Can Resilience be Enshrined in a Standard?

July 20, 2010

Several posting on this website have dealt with the topic of resilience and in particular, the attainment of organizational resiliency.  We have also seen in our research on this topic, a growing sense of  interest and focus on even substituting the word “resilience” for “continuity” — and, while we believe there is still a lot of debate and decision making regarding the use of resilience in our business continuity methodologies,  our attention was focused on an article on the topic written by Leslie Whittet, posted on the Continuity Central website and entitled “Some Thoughts on Resilience”.

We believe this article is worth reading if you are currently involved in  debating the definition of resilience, and how it may apply to your organization’s business continuity planning efforts.

Another reason we think that this article is timely in its own way, is because of a claim voiced by Leslie Whittet when she takes this debate head on by stating that she “… has observed that there are various interest groups who have seized upon the concept of resilience as the next wave in the risk versus BCM versus crisis response, etc. debate”.   Perhaps you may or may not agree with her observation(s)  but we do believe that she does a good job in trying to prove her point that resilience cannot and should not be enshrined in a standard.  As always, your comments on this point will be appreciated.

Would the business continuity managers in your organization agree with Ms. Whittet’s  definition of resilience as “a concept achieved through the development and implementation of a number of clearly definable components.”? 

Some of the diagrams, analogies  and reasoning methods Ms. Whittet uses to support her conclusions are well thought out and would also be interesting elements to introduce to your business continuity management team meetings.

After reading this article, we hope that you will have an opinion to share regarding Ms. Whittet’s original purpose of writing her article – i.e. to demonstrate that resilience is not something that can be enshrined in a standard.

Click Here to read the full article.

PS-Prep Career Options Webinar

July 16, 2010

This NEWS website, ContinuityCompliance.Org in combination with several professional organizations is sponsoring a series of educational webinars dealing with current topics in the fields of Business Continuity, Security Management, and Regulatory Compliance. 

The first of these webinars will be held on July 27, 2010 at 11 AM (Eastern) and is entitled: 

Career Options and the PS-Prep Program 

In this webinar, experts from the ANSI National Accreditation Board (http://www.anab.org/), National Quality Assurance (http://www.nqa-usa.com/), and two practicing auditors from North Rivers Solutions (http://www.northriversolutions.com/) and Radian Compliance (http://www.radiancompliance.com/) will discuss how the PS-Prep Program may represent a career opportunity for those interested in internal auditing, external auditing, or consulting careers related to the PS-Prep Program. 

Who Should Attend

If you are a professional in the emergency response, crisis management, business continuity, regulatory compliance, internal auditing, ISO Standards, or disaster recovery business and have an interest in knowing more about auditing careers, both internal and Program, you can’t afford to miss this free webinar. 

Please click here to register for this free webinar.

Emergency Plans and Behavioral Accuracy

July 15, 2010

Our staff always tries to find referenced articles, books and general Internet postings which support the topics of business continuity, risk management and disaster recovery.  While doing so, we often focus on a particular segment of those broad categories that reflects the general inquiries and comments we receive from our readership.

According to our readership, testing your plan and how best to do that remains one of the top areas of interest for us to research – and – whether it be a table top exercise held by an organization or a fully fledged  community sponsored testing event, the question regularly asked is “How will we know how our people will react in a disaster or serious disruption incident?”

At the end of the day, we often conclude that the topic of “behavioral assumptions” in exercise planning remains one of the more difficult challenges to overcome by risk management and emergency preparedness and response team members in many (if not all) organizations worldwide.

Our research on this topic brings us often to articles written by Steven Crimando, and today we would like to focus your attention to a recent article by Mr. Crimando that was published in the Disaster Recovery Journal less than six (6) months ago. 

In February of this year Steven Crimando co-authored an article with Marv Wainschel entitled, “Perfect Practice Makes Perfect”.

One of the main messages that Mr. Crimando stresses in this article is that “….Under stress, we perform as we have practiced.  And, for practice to be useful, we must be certain to rehearse the response to a threat or hazard accurately.  The bottom line is that, “Practice doesn’t make perfect.  Perfect practice makes perfect”.”

Our staff believes that you will find Mr. Crimando’s article both an informative and a useful addition to the reference libraries of your organization’s business continuity, disaster recovery and /or risk management teams.

We also believe that the information in this article can be applied to the private sector preparedness activities and exercise planning under the PS-Prep program.

Click here to read the full article.

Business Continuity Testing Guidance

July 14, 2010

In the past, our staff has often referred our readers to articles and postings by Paul Kirvan, FBCI, CBCP, CISSP.  Many of his articles are posted on the SearchDisasterRecovery.com website and today our staff would like to ask our readers to revisit what we believe to be a particularly useful article published by Mr. Kirvan about 11 months ago.  The article is entitled, “Business Continuity Testing Templates: A Free Download and Guide”. 

We are certain that all of our readers agree that business continuity and disaster recovery plans are useless until you test them. And, while many types of tests are possible, the key to business continuity testing success is to incorporate testing those plans as a part of the overall business continuity management and disaster recovery management process.  We think that having a resource for helping you establish your own organization’s BC tests as soon as possible will also help you achieve that objective faster, better and with less expenditure by your organization. 

Be sure to view and download the free business continuity and disaster recovery testing template offered by Mr. Kirvan and pass that information along to those risk management team members in your organization to be included as content for their reference libraries.

 The BC testing template includes the following areas of focus in its table of contents:

1. An introduction to business continuity testing
2. Using our business continuity testing template
3. Business continuity testing terms
4. Effective business continuity/disaster recovery testing strategies. 

To read the full article and access the free download, CLICK HERE

Checklist Offered to Mitigate Project Related Risk Factors

July 9, 2010

Our staff would like to pass along a suggestion recently received from one of our readers involving a checklist that helps to identify risk factors in a project.

This project risk factor checklist is posted on the TechRepublic website and may help our readers assess and minimize the risk potential inherent in many organizational projects. 

Click here to download and view the full checklist.

If you found this information valuable, please pass it along to those risk management and preparedness team members in your organization.

Standards New Zealand and Australia Publish New Business Continuity Standard

July 8, 2010

The New Zealand and Australia standards groups has made available a new business continuity standard titled – “AS/NZS 5050: 2010 Business Continuity”.

According to Standards Australia:

“The Standard describes the application of the principles, framework and process for risk management, as set out in AS/NZS ISO 31000:2009, to disruption-related risk. Managing such risk effectively will help maintain continuity of an organization’s business . The approach has drawn on, but of necessity goes beyond, many of the concepts that in the past may have been described as ‘business continuity management’ or ‘BCM’.”

The standard can be purchased as a PDF or as a hard copy.

http://standards.co.nz/

http://infostore.saiglobal.com/store2/Details.aspx?ProductID=1409610

If applicable, please pass this information along to those business continuity and risk management team members in your organization, and, share your comments with this website’s business continuity community of readers.

Emergency Management Planning and Business Continuity Planning

July 7, 2010

In a recent article posted by Paul Kirvan and posted on the SearchDisasterRecovery.com website, Mr. Kirvan presents information showing how business continuity professionals can be more actively in emergency management planning activities for their organization.

We hope that by stressing the importance of emergency management planning activities and processes, every organization will be better prepared “to prevent, mitigate, prepare for, respond to, and recover from an incident that threatens life, property, operations or the environment.” (…as quoted from the definition of emergency management by the National Fire Protection Association No. 1600 (NFPA1600).

Our staff  believes the information presented in this posting qualifies to be part of the required reading for those emergency management planners as well as those business continuity, disaster recovery and emergency response team members in any organization.

Click here to read the full article.

Human Aspects Key to Business Continuity Program Success

July 6, 2010

One of our often referenced business continuity management (BCM) websites is that of Continuity Central and today our staff would like to point the attention of our readers to a recent posting on that website dealing with the human aspects of business continuity management.  The BCM information presented comes from a report generated from a recent Business Continuity Institute (BSI) workshop and best of all it is offered free of charge.

The report details the following six (6) presentations from that workshop:

                Why Plan for People?

                So What is “Duty of Care”?

                People in BS25999

                Managing and Motivating during Recovery

                Psychological Impacts of Disruption

                Case Study – Bringing It All Together

…along with the following three (3) discussion exercises:

                BCM and HR – Working Together

                People Issues as Drivers for BCM

                Top Tips for Recovery Planning

We hope you find this information valuable and useful in the support of your own organization’s business continuity program efforts.  And, we ask that you please pass this along to those BC, risk management, disaster recovery and emergency response specialists and team members in your organization.

Click here to download and read the full report.

Business Continuity Planning Attracting More Attention from U.K. Insurers

June 30, 2010

As reported in a recent article posted on the Continuity Forum website, insurers in the U.K. are sharpening their focus on business continuity planning being at the heart of an organization’s planning strategies and action plans for a response to the many risks facing business in general.  Our staff believes similar concerns are shared in the U.S. over this same issue. 

Experience in New York following 9/11 and generally in areas ravaged by the recent floods indicate that Small and Midsized Enterprises (SME’s) are the most vulnerable to the effects of business disruption, suffering far more than their Multi-National cousins or counterparts.  And even more important are recent findings in both the U.S. and U.K. that most SME’s are failing to ensure even basic preventive planning for disruption to their businesses and are also likely to have the lowest levels of appropriate insurance coverage or Business Continuity provisions in those insurance plans.  Research in both the U.S. and U.K. indicates that with less or no business continuity planning in place for those SME’s, costs and time to recovery increase. 

Because of that potential increased cost burden, some people believe that this move is part of a broader drive within government and the Insurance industry to shift more of the responsibility back from the Insurers to the organizations themselves. 

There is little doubt that insurers and governments are becoming more concerned about those future potential and increasing costs – in the future, organizations will have to do a better job in planning for and recovering from disruptive events, incidents or disasters  — or perhaps, governments and the insurance industry will come up with a more effective way to make those organizations do just that. 

What are your thoughts about this?  Do you see it as a potential trend and reality for SME’s?  If it becomes some sort of obligation or regulation for business continuity planning to be at the heart of any organization’s strategic planning in the U.K., will the same follow here in the U.S.?

Click here to read this informative article, and share your comments with our BC and Compliance readership community. 

If applicable, please pass this information along to the business continuity and risk management team members in your organization.

Business Continuity — New Guidance Document Released by BCI

June 29, 2010

This month, the Business Continuity Institute (BCI) has released a new guidance and overview document to the BC community.

The document is entitled, “Business Continuity Management – Legislations, Regulations and Standards – Version 4 – June 2010”.

BCI states that this document is a response to questions regularly asked by its members and other interested parties about current legislation, regulation and standards that exist nationally and internationally for Business Continuity Management.

The document is presented in the following four (4) sections:

Legislation:  Government laws which include aspects of Business Continuity Management by name or are sufficiently similar in nature (Disaster Recovery, Emergency Response, Crisis Management) to be treated as BCM legislation for this purpose.  To be included in this category they must be legally enforceable legislation passed by a national, federal, state or provincial government depending upon the legal structure in each particular country.

Regulation:  Mandatory rules or audited guidance documents from official regulatory bodies in all sectors such as Financial Services, Energy, Oil and Gas, which could reasonably be construed as having some implications on an organization’s BCM provisions.  General help, guidance and suggestions are included under Guidelines.

Standards:  Official standards from national (and international) accredited standards bodies which relate to Business Continuity as a whole or specific related subset such as IT Service Continuity.  The list also includes standards for different but related topics (like Information Security) when BCM is included only as a minor requirement for compliance.  “Standards” that are issued by 3^rd parties or professional groups will only be included if they are ratified by an accredited national standards body or accredited directly by a national accreditation service affiliated to the International Accreditation Forum (IAF).

Guidelines:  Guidelines published as good (or best) practices by various authoritive organizations.  These documents may form part of a wider set of advice provided by a professional body for whom BCM is only a peripheral activity, or alternatively they might be issued by a BCM professional body as general guidance either locally or internationally.  They will provide no mandated rules but will be used and recognized as credible by BCM professionals.

Click here to read the full document.

Please pass this information along to those business continuity, risk management, information security team members in your organization.

Next Page »

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.