February 5, 2012

Posts Comments

You are here: Home / 2010 / Archives for June 2010

ANAB Now Accepting Applications

June 30, 2010 By Leave a Comment

by:  Donald Byrne, CBCP, CDCP, CBRO-M, Lead Auditor, Adjunct Professor, Boston University

As discussed in previous postings on this website, ANAB is now accepting applications from recognized Certification Bodies (CB’s) for participation in the PS-Prep program. It will be interesting to see which firms move to enter this marketplace. 

Clearly the pace of the PS-Prep program is picking up momentum. This is an important announcement because only accredited CB’s can perform internationally recognized and accepted certification audits (sometimes called registrations).

Expect to see some CBs apply for accreditation for only one or two of the four approved standards (remember – both NFPA 1600 : 2007 and 2010 have been approved); while others will likely signup for all four. 

Keep tune to continuitycompliance.org for more details as this story unfolds. 

To see the ANAB announcement, follow this link: http://www.anab.org/media/19702/hu182.pdf

Please pass this information along to those business continuity, PS-Prep program and/or risk management team members in your organization.

Filed Under: PS-Prep Program Tagged With: , , , ,

Business Continuity Planning Attracting More Attention from U.K. Insurers

June 30, 2010 By Leave a Comment

As reported in a recent article posted on the Continuity Forum website, insurers in the U.K. are sharpening their focus on business continuity planning being at the heart of an organization’s planning strategies and action plans for a response to the many risks facing business in general.  Our staff believes similar concerns are shared in the U.S. over this same issue. 

Experience in New York following 9/11 and generally in areas ravaged by the recent floods indicate that Small and Midsized Enterprises (SME’s) are the most vulnerable to the effects of business disruption, suffering far more than their Multi-National cousins or counterparts.  And even more important are recent findings in both the U.S. and U.K. that most SME’s are failing to ensure even basic preventive planning for disruption to their businesses and are also likely to have the lowest levels of appropriate insurance coverage or Business Continuity provisions in those insurance plans.  Research in both the U.S. and U.K. indicates that with less or no business continuity planning in place for those SME’s, costs and time to recovery increase. 

Because of that potential increased cost burden, some people believe that this move is part of a broader drive within government and the Insurance industry to shift more of the responsibility back from the Insurers to the organizations themselves. 

There is little doubt that insurers and governments are becoming more concerned about those future potential and increasing costs – in the future, organizations will have to do a better job in planning for and recovering from disruptive events, incidents or disasters  — or perhaps, governments and the insurance industry will come up with a more effective way to make those organizations do just that. 

What are your thoughts about this?  Do you see it as a potential trend and reality for SME’s?  If it becomes some sort of obligation or regulation for business continuity planning to be at the heart of any organization’s strategic planning in the U.K., will the same follow here in the U.S.?

Click here to read this informative article, and share your comments with our BC and Compliance readership community. 

If applicable, please pass this information along to the business continuity and risk management team members in your organization.

Filed Under: Business Continuity Info Tagged With: , , , , , ,

Business Continuity — New Guidance Document Released by BCI

June 29, 2010 By Leave a Comment

This month, the Business Continuity Institute (BCI) has released a new guidance and overview document to the BC community.

The document is entitled, Business Continuity Management – Legislations, Regulations and Standards – Version 4 – June 2010”.

BCI states that this document is a response to questions regularly asked by its members and other interested parties about current legislation, regulation and standards that exist nationally and internationally for Business Continuity Management.

The document is presented in the following four (4) sections:

Legislation:  Government laws which include aspects of Business Continuity Management by name or are sufficiently similar in nature (Disaster Recovery, Emergency Response, Crisis Management) to be treated as BCM legislation for this purpose.  To be included in this category they must be legally enforceable legislation passed by a national, federal, state or provincial government depending upon the legal structure in each particular country.

