2009 November

Cost Issues are Major Topic at 8th Annual e-Discovery Conference

November 11, 2009 By Continuity_Compliance Leave a Comment

Many organizations are now beginning to focus the attention of their in-house counsel and in-house compliance analysis teams to better explore the current risks, opportunities and challenges facing e-Discovery as it relates to their own operational compliance requirements and record retention policies. Certainly there is more information available today on this topic than ever before, and, keeping up with the developments in this area can be a daunting challenge,to say the least.

However, with the growing concerns of data breaches continuing to impact companies of all sizes, the risks of being sued over a data breach occurence and having to be prepared for the litigation requirements in those lawsuits, remains a risk management topic that no company can ignore.

When you consider the e-discovery process under this scenario and the fact that it is a pressing issue requiring the serious attention from CIO’s and top business executives — you quickly realize that information security compliance is an important component needed in that process to better contain any costs incurred if your company chooses to have an e-disclosure litigation preparedness plan in place and ready to react to any potential lawsuit against that company.

A recent press release announcing a conference on e-Discovery and titled “Deloitte, General Electric, NBC and Samsung Discuss Cost-Management Options for eDiscovery and Litigation Preparedness” reinforces this message and should be an agenda item of consideration for most organizations who are planning their next information security project. (Click here to view this press release)

Therefore, if your organization is relating its business information security requirements in any way to the potential risk of litigation preparedness and also wishes to have a proactive plan in place to address this potential lawsuit risk — then learning more about this e-Discovery Conference and how to recieve a benefit from it, is something to mark on your calendar for follow-up. You can get more information and details on this conference by clicking here.

Filed Under: Information Security Tagged With: business information security, compliance analysis, compliance evaluation, e-Discovery. risk management, eDiscovery, information security compliance, information security project, operational compliance

DHS Announces PS-Prep Outreach Meetings

November 11, 2009 By Continuity_Compliance Leave a Comment

On November 4th, the DHS posted a listing of all the Outreach Meetings that will occur and address the issues surrounding the PS-Prep (Private Sector Preparedness) program.

The meetings are slated in each of the ten (10) FEMA regions around the country. The first meeting will be held on November 17th in the Chicago, IL area and the last scheduled Outreach Meeting will occur on December 14th in Atlanta, GA.

Along with setting up these meetings, DHS has extended the comment period on the proposed standards to be included in the PS-Prep Program to January 15, 2010.

Click Here to link to the DHS web page that lists all of the meetings, their dates and their locations.

Do you agree with the DHS choice of standards? Disagree? Do you want more information? If you have an opinion that needs to be expressed on this topic? … Then this is the meeting you should plan to attend.

As the DHS states on their site, “…these outreach meetings are so that the public can “engage in dialogue” with the DHS PS-Prep program managers, and staff”.

Filed Under: PS-Prep Program Tagged With: DHS, Outreach Meetings, Private Sector Preparedness, PS-Prep

PS-Prep Heats Up Organizational Certification Debate

November 9, 2009 By Continuity_Compliance Leave a Comment

The Disaster Recovery Institute International (DRI) has recently raised the debate and in fact clearly presented a position of caution regarding the organizational certification focus as voiced by the DHS’s PS-Prep program.

This issue has certainly been around the business continuity and preparedness community before, but, a recent article written by Robert Giffen, from the Avalution Group, and posted on the Continuity Central website is well worth your effort to read and gain a better perspective on the topic.

We encourage you to read this article and pass it along to the members of your BCP and business readiness planning teams.

Filed Under: PS-Prep Program Tagged With: business contiuity, business preparedness, PS-Prep

ASIS Submits Comments in Response to PS-Prep and Federal Register Public Notice

November 7, 2009 By Continuity_Compliance Leave a Comment

ASIS International (ASIS) has submitted its comments in response to the Federal Register Public Notice released October 16, 2009 and can be read by clicking here.

The comments submitted by ASIS address many of the preparedness that are very timely, and trying an answer issues faced by internal planning teams in so many organizations today. Some of those topics encompass at least the following areas: information security assessment, network security assessment, survey compliance activities, information security standards, information security infrastructure, information security document(s), information security operations and information security operations.

