February 23, 2012

Posts Comments

You are here: Home / Archives for Business Continuity Info

Business Continuity Awareness Week 2012 — Reminder — March 19-23

February 21, 2012 By Leave a Comment

 

Photo courtesy of blog.clearrisk.com

Business Continuity Awareness Week (“BCAW”)  2012 is fast approaching and with this year’s BCAW 2012 theme about time, we should all be aware of the fact the time is not usually on your side in a crisis — therefore our staff recommends participation in BCAW 2012 for all business continuity planners.

First a few general reminders:

  1. the Business Continuity Awareness Week (BCAW) is the global educational event for people to learn more about Business Continuity Management (BCM).
  2. BCAW is facilitated by the Business Continuity Institute (BCI), the prestigious international membership body for BCM — approaching 7,000 members in some 100 countries.
  3. In a crisis, people are making decisions under pressure, options are reduced and media scrutiny may be at its greatest.  Indeed, how well or badly a crisis is managed may have greater consequences for the organization than the original incident.  Whether a small business or a major multi-national, the challenges are the same, it’s just that some have further to fall!

Our staff supports the premise of BCAW 2012 – i.e. …dealing effectively with an incident on any scale requires Business Continuity Management (BCM) – a set of practices and capabilities, which have been crafted into a tried and tested framework to help you identify and manage the consequences of disruption to your organization regardless of cause.

BCAW 2012 will provide the opportunity for disaster preparedness and risk management teams to;

  1. engage with business continuity professionals from around the world,
  2. learn about the importance of dealing effectively with incidents on varying scales, and,
  3. develop methodologies and strategies on how to make an organization more resilient.

Some of the highlights of BCAW 2012 will include: (a) New research: The BCI and its partners will be publishing new research and papers throughout the week, (b) BC24: the ground breaking, multi-role, online incident simulation game to test your organization’s crisis management skills, and informally benchmark with organizations across the world, (c) New webcasts: A multiple free offering of webcast presentations which will run throughout the week, (d) BCAW 2012 Forum: a LinkedIn Forum for newcomers to ask questions of the BC community and for more experienced practitioners to debate the hot topics in the industry, and, (e) In-house Awareness Opportunities – This will be an opportunity for existing BCM practitioners who are looking to run awareness raising activities within their own organizations.

If you are interested in participating, sponsoring or just being an active listen to these valuable opportunities, or, if you have any questions about BCAW 2012CLICK HERE.

If applicable, please pass this information along to those business continuity or crisis management planning groups in your organization, and, to those PS-Prep strategy planning teams in private sector companies.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , ,

Compliance Officer and In-House Counsel — Synergies and Conflicts

February 20, 2012 By Leave a Comment

Amy E. Hutchens, a frequent contributing writer for this website and the National Contract Management Association (NCMA), has written an interesting article entitled “Wearing Two Hats: The Dual Roles of In-house Counsel and Compliance Officer”, and, given the fact that corporate regulatory and enforcement authorities have become more active and aggressive in the past several months, our staff would like to encourage a more detailed reading of Amy’s approach to this dual challenge often facing a new arrival to a new in-house counsel appointment.   Of course, economic constraints can often be their own motivation(s) for trying to combine these often conflicting roles in an organization.

As Amy states in her article, “…wearing the hats of both in-house counsel and compliance officer can be challenging and rewarding at best and can become a nightmare at worst.”

The question(s) Hutchens addresses in this article speak to the very realistic world challenges of risk that organizations –both large and small – live with every day, and, in doing so, they also raise the possibilities of real world consequences that often result from a decision to unify the roles of in-house counsel and compliance officer within any one organization.

Let us know your thoughts and comments as you read more of how Hutchens attempts to answer the following questions:

  1. Given today’s business environment, is it realistic to expect a general counsel to operate as a great compliance officer?
  2. Are the inherent conflicts reconcilable?
  3. Is executive management deprived of a valuable perspective when the roles are combined?

Click on the following link Wearing Two Hats by Amy E Hutchens to read the full article.

If applicable, please pass this information along to those business continuity, disaster preparedness, risk management or even PS-Prep strategy planning teams, as well as, compliance officer or general counsel individuals in your organization.

Click here to view the National Contract Management Association website for more related articles and information on the topic of compliance and in-house counsel activities. (Registration Required)

Amy E. Hutchens is general counsel and Vice President of Compliance and Ethics Services for Watermark Risk Management International, LLC.