Regulation:  Mandatory rules or audited guidance documents from official regulatory bodies in all sectors such as Financial Services, Energy, Oil and Gas, which could reasonably be construed as having some implications on an organization’s BCM provisions.  General help, guidance and suggestions are included under Guidelines.

Standards:  Official standards from national (and international) accredited standards bodies which relate to Business Continuity as a whole or specific related subset such as IT Service Continuity.  The list also includes standards for different but related topics (like Information Security) when BCM is included only as a minor requirement for compliance.  “Standards” that are issued by 3rd parties or professional groups will only be included if they are ratified by an accredited national standards body or accredited directly by a national accreditation service affiliated to the International Accreditation Forum (IAF).

Guidelines:  Guidelines published as good (or best) practices by various authoritive organizations.  These documents may form part of a wider set of advice provided by a professional body for whom BCM is only a peripheral activity, or alternatively they might be issued by a BCM professional body as general guidance either locally or internationally.  They will provide no mandated rules but will be used and recognized as credible by BCM professionals.

Click here to read the full document.

Please pass this information along to those business continuity, risk management, information security team members in your organization.

Filed Under: Business Continuity Info, Regulatory Compliance, Standards & Best Practices Tagged With: , , , , , , , , , , , , ,

Business Continuity Suite Offering for Travelers Facing Unexpected Events

June 26, 2010 By Leave a Comment

As a follow-up to one of our past articles concerning the ongoing business continuity and risk management objectives for organizations and their employees and how they are affected by disasters or incidents (e.g. the recent Icelandic volcanic eruption and crisis), one of our readers suggested that we revisit the topic and try to keep the attention and focus of our readers over the need to mitigate this risk management issue facing many organizations today.

To satisfy that request, we would like to present a recent press release issued by the American Express that talks about and demonstrates the importance of having a continuous information exchange between corporate security, travel, finance and other departments combined with the creativity and persistence of experienced travel counselors and the individual who is facing the challenge of managing through unexpected situations.

We ask our readers to contribute their own ideas, comments and perhaps suggested alternative resources similar to the business continuity suite of products being offered by the American Express Business Travel group.  Also, if you have utilized this AMEX business continuity suite of services, please share your opinions and experiences with our business continuity community.

Click here to read the full press release.

If applicable, please pass this posting along to those business continuity and risk management team members in your organization.

Filed Under: Business Continuity Info Tagged With: , , , , , , , ,

ISO 20000-1: Common Misconceptions

June 24, 2010 By Leave a Comment

Over the last several weeks, our staff has received inquiries from our readers regarding the ISO 20000-1 standard, and the need to clarify some common misconceptions between ITIL and ISO 20000-1.

To best address that request, we welcome Subrata Guha to our website as a guest writer and author of a recent whitepaper entitled, “ISO 20000-1: Common Misconceptions”.

Subrata Guha is the Director of IT Services, at UL DQS Inc. and for over 20 years has had hands on experience on the full lifecycle of IT services management processes.  We hope that we can share more of Subrata’s writing talents with our readership in the future and we thank him for his contribution of content to assist in fulfilling the needs of our IT Service Management community.

Click the link below to access Mr. Guha’s whitepaper…

Misconceptions about ISO 20000-1

Please pass this information along to those individuals or team members in your organization, who are responsible for the  IT service management processes, needs and requirements within that organization.

Filed Under: Risk Management, Standards & Best Practices Tagged With: , , , , ,

Risk Management and "George Costanza"

June 23, 2010 By Leave a Comment

Many of our readers inform us that as risk management team members in their organization, communicating the concept of business continuity and/or risk management remains a constant challenge for them –  i.e., to both fellow employees in their organization as well as to friends and associates, when telling them about what they do at work.

Our staff agrees that explaining risk management as a critical concept in the business continuity and/or organizational resiliency plan of their organization is an ongoing task that must be not only be communicated well but also must be continuously monitored and re-evaluated as risk environments can change very suddenly and without notice.

