Roberta J. Witty
Research VP
11 years at Gartner
33 years IT industry
Roberta Witty is a research VP in Gartner Research, where she is part of the Compliance, Risk and Leadership group. Her primary area of focus is business continuity management and disaster recovery. Ms. Witty is the role specialty lead for… Read Full Bio
by Roberta J. Witty | August 31, 2011 | 2 Comments
Ensuring your staff is prepared and safe before, during and after a disaster goes a long way in ensuring workforce resilience – in other words, that your workforce will be ready and able to come to the aid of the organization during a crisis event. To that end, a new web resource – Get Tech Ready – is being stood up by the U.S. Federal Emergency Management Agency (FEMA), the American Red Cross (ARC), the Ad Council and Google Crisis Response on behalf of the FEMA’s Ready campaign. This new web resource is being released just ahead of schedule - September – which in the U.S. is designated as the annual “National Preparedness Month”, and for 2011 it is the 10 year anniversary of 9/11.
According to FEMA “this new resource educates individuals and families about how using modern-day technology can help them prepare, adapt and recover from disruptions brought on by emergencies or disasters. Get Tech Ready provides Americans with tips on how to use technological resources before, during and after a crisis to communicate with loved ones and manage your financial affairs. Preparedness tips on the website include:
- Learn how to send updates via text and internet from your mobile phone to your contacts and social channels in case voice communications are not available;
- Store your important documents such as personal and financial records in the cloud or on a secure and remote area or flash or jump drive that you can keep readily available so they can be accessed from anywhere; and
- Create an Emergency Information Document using the Ready.gov Family Emergency Plan template in Google Docs or by downloading the Ready Family Emergency Plan to record your emergency plans.”
Check it out and let us know what you think.
Category: Advisory Tags: Availability Risk, Backup and Recovery, banking, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Continuity of Operations, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Pandemic Planning, records management, Resiliency, Roberta Witty, social media, Supply Chain Risk Management, Workforce Continuity
by Roberta J. Witty | August 30, 2011 | 2 Comments
As most of us are now on the other side of Hurricane Irene, we want to ask everyone what recovery controls worked, which didn’t and which were new for your organization or your town. For example, the local fire departments around my area (Northwest CT) are offering charging stations for citizens to use for devices such as cell phones, laptops and so forth. This service is a big boost to telework programs which depend on the workforce having power from their home or distributed location.
Also, it seems that emergency/mass notification services (EMNS) were used extensively to alert the population of storm status: NYC through NotifyNYC and NYC-OEM sent regular pre- and post- alerts regarding the event, I received voicemails or emails from my local CT town management, Connecticut Light & Power, and JPMorganChase alerting me about disaster preparedness status and steps to take if I needed assistance.
Another new feature was the use of texting: If one texted the name “Irene” to 501-01, National Grid would text regular updates on electrical power restoration status to your cell phone. This feature definitely was not around back in the days of Hurricane Gloria (1985) or Bob (1991) and was quite useful since over 500K National Grid customers lost power.
Also, going to wifi hot spots at venues like Starbucks and McDonald’s is certainly a new capability. How many of you used one of these options?
And, on August 26, 2011 FEMA launched its first-ever smartphone application and text messaging updates. Available right now only on the Android smartphone, Blackberry and iPhone support will be coming in a few weeks.
What were your experiences if you were in an impacted area?
Roberta Witty and John Morency
Category: Uncategorized Tags: Availability Risk, Backup and Recovery, banking, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, records management, Recovery Planning, Resiliency, Risk Assessment, Roberta Witty, Supply Chain Risk Management, Workforce Continuity
by Roberta J. Witty | May 18, 2011 | Comments Off
The rolling blackouts designed to conserve electricity following the earthquake and tsunami in northern Japan continue to present serious challenges for enterprises. Gartner’s best practices can help IT organizations protect their infrastructures and support their workforces.
Key Findings
- The earthquake and tsunami that struck the Tohoku district in March, and the power plant failures and other infrastructure problems that followed, continue to disrupt communications, transportation and other infrastructure.
- The Japanese government and Tepco have implemented a plan for rolling electrical blackouts across Tepco’s coverage area, designed to reduce power usage and avoid total power failures.
- These blackouts present serious challenges for Japanese enterprises, particularly in maintaining the operational integrity of their data centers and offering alternative system access to remote workers.