Photo courtesy of National Contract Management Association (NCMA) Magazine – Feb 2012

Filed Under: Business Continuity Info, Corner Office Viewpoint, PS-Prep Program, Regulatory Compliance Tagged With: , , , , , , ,

Threats for 2012 Global Business Continuity — New Survey Results Released

February 17, 2012 By Leave a Comment

Photo courtesy of gpnetnow.com

Business continuity and risk management planning groups would benefit from reviewing the results of a new survey report recently released by the Business Continuity Institute and given the title “Horizon Scan 2012”.

In this report, four hundred and fifty eight (458) organizations — reporting from the U.K., USA, Australia, Canada and South Africa — during the period of 5-20 December, 2011, have indicated that business continuity practitioners are applying business continuity management to a wider range of threat categories than those with which the BC discipline is more traditionally associated, and, perhaps, equally important, it raises the question as to the extent that individual organizations can deal with these challenges by themselves.

A short list of the threats identified by survey participants in this report would include: unplanned IT/Telecom outage(s), adverse weather, cyber-attack, acts of terrorism, utility interruption(s), availability of workforce(s), new laws and/or regulations, social/civil unrest, major customer/supplier disruption(s), or the availability/cost of credit/finance.

Of particular importance and/or interest is the section dealing with the evaluation of threats as perceived by the primary activities of operational groups within an organization — e.g. the top three threats as seen by the information and communications group are stated as: (1) unplanned IT / Telecom outage, (2) Data breach and (3) Cyber-attack …..While the top three evaluated threats as seen by the manufacturing group are: (1) Supply chain disruption, (2) Unplanned IT/Telecom outage, and (3) Product safety incident.

Our staff recommends that this report be added to the reading resource libraries of those disaster preparedness, crisis management and/or risk management planning teams in your enterprise level organizations.  And, if you are a private sector smaller company, please share this information with your PS-Prep strategy planning groups.

Click here to read more, and to download and view the full report.

Again, we thank the Business Continuity Institute for making this resource available to all BC/DR planning teams.

Filed Under: Business Continuity Info, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , ,

Risk Management and Crisis Response Traits

February 7, 2012 By Leave a Comment

In a recent article written by Kevin M. Quinley, entitled “Avoid These Seven Traits that Will Sink Your Risk Management Program!”, the topic of organizational crisis management in the context of product liability is addressed from an interesting adaption of consultant Jim Lukaszewski’s presentation identifying seven behaviors that spell trouble when it comes to how an organization will act when faced with an unexpected crisis or disruptive event.

Quinley’s article should focus our readers’ attention on several perceived typical reactions by organizations when faced with a disruptive event — like a product liability claim or law suit.  And, by learning from this information, it could be a first important step for an organization to take toward building a strong corporate risk management and mitigation plan against these potential threats.

A quick summary of those typical reactions expressed by both Llukaszewski and Quinley are:

  1. Denial
  2. Victim Confusion
  3. “Testosterosis”
  4. Arrogance
  5. Scapegoating
  6. Media-Phobia
  7. Whining Parties

Click here to read Quinley’s full article.

If applicable, please pass this information along to those risk management team members in your organization.  And, in some cases for smaller companies in the private sector, PS-Prep strategy and business continuity planning groups could add this content to their library of available reference materials as well.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , ,

Black Swans in the Boardroom

February 7, 2012 By Leave a Comment

Photo courtesy of ashfordbirder.blogspot.com

Judging from recent comments and inputs from our readers, many business continuity planning teams fully realize that the risk landscape facing their organizations is changing, and, while they and their upper management teams can see that a new risk landscape is emerging, it remains difficult to define what is behind those changes or how their risk management strategies should respond to them.

Trying to keep this awareness out of a negative light, Armoghan Mohammed and Richard Sykes (both part of the PricewaterhouseCoopers International Limited group) have written and recently released a report entitled “Black Swans Turn Grey: The Transformation of Risk”.

Our staff agrees with Mohammed and Sykes’s belief that through a better understanding and management of risk strategy, organizations will be more resilient and better positioned to pursue their corporate objectives.

First a little background on the concept of risk and a “black swan event”.  In 2007, the Nassim Nicholas Talleb wrote about “The Black Swan: The Impact of the Highly Improbable”, and, the term “black swan” was quickly adopted and became one of the three (3) major types of risks now recognized by risk management methodologies – the other two are “known risks” and “emerging risks”.