Whether you were simply promoted into your risk manager position, or you arrived in that position without any formal training  – i.e. you got there by accident—this website would like to offer a lighter side to the seriousness of dealing with the subject of risk management.  We ask our readers to view a YouTube video from an episode of Seinfeld addressing how George Costanza had to learn about risk management when working for the New York Yankees. 

Hopefully, after viewing this video you may have a better understanding of the fact that for many people this Seinfeld episode was and still may be the only exposure they ever had to the risk management concept.  We also would hope that this video clip will help you to gain more attention to the more serious subject of risk managment and in the end present an opportunity for risk managers to better address the critical importance  that risk management plays in the resilience of organizations.

As a result of viewing the video, our readers may then want to go back and revisit those individuals whom they tried to educate before regarding risk management and now ask them the question “How much of “George Costanza” is still in them and their understanding and knowledge of risk management“? 

Click here to view the complete video clip. 

We do advise that this website cannot assume any responsibility for and violation of privacy  issues received by our readers when linking to the YouTube website.

As always we welcome your thoughts and comments on this posting and we ask that you please pass this information along to those risk management team members in your organization.

Filed Under: Business Continuity Info, Organizational Resiliency Tagged With: , , ,

2010 Business Continuity Benchmark Report Released by Marsh

June 21, 2010 By Leave a Comment

Marsh’s 2010 Business Continuity Benchmark Report examines the perceptions of business continuity management (BCM) of over 220 business continuity and risk managers from 11 industry sectors, including financial services and manufacturing, across Europe, the Middle East and Africa (EMEA).

While representing only part of the world’s territories and just 11 industry sectors, our staff believes that this new research published by Marsh in a report titled “2010 EMEA Business Continuity Benchmark Report” contains valuable information including the perceptions of business continuity management of over 220 business continuity and risk managers.  This report can also assist our organizations who face constantly changing business environments and are required to have effective business continuity plans to respond to potential threats not only to their operations, but just as importantly to their people and supply chains.

These results show that firms value BCM much more highly than when we last conducted this survey two years ago. However, our experience is that many organizations overrate their BCM capabilities and their perceptions often do not match reality,” explained Hugh Morris, managing consultant in Marsh Risk Consulting. “The more obvious nature of physical supply chain risks is apparent to manufacturing firms, while only the most advanced financial services firms realize how important and vulnerable their supply chain can be”.

One of the more interesting observations we would like to point out from this report is that “…Although 83 percent of respondents believed that business continuity management was integral to their risk management and that it was understood and supported by senior management, only 41 percent said that it had given them a better understanding of their business. Moreover, just 29 percent felt that it had led to improved risk-intelligent decision-making”.

As you read this report, we are certain that each of our readers will take away relevant and meaningful information that can be brought back to their own organization’s efforts to achieve organizational resiliency.

Click here to read the full report and also check out the  Marsh website.

Please share your thoughts with our business continuity community – and pass this information along to the business continuity, risk management  team members in your organization.

Filed Under: Business Continuity Info Tagged With: , , , , , , , , ,

BP’s e-Discovery Challenges

June 20, 2010 By Leave a Comment

In past postings on this website, our staff has tried to bring the attention of our readers to the topic of e-Discovery, and the potential risks involved, and, — if not properly mitigated with effective and timely responses – the probable negative burden that a discovery process will have on any organization’s assets and/or resources.

Aside from all of the obvious damages stemming from the BP oil spill in the Gulf of Mexico, we believe that another less obvious challenge is facing BP – and that challenge is e-Discovery.

Even for those organizations not in the oil industry, we present the premise that there may be important lessons to learn in observing the ongoing developments of the discovery process in the pending litigation against BP over the next several months and the role that e-Discovery plays in those processes.

We also believe that surrounding this BP disaster recovery effort, there is an associated argument that clearly demonstrates the need for companies – especially global companies – to have a strong eDiscovery plan and/or policy in place as part of their total organizational resiliency and preparedness strategy.

