E-Discovery – Compliance and Privacy Challenges

July 27, 2010

One of our readers recently brought our attention to the Legal Talk Network website and recommended that we pass along the fine reporting work this website provides its readership regarding the topic of e-Discovery.

Our staff agrees and recommends that anyone trying to keep current on this controversial risk management topic should visit and benchmark this website as well as pass this information to the business continuity and risk management team members in their organization.

Click here to listen to a recent podcast of host Gina Jytyla, Managing Staff Attorney in the Legal Technologies division at Kroll Ontrack, as she welcomes Kimberly Marin, Security Analyst and E-Discovery Specialist with the Hershey Company and Nasar Ali, Legal Consultant for Kroll Ontrack, to discuss key milestones in the history of e-discovery.

PS-Prep Career Options Webinar

July 16, 2010

This NEWS website, ContinuityCompliance.Org in combination with several professional organizations is sponsoring a series of educational webinars dealing with current topics in the fields of Business Continuity, Security Management, and Regulatory Compliance. 

The first of these webinars will be held on July 27, 2010 at 11 AM (Eastern) and is entitled: 

Career Options and the PS-Prep Program 

In this webinar, experts from the ANSI National Accreditation Board (http://www.anab.org/), National Quality Assurance (http://www.nqa-usa.com/), and two practicing auditors from North Rivers Solutions (http://www.northriversolutions.com/) and Radian Compliance (http://www.radiancompliance.com/) will discuss how the PS-Prep Program may represent a career opportunity for those interested in internal auditing, external auditing, or consulting careers related to the PS-Prep Program. 

Who Should Attend

If you are a professional in the emergency response, crisis management, business continuity, regulatory compliance, internal auditing, ISO Standards, or disaster recovery business and have an interest in knowing more about auditing careers, both internal and Program, you can’t afford to miss this free webinar. 

Please click here to register for this free webinar.

Business Continuity — New Guidance Document Released by BCI

June 29, 2010

This month, the Business Continuity Institute (BCI) has released a new guidance and overview document to the BC community.

The document is entitled, “Business Continuity Management – Legislations, Regulations and Standards – Version 4 – June 2010”.

BCI states that this document is a response to questions regularly asked by its members and other interested parties about current legislation, regulation and standards that exist nationally and internationally for Business Continuity Management.

The document is presented in the following four (4) sections:

Legislation:  Government laws which include aspects of Business Continuity Management by name or are sufficiently similar in nature (Disaster Recovery, Emergency Response, Crisis Management) to be treated as BCM legislation for this purpose.  To be included in this category they must be legally enforceable legislation passed by a national, federal, state or provincial government depending upon the legal structure in each particular country.

Regulation:  Mandatory rules or audited guidance documents from official regulatory bodies in all sectors such as Financial Services, Energy, Oil and Gas, which could reasonably be construed as having some implications on an organization’s BCM provisions.  General help, guidance and suggestions are included under Guidelines.

Standards:  Official standards from national (and international) accredited standards bodies which relate to Business Continuity as a whole or specific related subset such as IT Service Continuity.  The list also includes standards for different but related topics (like Information Security) when BCM is included only as a minor requirement for compliance.  “Standards” that are issued by 3^rd parties or professional groups will only be included if they are ratified by an accredited national standards body or accredited directly by a national accreditation service affiliated to the International Accreditation Forum (IAF).

Guidelines:  Guidelines published as good (or best) practices by various authoritive organizations.  These documents may form part of a wider set of advice provided by a professional body for whom BCM is only a peripheral activity, or alternatively they might be issued by a BCM professional body as general guidance either locally or internationally.  They will provide no mandated rules but will be used and recognized as credible by BCM professionals.

Click here to read the full document.

Please pass this information along to those business continuity, risk management, information security team members in your organization.

BP’s e-Discovery Challenges

June 20, 2010

In past postings on this website, our staff has tried to bring the attention of our readers to the topic of e-Discovery, and the potential risks involved, and, — if not properly mitigated with effective and timely responses – the probable negative burden that a discovery process will have on any organization’s assets and/or resources.  

Aside from all of the obvious damages stemming from the BP oil spill in the Gulf of Mexico, we believe that another less obvious challenge is facing BP – and that challenge is e-Discovery.

