Boardroom
IBM

In The Boardroom With...

Mr. Philippe Jarre
Vice President IBM Business Continuity and Resiliency Services
www.IBM.com
NYSE: IBM

SecurityStockWatch.com: Please give us an overview of your background and your role with IBM Business Continuity and Resiliency Services.

Philippe Jarre: In 2005, I was appointed IBM’s Global Vice President of Business Continuity and Resiliency Services (BCRS), a service product line of IBM Global Technology Services. With over 1500 experts around the globe, the BCRS division helps clients build, deploy, and manage the continuity of their business so they can minimize disruption while building a resilient organization.

Prior to this position, I was Vice President of IBM Global Integrated Technology Services and before this the Executive Assistant to the Senior Vice President of IBM Global Services in New York. I have also served as VP for BCRS Europe and was leading the successful acquisition of Schlumberger Business Continuity in 2004.

SecurityStockWatch.com: One will read on IBM.com that, “Our services go well beyond traditional disaster relief. We help companies build resilience into every layer of their business by anticipating the potential impact of a wide range of threats. IBM's business continuity experts have identified three categories of threats that must be addressed in a continuity program. Our comprehensive portfolio addresses all three categories: business-driven, data-driven and event-driven." Please give us a summary of IBM’s capabilities in each of these three categories.

Philippe Jarre: Any comprehensive approach to business continuity and resiliency is going to include both proactive and reactive components. If clients plan well, they can deliver day-to-day value to the organization in terms of improved efficiency, higher service levels, increased satisfaction, more effective operations, more effective risk mitigation programs and greater alignment with regulations. Based on this, our offerings are designed to match three main areas of concern – business driven, data driven and event driven concerns.

On the more proactive end of the spectrum, IBM has business- driven approaches to continuity programs. Business continuity and regulatory compliance would both fit under the business-driven category.

  • IBM Business Continuity Services can leverage our business process expertise and over 40 years of experience in disaster recovery to help clients identify and fill gaps in their current continuity strategy, and to develop and manage a program aligned to their business needs and to documented industry best practices.
  • IBM Regulatory Compliance Services provides objective, industry-specific input regarding client exposure to regulatory risk—so clients can mitigate the danger of noncompliance while anticipating and responding competitively to changes in the regulatory landscape.

For many organizations data continuity is business continuity, but when it comes to protecting business-critical data, many organizations fall short. IBM offers data-driven services to help address these concerns.

  • IBM High Availability Services are designed to help clients avoid the costs of downtime and recovery. Clients can rely on IBM for assistance in assessing, planning for, creating and running an infrastructure that supports the availability and performance objectives of their businesses, including access to business processes, IT environments and networks.
  • IBM Data Continuity Services helps identify clients’ most critical business data and develop and implement a prioritized plan for its retention and retrieval. The plan is based on regulations and business needs—so information is available virtually anytime, anywhere—equipping employees, partners and customers with the tools they need for making decisions, driving revenue and reducing costs.

A lot of companies begin business continuity planning with disaster preparedness, because when a disaster does strike, what matters is how rapid and effective is their response and then how quickly they recover. For these concerns, IBM offers event-driven services:

  • IBM Disaster Recovery Services are designed to help clients plan for and respond to a disruptive event. The service helps clients easily recover their business operations in accordance with their predefined service level objectives.
  • IBM Crisis Management Services delivers an exceptional level of onsite crisis response experience to help clients prepare for, respond to and recover from emergency situations. Clients can rely on the support of a trusted teammate that can provide communications and coordination enablement services as well as trauma counseling and infrastructure repair and replacement.

SecurityStockWatch.com: We understand that your business unit has provided services in connection with the Katrina disaster. Care to provide any details?

Philippe Jarre: IBM responded to the Hurricane Katrina crisis with a commitment of people and resources to meet the needs of the affected communities and businesses.