We recommend reading a recent article written by Rob Ameerun where Digital Reef’s Steve Akers was interviewed about the e-Discovery challenges that face BP after the oil spill disaster in the Gulf region. Steve talks about the best strategy, information governance, and Early Case Assessment.

Pass this information along to your organization’s in-house counsel and risk management or business continuity team leaders.

Click here to read more about Steve Akers comments on this topic.

Filed Under: Information Security, PS-Prep Program, Regulatory Compliance Tagged With: , , , , , , ,

Preparing for PS-Prep

June 19, 2010 By Leave a Comment

In a recent article written by Bob Connors, posted on the America First website and entitled “Preparing for PS-Prep – Voluntary Private Sector Preparedness Certification”, we came across a great summary of past events/content and hopefully future events/content which will help our readers better understand the current state of PS-Prep, the expectations of the future state of PS-Prep, and what this PS-Prep program  is and what it is not.

First of all Mr. Connors wants to make it very clear that PS-Prep “…will not and is not intended to prevent a disaster like the BP oil spill in the Gulf of Mexico”. 

He goes on to state that while there is a risk management element to PS-Prep addressing risk assessment and mitigation strategies, we should not be fooled into thinking that PS-Prep could have prevented a disaster like the BP oil spill. 

He continues to make a strong point that PS-Prep will enable businesses to be prepared to respond to and recover from a disaster and will also be enabled to resume normal business operations effectively and efficiently.

Much of the content stated in this article attempts to address the basic premise and answer a question that occurs when you are trying to assess an organization’s level of preparedness or resiliency — i.e. how do you know, measure or realistically tell if that company is as resilient as they might say they are?

Mr. Connors also suggests a few requirements that he believes to be key to the success of PS-Prep:

  1.  Allow for a maturity model certification process so that small-medium sized businesses don’t have to the same levels of requirements as larger companies.
  2. Allow for professionals in the business continuity and risk management field –i.e. do this for a living – to review and comment on the proposed standards.
  3. Allow for self-assessments so that small so that small –medium sized businesses can benefit.
  4. Allow businesses/industries who have regulatory requirements in place and which meet or exceed the proposed PS-Prep standards to achieve certification instead of going through a different process.
  5. Provide incentives and information to help build a strong business case in support of PS-Prep certification.

Our staff likes a lot of what Mr. Connors has to say in this article and believes it should be added to the library of content and required reading for all business continuity and risk management team members in organizations.

In summary, we would like to again take the following advice from this article—

“It’s time to get knowledgeable about PS-Prep and position your business to achieve certification of compliance for one of the approved standards. The 21st Century incidents are increasing in frequency, scale, and consequence and the private sector needs to be prepared to bounce back and help our nation recover.

If that’s not compelling enough, consider that we may be one crisis away from this voluntary program becoming mandatory.”  

Click here to read the full article by Bob Connors.

Many of our readers rely on our consistent and timely posting of relevant and valuable content regarding the DHS PS-Prep program.  We welcome any and all comments, critiques, and suggested improvements to help us continue to do so.

Filed Under: PS-Prep Program Tagged With: , , , , , , , , , , , , , , , ,

Hurricane Preparedness Myths Dispelled

June 18, 2010 By Leave a Comment

In a recent article posted on the FloridaRealEstateRama Florida website, several myths are dispelled and new facts are offered by The Institute for Business & Home Safety (IBHS) regarding the critical disaster safety topic of hurricane preparedness. 

In our efforts to expand the awareness of and need for preparedness activities of organizations, we fully recognize the role that individual employees of those organization play in support of those organizational driven business continuity and risk management actions. 

Therefore to help both organizations and individuals increase their levels of hurricane preparedness and awareness levels, we recommend adding this information to their preparedness reference content library.  We also recommend adding this information to your PS-Prep related reading  requirements list.

Click here to read the full IBHS article.

Filed Under: Business Continuity Info, PS-Prep Program, Safety Tagged With: , , , , ,
« Older Posts