Even for those organizations not in the oil industry, we present the premise that there may be important lessons to learn in observing the ongoing developments of the discovery process in the pending litigation against BP over the next several months and the role that e-Discovery plays in those processes.

We also believe that surrounding this BP disaster recovery effort, there is an associated argument that clearly demonstrates the need for companies – especially global companies – to have a strong eDiscovery plan and/or policy in place as part of their total organizational resiliency and preparedness strategy.

We recommend reading a recent article written by Rob Ameerun and posted on the Legal IT Professionals website where Digital Reef’s Steve Akers was interviewed about the e-Discovery challenges that face BP after the oil spill disaster in the Gulf region. Steve talks about the best strategy, information governance, and Early Case Assessment.

Pass this information along to your organization’s in-house counsel and risk management or business continuity team leaders.

Click here to read the full interview.

Risk Management: BS ISO 31000 vs. BS 31100

June 14, 2010

Several inquiries have reached the attention of our staff regarding BS ISO 31000 and its related code of practice BS 31100, since we recently posted an article regarding the Icelandic Volcano eruption as measured through the lens of ISO 31000.

To respond to those requests, we would like to state that BS ISO 31000 is the international standard for risk management and provides principles and guidelines to the subject.  And, BS 31100 is a code of practice that compliments BS ISO 31000.  BS 31100 also gives additional guidance to risk management that is not covered in the international standard.

The documents take an almost identical approach to risk management but some of the headings and terms used are different.

For those readers more interested in this topic we suggest you click here to view the BSI Workshop website and read what they have to say about these documents and see how they differ regarding the risk management process.

Hopefully you will find this interesting enough to pass along to those risk assessment team members in your organization(s)……

If you have any comments on these documents, please share them with our business continuity and risk management community of readers of this website.

ISO 31000 Perspective of the Icelandic Volcano Crisis

June 10, 2010

One of our readers suggested that we follow up our recent blog posting entitled, “ISO 31000:2009 – New Risk Management Standard” with a reference to a related article written by Kevin W. Knight and posted on the International Standards for Business, Government and Society website.

Kevin W. Knight AM* is Chair of the ISO working group that developed the new ISO 31000 risk management standard and the revision of ISO/IEC Guide 73, and a founding member of the Standards Australia/Standards New Zealand Joint Technical Committee OB/7– Risk management, and the title of the article is “ISO 31000 and the Icelandic Volcano Crisis”.

We believe that Mr. Knight presents a good case of comparison between companies that were and were not prepared to react in a timely basis to this disruptive incident.

We realize that much was written about the Icelandic volcano eruption, and probably much remains to be written given the ongoing volcano activity forecasted to continue in this area.  However, we believe that Mr. Knight’s analysis through the lens of the ISO 31000 risk management standard offers a unique value for organizations to review, evaluate and relate to their own organization’s risk management philosophy.

Please pass this information along as suggested reading material to those business continuity, risk and crisis management team members in your organization.

Click here to read the full article.

e-Discovery Nightmare Continues for BP

June 9, 2010

On May 24^th this website posted an article entitled “e-Discovery Preparedness — Next BP Test of Readiness“ under our Regulatory Compliance category , and, as further follow-up to the largest U.S. oil spill incident encountered to date, we would like to turn the attention of our readers to a recent article written by Amy Miller, posted on the LegalWeek.com website, and entitled, ““To preserve and collect” – BP oil spill a discovery nightmare for lawyers.” 

The reason we chose this article and the reason we are tracking the e-Discovery activities related to the BP oil spill disaster is that many of our readers have concerns over e-Discovery and the potential requirements that may be affecting their own organizations as more case history is developed in this area of potential corporate risk litigation rulings.  We believe this article presents many of the underlying issues surrounding the legal discovery and legal hold requirements and thus is a good learning curve read related to e-Discovery. 

We certainly agree with those potential concerns and believe that by keeping on top of the e-Discovery related developments and requirements of BP and any other companies involved in the Deepwater Horizon disaster, we will be offering our readers a case study for others to follow and hopefully gain knowledge that could be transferred directly to risk management, information security, compliance risk and compliance audit team members in their organizations.  This information should also help the writing of compliance plans, contingency plans, information security assessment processes, and information security policies in general. 