Mohammed and Sykes argue and suggest that recent experience(s) indicate that events that fit the description of “black swans” are happening more and more frequently –therefore they ask the question, “Are black swans actually turning grey?”

Exploring this approach and tying it, as well, to a real need to map out the new risk landscape, align it with the requirement for board members to better understand this reality, and integrate this reality into the management leadership so that organizations develop a risk aware culture with explicit focus on the risk appetite of the organization and then align that risk appetite with the objective marketing and growth strategies for that organization.  In other words, the board has the responsibility — building on an enterprise risk management methodology – to: (1) fuse strategy more closely with risk, (2) articulate a more explicit and holistic risk appetite and (3) promote and support more active collaboration within their organizations to build stronger resilience levels across total business management systems.

Click here to read Mohammed and Sykes’ full whitepaper.

If applicable, please pass this information along to those risk management and business continuity planning teams in your organization, and, where needed, introduce these thoughts to PS-Prep strategy planning teams, as well.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , , , ,

Risk Awareness Concerns and Organizational Risk Management System Potential Integration(s)

February 5, 2012 By Leave a Comment

Photo courtesy of meship.com

By: Lisa DuBrock, CPA, CBCP, MBCI

Recently in an article written by Subrata Guha entitled “New ISO IEC 20000-1: Alignment with ISO 27001”, Guha makes the point that, “…. since ISO 20000-1 and ISO 27001 are so closely linked, there is a strong argument that these two standards should be implemented as a single management system – and, that the new release of ISO 20000-1 makes this process easier than ever before.

I contend that the melding of those 2 standards is certainly an excellent idea —especially since some well-defined areas such as incident management, change management, and security management link up so well. And, I believe that many companies have done just that; whether they implement the standards together or individually and then knit the individual management systems and overlapping control structures together.

What I’d like to propose today is — depending on your own corporate and organizational culture — to consider a coupling of two other standards that have a natural affinity to work together.  Those standards are ISO/IEC 27001:2005 Information Security Management System and ASIS SPC.1 Organizational Resilience:  Security, Preparedness and Continuity Management System.

Both the ISO 27001 and the ASIS SPC.1 standards build their foundation on the concept that management identifies, adopts, implements, monitors, updates and, most importantly, manages their related management system(s) based on that particular organization’s appetite for risk – i.e. Risk Appetite.

As with any organization’s business management system (BMS), the process of implementing that BMS to a standard (i.e. ISO 27001 or ASIS SPC.1) begins with and is based on the scope that the organization sets for its BMS.

In this instance, both ISO 27001 and ASIS SPC.1 adhere to the management system requirements of: Management Commitment (including resourcing, training and awareness, and approval of the system), Internal Audit, Management Review and Continual Improvement.

Both of these standards also require a statement of applicability (SOA).  However they differ in how the SOA is defined.  In SPC.1 the SOA documents the strategic weighting of security management, preparedness, emergency management, disaster management, crisis management and business continuity management.   In ISO 27001 the SOA is a documented statement describing the control objectives and controls that are relevant and applicable to the organizations ISMS.

What really differs between these standards, however, is the context of the risk process.  For ISO 27001, the context is based on the information assets identified within the scope of the management system.  Within SPC.1 the Organizational Resiliency Management System is based on legal and other requirements, information about significant hazards and threats and protection of critical not just information assets (physical, intangible, environmental and human).

By having an organization integrate the implementations of both ISO 27001 and ASIS SPC.1 standards simultaneously, it would almost be a certainty that a stronger and more clear understanding of risk and what is needed for that organization’s mitigation of those risks (i.e. to be more secure) would be achieved.

If you agree or not with this opinion, please share your comments and inputs regarding this potential integrated approach.

Filed Under: Business Continuity Info, Corner Office Viewpoint, Information Security, Organizational Resiliency, Risk Management Tagged With: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

PRIVATE SECTOR UPDATE — DHS Presents State of America’s Homeland Security

January 29, 2012 By Leave a Comment

Photo courtesy of DHS

PS-Prep strategy planning groups, along with all business continuity and risk management members of teams in organizations of all sizes should be interested in listening to Janet Napolitano, Department of Homeland Security Secretary (DHS), as she delivers the second annual State of America’s Homeland Security address, on Monday, January 30 2012 at 1:00 PM EST.