Tepco has said it will not carry out its planned rolling blackouts this summer, but electrical supply continues to present challenges for Japanese enterprises. Gartner has developed a set of best practices for various scenarios and affected parties for IT organizations in Japan and worldwide. The appropriate response to the rolling blackout depends heavily on whether or not the enterprise’s data center has its own dedicated backup power generator.
Read more about the best practices – if you are an organization impacted by the earthquake/tsunami or not – in the full report by my colleagues Masahiko Ishibashi, Eiichi Matsubara, Nagayoshi Nakano and Katsuo Hori. Being a Gartner customer may be required.
Category: Uncategorized Tags: Availability Risk, Backup and Recovery, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Crisis Management, Data Protection, Disaster Recovery, Emergency Preparedness, Governance, IT Disaster Recovery, Operational Risk Management, records management, Recovery Planning, Recovery Plans, Resiliency, Supply Chain Risk Management, Workforce Continuity
by Roberta J. Witty | May 15, 2011 | Comments Off
For many organizations, engaging external assistance can often be the step needed to develop, mature and modernize a business continuity management program. Gartner’s recent survey of BCM consulting providers and services delivers the information clients need to make informed engagement decisions.
The findings in this research are based on a joint Gartner and Business Continuity Institute (BCI) survey of business continuity management (BCM) consulting firms conducted during the first quarter of 2011. The survey objective was to better understand the breadth and depth of BCM service offerings. It was sent by BCI to its self-identified consultant membership and by Gartner to members on its BCM consultancy list that opted to participate. The survey closed on 4 March 2011.
Key Findings
- Many firms say they cover many BCM disciplines, but terminology varies across industries and countries, and so, misunderstandings are common.
- There is an increased need for consultants with specific skill sets:
- Strategic program development
- Tactical program improvements
- Pragmatic, situation-based expertise
- A strong BCM program cannot be run by consultants alone. Therefore, BCM expertise must be brought in-house to ensure its continuing success.
- Due to the 2008 global financial crisis (GFC), consultant ranks have risen due to the layoffs of BCM professionals, and many of these people have taken jobs as consultants while waiting for a full-time BCM practitioner position.
- Fifty percent of BCM consultancies are small, with one to four full-time consultants onboard.
- Organization certification support is low — 13% of firms surveyed have BS 25999 Lead Auditor certification — in alignment with the existing low level of organizations that have such certification.
- Ninety-two percent of BCM consulting engagements are for planning services.
- Only one-quarter (24%) of BCM consulting firms offer a guarantee for services rendered.
Read the full report here: BCM Consultancy Survey, 2011. You may need to be a Gartner client to access the report.
Category: Uncategorized Tags: Availability Risk, Backup and Recovery, BCM, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Crisis Management, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Pandemic Planning, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, Supply Chain Risk Management, Workforce Continuity
by Roberta J. Witty | March 31, 2011 | 1 Comment
Gartner Research has taken many steps over the last few weeks to supply our customers around the globe with strategic and tactical advice regarding the impact of the Japan earthquake/tsunami disaster.
First, we stood up for our Japanese speaking customers a special Business Continuity Management site to provide news and easy access to many business continuity management and supply chain management notes translated into Japanese.
Second, we stood up an English language Disaster Recovery and Business Continuity web site for all other customers to get easy access to these same research notes.
Third, we have published a number of new research notes related to the disaster, including:
Business Continuity Management/Supply Chain Management
• Japan Disaster Shows the Importance of ‘Open’ Crisis Management Tools
• Japan Earthquake and Tsunami Reaffirm the Need for Sensors
• Five Key Supply Chain Actions to Take When Disaster Strikes
• How Are Supply Chains Responding to the Ongoing Crisis in Japan?