The IBM Crisis Response Team (CRT), supported by the IBM Emergency Operations Center (EOC) in Sterling Lake, New York, began monitoring Katrina before it crossed Florida. IBM employees in the region and members of the IBM EOC, and the Crisis Response Team were put on alert. Menu prompts for the 1 800 IBM-SERV number were changed to give priority to customers affected by Katrina. EOC representatives — call handlers, project managers, engineers and other IBM experts — began talking to clients about their preparations as the storm churned across the Gulf of Mexico.

Once the hurricane hit, it became clear that a full-scale response would be required. The IBM Crisis Response Team converged on Baton Rogue, Louisiana, and a second EOC was activated in Boulder, Colorado. The IBM team members were in direct contact with federal, state and local officials, interacting with the governors’ offices of Louisiana, Alabama and Mississippi, as well as the governors’ emergency offices. These team members provided advice and expertise, and served as touch points between the authorities and agencies that needed help and the available IBM resources coordinated by the Crisis Response Team, IBM corporate community relations and the BCRS emergency operations center.

The chaotic evacuation of thousands of people from the area to shelters around the country created enormous challenges. Displaced individuals needed to reconnect with missing family members and loved ones. Many local residents needed help in finding a place to live and obtaining the services needed for their families. One of IBM’s solutions included the use of a database technology from IBM Entity Analytics Solutions. This system was utilized for collecting and processing information needed to facilitate the missing person reunification process.

IBM provided application development and hosting services for a variety of relief efforts and the IBM Crisis Response Team “Trauma Docs” were also brought in to help address the emotional trauma issues being faced.

SecurityStockWatch.com: Are there any other “wins” in the public or private sector you’d like to mention?

Philippe Jarre: One very interesting win for our recently launched Crisis Response service was around the last World Cup event which took place in Europe. What IBM has learned is that regardless of type or magnitude of disaster, interoperable communications and information flow is key to effectively responding to an emergency. In this particular customer situation, the City of Munich had contracted with IBM’s Software Group to operate an incident management tool that IBM offers to manage any emergency situation that may occur during the event. For the public safety officials to effectively use this tool, it was planned to ride on a temporary private network given that the public network would most likely be overloaded with fans calling back home, emailing pictures and videos, etc. At the last minute, the City learned that the provider of that temporary network was not ready, and there would be no incident management tool or process to operate without the network to run it on. So, IBM rapidly deployed our suitcase-based, emergency response network platform and personnel to Munich and within hours of arrival, the interoperable network was operational and the incident management tool was in the hands of the emergency management personnel to use.

This is just one example of how our service was actually able to help the customer avoid an impending crisis which would have surely occurred had they operated the event in the dark so to speak with no overt communications and no overt coordination systems in place. By deploying our Crisis Response service rapidly, the City and World Cup organizing committee was able to successfully operate throughout the event in a coordinated manner with no major, unhandled incidents reported.

SecurityStockWatch.com: Without divulging any proprietary or confidential information, how does IBM assure that contingency plans will actually work when needed?

Philippe Jarre: Although the customer is ultimately responsible for ensuring that their contingency plans are aligned with their business objectives, IBM BCRS has available a series of offerings comprised of proven methodologies and services that will assist clients in the development, maintenance and testing of a robust contingency plan. These offerings include a combination of consulting methodologies, technical and recovery procedures. For example, Business Impact Analysis, Disaster Recovery Planning and Recovery Readiness Assessments help identify the customers’ critical business processes. Technical recovery procedures, standard test processes, and highly trained technical recovery experts (both IBM and non-IBM equipment) help the customer with the recovery of their necessary business processes and supporting systems. The key to preparedness is testing. IBM encourages customers to test their plans yearly to ensure that they can recover in the event it is required.

SecurityStockWatch.com: Congratulations on the recent announcement regarding the teaming arrangement with Cisco to offer crisis management services. What is the solution that this partnership will bring to the marketplace?