Increasing our nation’s security and resilience remains a goal achieved through strong connections between DHS and our nation’s private sector.

Click here to watch Janet Napolitano’s presentation LIVE on Monday, January 30 2012 at 1:00 PM EST.

Filed Under: Business Continuity Info, Homeland Security Dpt, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , ,

Business Continuity and Emergency Management Plan Testing — Need Help Pitching the Need?

January 28, 2012 By Leave a Comment

Photo courtesy of blog.abn.org.au

Many of the readers of this website belong to emergency management and business continuity planning teams.  And, hopefully, those disaster preparedness focused teams are testing their emergency, continuity and disaster recovery plans regularly.

But if not, or if those risk management centered groups are looking for some useful information to assist the testing of those BC/DR plans, then, an article written by Jim Satterfield is a valuable resource to turn to when you need content and reasons to convince your fellow BC/DR team members – or even upper management — that funding and support is justified to test your plans.

As Satterfield says, “Everyone has a role in a crisis. Some are strategic, some are tactical. How decisions are made in a crisis is critical to the outcome. Because of this, the following holds true:

  1. Practicing emergency response helps assure that the response can proceed predictably during a crisis or disaster;
  2. Participation in exercises familiarizes everyone with the vulnerabilities, impacts, plans, mitigation strategies, incident management and crisis communications;
  3. Testing allows problems or weaknesses to be identified and used to stimulate necessary and appropriate changes; and
  4. Errors committed and experience gained during testing will provide valuable insights and lessons learned that can be factored into the planning/updating process.”

The full posting by Satterfield is in two parts, so be sure to read the entire posting, and, if applicable, pass this info on to those associates in your organization or even those disaster recovery and first responder teams in your community’s Emergency and Crisis Management Response areas.  And if your organization is in the private sector, please get this info to in-house team members of the PS-Prep strategy planning leaders.

Click here to read Part 1 and Click here  to read Part 2 of Satterfield’s postings.

Filed Under: Business Continuity Info, Homeland Security Dpt, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , , , ,

New Members Named to 2012 ASIS Commission on Standards and Guidelines

January 19, 2012 By Leave a Comment

ASIS recently announced the selection of members that have been named to the 2012 ASIS Commission on Standards and Guidelines.  This commission has the responsibility to advance the practice of security management through the development of standards and guidelines within a voluntary, nonproprietary and consensus-based process, utilizing the knowledge, experience and expertise of ASIS membership, security professionals and the global security industry.

One of those members named to the commission is Lisa DuBrock, CPA, Managing Partner, Radian Compliance, LLC, and, a contributing editor and writer for this website.  Lisa provides our readership with her views on the topics of business continuity management systems and PS-Prep related standards and guidelines such as BS25999-2, SPC.1:2009, NFPA 1600:2010,  and ASIS/BSI BCM.01:2010.

We congratulate Lisa DuBrock along with the other members of the 2012 ASIS Commission on Standards and Guidelines.

Click here to read the full press release of this announcement.

Filed Under: Business Continuity Info, PS-Prep Program Tagged With: , , , , , , , , , , , ,

Business Continuity Planners May Face “Frictionless Sharing” Risks from New Facebook Apps

January 19, 2012 By Leave a Comment

Photo courtesy facebook.com

While information security and privacy rights protection teams within organizations continue to monitor the potential privacy risks that Facebook may be presenting to their employees, a new announcement was made today indicating that Facebook is now adding over 60+ new applications within their auto-share technology.

Click here to read a Facebook company blog covering this news as released by Facebook’s director of platform Cal Sjogreen.

As you will read, Facebook users can now immediately begin adding these new apps to their timelines.

As Sjogreen states, “…the apps are all set up to use the “frictionless sharing” function on the social network, meaning that users only have to give an app permission to share information once. After that, the app updates automatically to a user’s profile, letting their friends know instantly what they may be eating, studying or listening to at any given moment.”

While it may be too early to accurately assess any additional risks these apps may present to existing business continuity plans, it may be a good idea to inform information security specialists, risk managers and HR privacy managers of this event.

PS-Prep strategy planning teams in the private sector, in local community disaster preparedness groups and even risk mitigation discussions among family and friends may warrant a close watching of this recent announcement.

Filed Under: Business Continuity Info, Information Security, Organizational Resiliency, PS-Prep Program, Risk Management Tagged With: , , , , , , , , , , , , , , , ,
« Older Posts