For at least the reasons listed above, we suggest passing these comments along to the members of those internal planning committees in your organization.

ASIS is the largest organization for security professionals, with more than 37,000 members worldwide and is also an American National Standards Institute (ANSI) accredited Standards Development Organization (SDO).

Filed Under: PS-Prep Program Tagged With: American National Standards Institute, ANSI, ASIS, Federal Register, information security assessment, information security document, information security infrastructure, information security operations, information security standards, SDO, Standards Development Organization, survey complaince

Impacts of an IT Compliance Audit

November 6, 2009 By Continuity_Compliance Leave a Comment

One of our often cited reference website blogs is that of SearchCompliance.com. Recently the topic of IT compliance auditing became a popular area of dialogue in the FAQ section of the SearchCompliance site.

We have received similar questions from our readers from time to time regarding the topic of auditing and as a result, would like to recommend that your organization’s IT department should read this blog posting for some insights into the topic of compliance auditing of IT.

Some of the questions addressed in this blog are: (1) What is a compliance audit? (2) How are compliance audits different? (3) What regulations require compliance audits? and (4) Who performs compliance audits?

Such IT audits as referenced in this blog, address many issues including the need for policy compliance, a compliance plan(s), compliance tool(s), compliance report(s), and compliance standards. We hope that you will find this information valuable and worth passing along to your organization’s IT management responsible for maintaining alignment with your operations compliance requirements.

We hope you find this information helpful…..

Filed Under: Auditing Tagged With: compliance plan, compliance report, compliance standards, compliance tool, IT compliance, IT compliance audit, operations compliance, policy compliance

Dr. Marc H. Siegel, ASIS Commissioner, Clarifies PS-PREP and Standards Position

November 5, 2009 By Continuity_Compliance Leave a Comment

Dr. Marc H. Siegel, an ASIS Commissioner, has just published a response to a recent article authored by Paul Kirvan (Read Mr. Kirvan’s article) that was posted on the Continuity Central website, and, which claimed that there was a “… collaborative standards development by ASIS International (ASIS) and the British Standards Institution (BSI)”.

Dr. Siegel thanked Continuity Central for giving him an opportunity to state his position on the intent of the PS-Prep program and thus hopefully clear up some of the confusion generated by Mr. Kirvan’s original statements.

To summarize the issues raised and positions taken by Dr. Siegel, we quote his final remarks to say, ”In the end, the intent of the PS-Prep program is improved private sector preparedness. It should not be about turf wars, excluding standards, approaches and disciplines. It should not be about the government picking winners and losers. It should not be a stimulus package for consultants, trainers and certification bodies. The focus needs to turn to how the private sector organizations can become better prepared in the most cost-effective fashion.”

You can read Dr. Siegel’s article and then we suggest that you pass it along to team members of your organization who are addressing the compliance framework and business continuity standards topic in their efforts to better the preparedness requirements unique to the business of your organization.

This topic of PS-Prep will be debated over the next several months .. so be sure to pass along your comments as requested by the DHS and referenced in earlier postings on this website.

Filed Under: PS-Prep Program Tagged With: ASIS International, BSI, Business Continuity Standards, compliance framework, DHS, PS-Prep

PS-Prep Comment Period Extended

November 4, 2009 By Continuity_Compliance Leave a Comment

The Department of Homeland Security (DHS) and its Federal Emergency Management Agency (FEMA) announced that the comment period that was originally established as October 16, 2009 in the Federal Register Notice (74 FR 53286) has now been extended to January 15, 2010.

To better facilitate the comment process, DHS and FEMA also provided a list of dates, times and locations for public meetings where the public will have an opportunity to engage in dialogue with DHS staff and program managers over the DHS’ intent to select three standards for adoption in the PS-Prep program. Those three standards are ASIS SPC.1-2009, BS25999, and NFPA 1600.

The PS-Prep is a partnership between DHS and the private sector that will enable private entities to receive emergency preparedness certification from a system DHS created in coordination with the private sector.