Philippe Jarre: The solution that IBM recently launched with Cisco involves the bundling of critical services, commercial software and hardware, networking equipment and applications into a single package provided on a subscription basis as a service. By combining these commercial technologies along with critical services, our solution is able to help customers properly plan and prepare for disasters of all types, rapidly deploy the interoperability necessary during the first stages of a crisis and continue operating those capabilities to accelerate one’s recovery efforts. And since IBM and Cisco have preconfigured these capabilities along with the experts to maintain them, clients are less likely to encounter a situation where their employees can’t communicate either with one another or with first responders because of technical glitches or incompatible protocols.

As a service-oriented solution, IBM and Cisco are also able to tailor the piece parts to address individual crisis management needs, to supplement clients’ daily operations capabilities, to fill gaps and give clients a means of affordable scalability over time as their needs change.

In a simplistic manner, our recent Crisis Management Solution combines IBM’s global reach and reputation in information management with Cisco’s technical credibility and reputation in communications to bring to our customers the thought leadership and level of interoperability they need to effectively prepare for, respond to and recover from emergency situations.

SecurityStockWatch.com: And, can we have a similar overview of the IBM’s strategic relationship with Citrix?

Philippe Jarre: In partnership with Citrix, IBM offers Virtual Workplace Continuity which is designed to provide clients with a quick and efficient approach for enabling employees to access critical applications and communicate effectively during emergencies or other disruptive events.

During an unplanned event, such as a pandemic, transit strike, hurricane or terrorist act, it could be days—or even weeks—before employees can report to their normal work locations. And even if companies have a written plan for dealing with a disaster, without a comprehensive strategy and the right tools, they still may not be prepared.

Virtual Workplace Continuity is designed to provide clients with an effective strategy for dealing with disasters and other work-disrupting events. Not only does the service help clients enable employees to continue to collaborate, communicate and perform their work even when they are suddenly unable to come into the office, but it assists clients in staying in contact with employees and keeping them informed about the status of the situation. In addition, this service provides the tools that will allow clients to maintain contact with employees so that they may respond with any assistance they may need.

Virtual workplace continuity is designed to enable clients to:

  • Notify employees, partners and suppliers of emergencies or other events impacting business operations
  • Allow employees to remotely access their desktops and vital corporate applications
  • Redirect inbound and outbound calls
  • Enable collaboration through instant messaging
  • Provide employees with a virtual bulletin board for sharing information with one another
  • Quickly ascertain whether employees have checked in and what their status may be

SecurityStockWatch.com: What is your perspective on the market drivers for IBM Business Continuity and Resiliency Services at this time?

Philippe Jarre: The fact is the world is riskier than it used to be. There do seem to have been more natural and man-made disasters in the headlines recently. But what’s also changed is the impact these events have on globalized businesses. And while clients might be located in an area that’s relatively stable, a critical facility or supply chain partner may not be. With this in mind some of the specific drivers for Business Continuity & Resiliency are as follows:

  • Expanding risk exposures: Natural disasters have continued to increase in intensity and impact; critical lifeline infrastructures (power, water, telephone) are rapidly aging; and effects of a low-probability, high-impact terrorism event cannot be ignored.
  • Greater financial implications: Insurance premiums for business interruption have significantly increased since 9/11. Coverage levels have decreased while minimal acceptable coverage standards have increased. In addition, the impact of downtime may be more far reaching than one might think.
  • Data integrity requirements: Key business records necessary for business operations, litigation and compliance must be preserved (e.g., patient records, customer data, transactions histories, e-mail).
  • Changing industry and regulatory standards: Ignoring known risks is not acceptable to stockholders, customers, employees or regulators. Legislative and regulatory actions continue to increase. Accurate record keeping and reporting are assumed and required and there can be major penalties for noncompliance.
  • Geographic dispersal requirements: Close proximity of facilities increases the impact of an outage. Data centers and their complex web of applications are increasingly vital for day-to-day activities.

SecuritystockWatch.com: What resources such as streaming video, webinars, webcasts, podcasts, “white papers” and “case studies” are available for end-users on www.IBM.com?

Philippe Jarre: We have many resources on our website for our clients to learn more about business resilience issues and how they should approach these challenges. Below is a selection of some of these resources: