maintenance of your resilience program.
My approach. When wearing my consulting hat for Green Apple, and previously for Dynamic Disaster Recovery, and received a request to build a DR or BC plan, the first thing is to explain that I will not write them a plan but build them a program and begin to instill a culture of resiliency within all departments. After we've agreed on what the project consists of, I either review any current policies in place and recommend changes as required or produce a generic policy document as a starting point for review, development, and ultimately, to be implemented throughout the organization.
What makes a good policy?
To be effective, your resilience policy must outline:
1. Objective(s): What are you trying to accomplish? Reduce downtime? Reduce costs of outages? Life safety? Lower insurance premiums/deductibles? All of these are legitimate objectives and may require different approaches to accomplish, so you must identify them to determine the size of the breadbox you're going to build.
a. Departments/Business Units
Obviously, we want to ensure the entire organization is covered under the program, however, budget constraints or other roadblocks may cause you to specify what will be included in the program initially. The policy document can be amended later when it's possible to include more business units.
How will the program be developed and maintained over time? Once you've determined how your program will be built (ISO standards preferably), put it in the policy so that if there's a change in staffing, those coming along behind understand what was being done and can continue without wasting significant amounts of time deciphering what the previous person was doing.
c. Risk assessment
This can be a tricky thing to stickhandle around and it's best if the Enterprise Risk Management folks are involved and everyone understands the difference between what ERM does and the detailed operational RA that resilience planning requires to avoid disagreements down the road that will block achieving objectives.
I've written previously on my approach to training the Business Unit Champions and Subject Matter Experts on the various parts of resilience planning to achieve better results. We must also ensure that all departments understand that they must take part in training and exercises to ensure familiarity and accuracy of the plans.
I call this the Tom Sawyer approach to consulting/management ☺
You must identify how often you will audit internally and how often to bring in an outside firm or expert to provide a different perspective.
f. Remediation of audit findings
Once you have the finding, your policy should identify how long they have to fix the issue(s) before punitive measures are enforced against departments or facilities that are out of compliance.
This defines the yearly processes that maintain your plans/program and should allow for exceptional occurrences that may delay a department or facilities ability to comply with the policy. The process allowing for this must be defined as well so that it can be noted in any following audit.
3. How scope requirements will be fulfilled: This identifies the who's, what's, when's, where's and how's of the development and maintenance of the program. Requirements detailing responsible positions and measures to ensure compliance, etc.
4. Review & Approval (signatures): Pretty straightforward, but you must identify who must sign off on or approve the policy and under whose authority punitive measures will be enforced.
This is as much of an overview as I can fit into a thousand words or less but covers many of the things I've seen overlooked in most organizations or industries and has hopefully opened a few non-practitioners' eyes to allow them to ensure they're getting good advice from their consultants or program staff.
Garth Tucker, CBCP, CORP
Garth is a DRI Certified Business Continuity Professional (CBCP), a member of the International Association of Emergency Managers (IAEM), an experienced Disaster Recovery, and Emergency Management planner. His career focus is on the development and management of resiliency programs as well as effective management of crisis events.
The path to his current position began with software development, project and program management, and as an IT technology educator worldwide for IBM in the late 1990s and early 2000s. He transitioned to disaster recovery, business continuity, and crisis management beginning in 2002. Significant formal, and self-education throughout his career has ensured he remains relevant and effective.
Back To Top
Sign up now for iDevCloud! You will be able to:
- Share between multiple developers
- Get private library and storage
- Have access to most of the IBM i development tools
- Have all compilers for IBM i tools available
The Performance is monitored by system managers with adjustments as needed. The system is accessible at anytime from anywhere in the world. Just a computer and an internet connection are needed. Any work done on the system stays on the system until removed by its owner.
Contact Leo Lefebvre at email@example.com to get started.
(*Free startup for TUG members.)
Back To Top
Stay Connected with TUG
The Toronto Users Group is committed to providing you with communications that are timely, relevant, and insightful.
Canada's Anti-Spam Legislation (CAS) requires that we receive your permission to continue sending you emails.
You may have already given us your consent. If you haven't done so yet, or if you're not sure, please click on the following link to indicate that you would like to continue receiving electronic communications from TUG.
Should you change your mind, you can unsubscribe at any time, by clicking on "manage your subscription" at the bottom of our messages.
Back To Top
<!- ********************************************************************************* -->
The Toronto Users Group for Power Systems (TUG) is a user group/forum for the exchange of ideas, and specializes in providing affordable education relating to the IBM iSeries, AS/400, System i, and Power Systems platforms. TUG is in its 34th year of operation.
TUG is the proud recipient of a 2017/ 2018 Maxava iFoundation grant.
Articles & Downloads archives
TUG Buzz! archives