Click here to read more about this important e-Discovery topic.

Red Flags Rule Enforcement Date Delayed Yet Again

June 1, 2010

The following was announced today on the HealthCareInfoSecurity website – “Reacting to requests from several members of Congress, the Federal Trade Commission (FTC) has yet again delayed enforcement of the Identity Theft Red Flags Rule until Dec. 31, 2010. The law had been slated to be enforced June 1.”

Under the Red Flags Rule, which became effective Jan. 1, 2008, organizations that extend credit to their clients must develop and implement written identity theft prevention programs that help identify, detect and respond to patterns, practices or specific activities, known as “red flags,” that could indicate identity theft.

If your organization extends credit to its customers, then we encourage you to pass this message along to those organizational risk management team members so that they can make a fair evaluation of risk relationship between the Red Flags Rule and their own organization and advise their management accordingly.

With so many previous delays already announced by the FTC over the enforcement of the Red Flags Rule law, what are your thoughts regarding this latest further delay announcement?

What kind of a message do you think this delay sends to those fighting for more privacy rights protection?

Read more …

Top Corporate Compliance Risk Areas in 2010

May 26, 2010

Much of the subject matters discussed on this website are focused on identifying those risks which have the potential of creating conditions, incidents and disasters which could disrupt the operations of a company and at the very least stop that company from being able to keep its doors open for business and thus satisfying the requirements of its customers.

With that thought in mind, we recommend reading a recent article written by Mark Srere, and posted on the Corporate Compliance Insights website.

In his article, Mr. Srere states that compliance risks for U.S. companies will increase in 2010.  And, given the economic downturn and current market conditions, this prediction, if true, will create many difficulties for many organizations.

He goes on to list the following five areas that are expected to generate some, if not most, of the increased risks facing a company in 2010:

●          Impact of Healthcare Reform Legislation

●          Increased Regulatory Oversight and enhanced enforcement in variety of areas

●          Implications of increased use of social media

●          Anti-Fraud / Anti-Corruption Prosecution

●          Managing e-data and document productions for any litigation

Moving forward in 2010, many compliance departments within organizations (if they have any at all) may be facing similar departmental risks found throughout so many organizations today – i.e. those risks resulting from a common denominator dynamic called lack of sufficient resources.  While we often relate these risks in our business continuity and risk managements team meetings, it is important to focus on the compliance requirements surrounding these risks.

For more details click here to read more ….and then, ask the question, “How does my organization fit into these categories of risk?”

Please pass this information along to the appropriate compliance risk managers in your organization.

e-Discovery Preparedness – Next BP Test of Readiness

May 24, 2010

Only time will tell if BP is prepared from an e-discovery and litigation standpoint and its settlement efforts regarding the oil spill incident in the Gulf of Mexico— and, we are not implying any relationship to or from observations of BP’s readiness to handle a deep water oil spill incident to be a forecast for BP’s ability to meet the e-discovery related requirement’s expressed in a recent article written by Christy Burke, and posted on the Legal IT Professionals website.

However, in citing this article, our team is also offered an opportunity to address the topic of e-discovery, the potential risk it presents especially to small and mid-sized entities, and why it is a topic discussed at all by this website.

Many of our readers have followed past postings of articles about e-discovery on this website, and, some have thanked us for raising this topic as a potential risk for their organizations.  Others have asked the question, “…Why is this a risk, and why should my organization be concerned about it?”

These are great questions and we would like to present our view of answers to those questions.  We also hope that our response to those questions will help our readers better understand how we are trying to support the purpose of this website, i.e. to be “Your Business Continuity Lifeline”.

First of all we believe that the definition of the term “business continuity” has been and continues to be greatly debated in the business community, but, more importantly, has been less recognized as a critical board room agenda item – primarily in the small to mid-sized business categories – than it should be.  So we do try to raise the awareness level of business continuity among our readership.

In an attempt to perhaps over-simplify the issue(s) surrounding the subject of “business continuity” and link the purpose of our website to supporting ongoing business continuity and compliance-related objectives, we present a simple definition of business continuity for your consideration.  That definition can be expressed as, “keeping the “doors of your business” open to satisfy your customers and create value for your shareholders”. 

With those thoughts and that definition in mind, we then assume that any activity or event that potentially or actually threatens the ability for your business to fulfill those goals is an element of risk which must be evaluated, understood in the context of your business, and acted upon to prevent any negative impact or potential disruption of that business. We believe that regulatory requirements surrounding e-discovery, if not fully understood, can be such a potential risk.

From an e-discovery and litigation readiness standpoint, responding to requirements can potentially escalate your organization into an activity that may drain its assets and resources to the point of forcing the “closing of doors” for that business.

We want to assist organizations and give them information that will help them raise their awareness of such risks so that they are ready to mitigate those risks faster, better and cheaper than their competitors.

 We are not trying to create undo concern over this e-discovery issue; however, we do want to raise just enough of a red flag so that organizations keep current on the news and relevancy issues regarding e-discovery and what risks it may or may not present to that organization.

Bringing us back to the title and topic of this article, it seems all but certain that BP is a potential target from an e-discovery and litigation standpoint, and we would hope that BP is fully aware of and prepared to mitigate this risk.

Read more about how e-discovery can become an integral part of the dynamics of the oil spill disaster and recovery efforts by BP, and please share your thoughts and comments, and experiences with e-discovery in order that we may share that with the readership of this website.

Also, please pass this information on to those business continuity and risk assessment team members in your organization.

Next Page »

• 
• 
• 
• 

• Subscribe

  • Subscribe to RSS
  • Comments

• Recent News

  • Career Options and the PS-Prep Program
  • E-Discovery – Compliance and Privacy Challenges
  • “Career Options and the PS-Prep Program” – July 27th, 2010 Webinar Reminder
  • Can Resilience be Enshrined in a Standard?
  • PS-Prep Developing Liability Protection?
  • PS-Prep Career Options Webinar
  • Emergency Plans and Behavioral Accuracy
  • Business Continuity Testing Guidance
  • Federal Cybersecurity Guidelines Document Update Released by NIST
  • Checklist Offered to Mitigate Project Related Risk Factors

• Categories

  • Events
  • Information
    • Auditing
    • Business Continuity Info
    • IT Service Management
    • Organizational Resiliency
    • PS-Prep Program
    • Regulatory Compliance
    • Standards & Best Practices
  • Security
    • Cybersecurity
    • Environmental Security
    • Executive Protection
    • Homeland Security Dpt
    • Information Security
    • Physical Security
    • Regulatory Compliance
    • Safety
  • Tools & Resources
    • Community Projects
      • Forms & Checklists
      • Glossary
    • First Timers
      • FAQs
  • Uncategorized

• Archives

  • July 2010
  • June 2010
  • May 2010
  • April 2010
  • March 2010
  • February 2010
  • January 2010
  • December 2009
  • November 2009
  • October 2009
  • September 2009
  • August 2009

• What Others Are Reading About

  ANAB ASIS ASIS SPC.1-2009 best practices Business Continuity business continuity management business continuity planning Business Continuity Plans compliance compliance risk contingency planning corporate security crisis management cybersecurity cyber security data breach Department of Homeland Security DHS disaster recovery disaster recovery planning e-Discovery emergency response enterprise risk management FEMA Information Security information systems security network security NFPA 1600 organizational resilience Organizational Resiliency Physical Security preparedness privacy Private Sector Preparedness PS-Prep PS-Prep Program readiness Regulatory Compliance resilience Resiliency risk assessment risk management Security security management security policies Auditing (4)
  Business Continuity Info (89)
  Community Projects (2)
  Cybersecurity (26)
  Environmental Security (2)
  Events (3)
  Executive Protection (1)
  FAQs (1)
  Forms & Checklists (1)
  Glossary (2)
  Homeland Security Dpt (11)
  Information (2)
  Information Security (57)
  IT Service Management (6)
  Organizational Resiliency (12)
  Physical Security (15)
  PS-Prep Program (57)
  Regulatory Compliance (16)
  Regulatory Compliance (9)
  Safety (4)
  Standards & Best Practices (9)
  Tools & Resources (4)
  Uncategorized (2)
  

  WP Cumulus Flash tag cloud by Roy Tanck and Luke Morton requires Flash Player 9 or better.