Please pass this related compliance information to all in-house business continuity team members who are also responsible for not only compliance assessment duties, but also, implementing appropriate emergency preparedness capabilities to their organization.

For more information and details about this announcement, please click here.

Filed Under: PS-Prep Program Tagged With: compliance assessment, compliance information, DHS, FEMA, PS-Prep

Public Comments on Disaster Recovery are Solicited by New Website Launched by DHS and HUD

November 4, 2009 By Continuity_Compliance Leave a Comment

Housing and Urban Development (HUD) and Department of Homeland Security (DHS) recently announced the launch of a new interagency website called “Disaster Recovery Work In Group“. The purpose of the site is to allow federal disaster recovery officials to solicit public comments regarding disaster recovery from state, local and tribal partners and the public.

That information will be utilized by the federal government’s newly formed Long Term Disaster Recovery Working Group so as to: (1) allow stakeholders to submit ideas for disaster recovery, (2) articulate objectives for recovery assistance going forward, (3) identify examples of best practices in disaster recovery, (4) raise challenges and obstacles to the success of disaster recovery progams and activities, and (5) share thoughts, experiences and lessons learned with others who are involved in these disaster recovery planning and implementing activities.

To read the official press release from HUD and DHS about this website launch, CLICK HERE.

As part of your organization’s business continuity and compliance training efforts, send this message to members of your in-house disaster recovery planning teams , so that this new site becomes a regularly reviewed agend item for their meetings.

Filed Under: Business Continuity Info Tagged With: compliance training, DHS, disaster recovery and business continuity, HUD

Institute of Environmental Security Announces Climate Change Impact Warning

November 3, 2009 By Continuity_Compliance 1 Comment

In a recent press release from the IES, military experts from five continents announce a warning of the impact of climate change on security. The statement, presented at a meeting on October 29, 2009 at Brookings in Washington, and issued simultaneously in Brussels, Dhaka, Georgetown, London, New Delhi and The Hague, says that “incremental, and at times, abrupt climate change is resulting in an unprecendented scale of human misery, loss of biodiversity and damage to infrastructure with consequential security implications that need to be addressed urgently.” To read the entire press release, click here.

The Institute for Environmental Security (IES) is an international non-profit non-governmental organisation established in 2002 in The Hague, with representatives in Brussels, London, Beirut, California, New York, Toronto and Washington, DC.

This “knowledge and action network” was set up to increase political attention to environmental security as a means to help prevent conflict, instability and unrest.

IES Mission

The Institute’s mission is: “To advance global environmental security by promoting the maintenance of the regenerative capacity of life-supporting eco-systems.”

Its multidisciplinary approach integrates the fields of science, diplomacy, law, finance and education. Activities are designed to provide policy-makers with a methodology to tackle environmental security risks in time, in order to safeguard essential conditions for peace and sustainable development.

The relation between the environment and the security of humans and nature has been the subject of much research in recent decades, and is now becoming an important focus of international environmental policy. Click here to read a 2-page overview on environmental security written by Michael Renner.

The following publication by the Institute is also recommended environmental compliance reading for any organization facing environmental security issues – Introduction to the Concepts of Environmental Security and Environmental Conflict.

Filed Under: Environmental Security Tagged With: climate change, environmental compliance, Environmental Security

PS-PREP Reminder: Comments Due by Nov 15th

November 3, 2009 By Continuity_Compliance Leave a Comment

The Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA) are soliciting feedback from citizen’s, organizations, and businesses on the proposed selection of the three standards to be used by the PS-PREP Program as the basis for general business certification.

Everyone is encourged to provide feedback on this very important issue. Comments may be submitted to http://www.regulations.gov/search/Regs/home.html#home (Identify Docket ID FEMA-2008-0017).

And, be sure to remind your risk management and compliance standards team members in your organization of the importance of this PS-PREP program to their business conitnuity planning and compliance risk mitigation efforts.

Filed Under: PS-Prep Program Tagged With: business continuity planning, compliance risk, compliance standards, Department of Homeland Security, DHS, FEMA, PS-Prep, risk management