• Best Practices for Recovering Critical Data From Damaged Hard Drives and Other Physical Media
• Management Update: Top 10 Business Trends Impacting the Utility Industry in 2011
• How to Manage the Sustainability Impact Triggered by the Japanese Energy Crisis
• Toolkit: Assessing the Effectiveness of Recovery Plans Following a Disaster
• Remote/Teleworking Practices Offer Opportunities to Help Japanese Businesses Recover From Disaster
• Best Practices for Making Insurance Claims Following the Japan Earthquake and Tsunami
Technology Market Impact
• Impact of Japan Earthquake on IT Services Market
• Japan Earthquake Will Cause Shortage of BT Resin in Electronics Supply Chain
• Japan’s Earthquake Creates Mixed Outlook for Memory Market
• Prepare for Printer Supply Shortages Following Japan’s Earthquake
• Japan’s Earthquake Creates Risks and Opportunities for Electronics and Semiconductor Companies
• Weekly Memory Pricing Index, 25 March 2011
• MCU Manufacturers Will Face Some Challenges After Crisis in Japan
• Disasters in Japan Make Semiconductor Industry Face Silicon Shortage
• Impact of the Disaster on the Japanese and Global Software Markets
• Forecast Analysis: Mobile Devices, Worldwide, 2008-2015, 1Q11 Update
• Disasters in Japan Lead to Continued Uncertainty in Lithium-ion Battery Supply for Notebooks and Consumer Devices
• Foundries Can Stem Semiconductor Production Losses by Japanese Vendors
• Forecast Alert: IT Spending, Worldwide, 1Q11 Update
• Forecast Analysis: Semiconductor Manufacturing Equipment, Worldwide, 2010-2015, 1Q11 Update
Gartner Invest
• Invest Implications: Impact of Japan Earthquake on IT Services Market
• Invest Implications: Japan Earthquake Will Cause Shortage of BT Resin in Electronics Supply Chain
• Invest Implications: Prepare for Printer Supply Shortages Following Japan’s Earthquake
• Invest Implications: Foundries Can Stem Semiconductor Production Losses by Japanese Vendors
• Invest Implications: Disasters in Japan Lead to Continued Uncertainty in Lithium-ion Battery Supply for Notebooks and Consumer Devices
• Invest Implications: Japan’s Earthquake Creates Risks and Opportunities for Electronics and Semiconductor Companies
• Invest Implications: Weekly Memory Pricing Index, 25 March 2011
• Invest Implications: Disasters in Japan Make Semiconductor Industry Face Silicon Shortage
We continue to monitor the disaster and will be publishing additional advice for our customers. Searching www.gartner.com for “Japan earthquake” will return all research notes published to date on the topic.
Category: Uncategorized Tags:
by Roberta J. Witty | March 15, 2011 | Comments Off
by Roberta J. Witty | March 3, 2011 | 1 Comment
I’ve been in Australia for the last few days running workshops on how Queensland responded to the January/2011 floods. There were actually three flooding events: flash flooding in the western area (Toowoomba and Grantham), and then a few days later, flooding in the northern area and central district of Brisbane occurred. Many people lost their homes and personal possessions. Some organizations had buildings condemned and won’t ever be able to return to them.
The feedback from the organizations I met with pointed to a few classic problems in crisis and emergency management:
1) the lack of an authoritative source for accurate and timely information;
2) the lack of coordination regarding evacuations; and
3) the lack of coordination regarding power shutdowns.
These problems caused 1) government web site overload from people seeking accurate information which then led to falsehoods being spread via social media sites such as Facebook and Twitter, 2) gridlock out of Brisbane on January 11, 2011 after evacuation notices were sent to central district tenants, 3) organizations not being able to gracefully shutdown their data centers due to short notice of power shutdowns, and 4) confusion and frustration between the workforce and management – not every organization immediately issued an evacuation notice to their workforce. Compounding the tension were workforce communications problems due to the lack of Internet, cell phone and land line access as well as the lack of personnel on site on January 11, 2011 due to the northern area flooding where many people live – as one would expect, they stayed home to tend to their personal crises instead of coming to work.
On the positive side, the Queensland Police Service has been glowingly praised for countering the falsehoods being spread, including one that the Wivenhoe Dam would break and annihilate all of Brisbane.
All of the organizations I spoke with stood up their crisis command/emergency operations centers – many lost IT services for a few days, many were out of their production facilities for a few weeks and as mentioned previously, some lost their buildings for good. But all managed their way to recovery success and have returned to business as usual.
I will be publishing a more detailed report on these findings in the coming months, so watch for it on www.gartner.com.
Category: Advisory Tags: Availability Risk, BCM, Business Continuity Management, Business Continuity Planning, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Crisis Management, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Recovery Planning, Workforce Continuity
by Roberta J. Witty | February 9, 2011 | 3 Comments
I live in CT. I have snow on my roof. Lots of it. For the last few weeks, I’ve used a snow rake to remove it from my rather flat sunroom roof. With almost daily news reports hailing roof collapses due to the weight of snow in excess of two feet in some places, you’d think that businesses would be especially attentive to the issue. Especially business continuity management (BCM) vendors. But a recent article “Weighty issue for local roofs” from the Lowellsun.com media site pointed to a partial roof collapse of an Iron Mountain facility in Billerica, MA. I wonder whose records might be impacted by this crisis, if anyone?
Granted, excessive snow on roofs is a rather uncommon event (even in New England), and given the number of unique crises in 2010 and 2011 – volcanic ash and a government countrywide shut down of Internet and cell phone access to name just two, the risks facing BCM managers is growing and they are getting lots of great experience in treading new tracks (snow management tracks in this case). So the question is why did the Iron Mountain situation occur given the weeks of news reports of such events taking place?
The underlying reasons for this collapse have not been made public by Iron Mountain, but I can tell you that BCM service providers are a critical group of vendors that must be included in your supply chain availability risk management program. Not just from the planning perspective, but from the crisis management perspective as well. How many firms stood up their crisis command center and pro-actively reached out to their vendors since December/2010 to understand how they were handling the excessive snow and how secure their assets are and will be if the situation gets worse? Not many I’m sure. The 2009 H1N1 crisis was one situation where some firms did do such outreach.
Customers of every records management vendor, or any vendor that houses your organization’s assets, should understand in detail what are the vendor’s guarantees regarding the safeguarding of assets in unique circumstances such as excessive snow, and understand what recourse you have if they are damaged or if the situation is too risky for them to remain in their current facility. You should also require an annual assessment report of the vendor’s own BCM plan for the facility in which your assets are stored.
If you know of other such events for BCM service providers, if your firm has stood up their crisis command center this winter or have your own experience in these situations, we’d love to hear from you.
Category: Advisory Tags: Availability Risk, Backup and Recovery, BCM, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, compliance, Disaster Recovery, ediscovery, IT Disaster Recovery, records management, Workforce Continuity
by Roberta J. Witty | December 9, 2010 | 2 Comments
Earlier this week, the U.S. Department of Homeland Security announced on their web site “The Blog @ Homeland Security” that they have partnered with Wal-Mart to further promote DHS’ campaign of “If You See Something, Say Something”. Tagged “Hometown Security”, the video of Janet Napolitano, Security of the U.S. Department of Homeland Security advises Wal-Mart shoppers to say something to the police, sheriff or Wal-Mart management if they see something suspicious taking place in the parking lot or store. Not bad advice when you come to think of it.
But isn’t it obvious to do so? Are Americans THAT removed, resigned, scared, numb or distrustful to take action on what we inherently know as something “fishy”? Or, is DHS taking a page from a prior era with the major marketing success of “Smokey Bear” for fire prevention?
Depending on how Wal-Mart rolls out the program, shoppers may not even notice the announcement. I know for myself, as soon as I enter a store, I bypass anything and everything – notices, greeters and so forth – that distracts me from getting my shopping finished. It’s a rare occasion for me to lollygag. And putting diapers next to the milk has absolutely no effect on me – maybe because I don’t shop for either. But I have my list and that’s what I buy.
DHS has already rolled out “If You See Something, Say Something” in transportation environments, but in many of those forums, you are typically a captive audience – you can’t easily get off the subway to avoid the message.
What do you think? Would you notice the announcement in a store? Would you take time out of your busy life to watch it? Are there better ways for DHS to consumer-enable the message? Let me know: I’m of two minds on this one: national security is of utmost importance but is the message channel the right approach?
Category: Uncategorized Tags: Availability Risk, Business Continuity Planning, Contingency Planning, Continuity of Operations, COOP, Data Protection, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Resiliency, Roberta Witty, Workforce Continuity
by Roberta J. Witty | November 30, 2010 | 1 Comment
In Q3/2010, Gartner published 18 maturity self-assessment tools under the trade name of ITScore. One of the tools is for BCM: ITScore for Business Continuity Management. This ITScore-based Maturity Assessment represents an evaluation of an enterprise BCM program based on key indicators of maturity, which encompass management processes, personnel and organization, technologies and tools, and business culture. Gartner has identified five maturity levels: Initial, Developing, Defined, Managed and Optimizing. Check it out.
Category: Uncategorized Tags: Availability Risk, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Data Protection, Disaster Recovery, Emergency Notification, Emergency Preparedness, Governance, H1N1, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Pandemic Planning, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, Roberta Witty, Workforce Continuity
