May 17, 2012

Posts Comments

You are here: Home / Archives for Security / Regulatory Compliance

BC/DR and Risk Management Teams in U.S. Chemical Facilities — Be Aware of Recent Regulatory Developments

July 5, 2011 By Leave a Comment

If your business involves the production, distribution or sales of chemicals, you need to be aware of new developments relative to the U.S. Chemical Industry’s regulatory environment.

This week, the Senate Committee on Homeland Security and Governmental Affairs voted 8-2 for Senator Susan Collins’s bill, S. 473, to renew the Chemical Facility Anti-Terrorism Standards (CFATS), which is designed to regulate the chemical industry to ensure that they are keeping their facilities safe from terrorist attack. A similar bill has already been approved by a House committee and the chemical industry and regulators are eager to see Congress pass the bill to provide stability in the regulatory marketplace. The bill was originally approved in 2006 and is set to expire this year.

To get more of the facts surrounding these most recent developments, click here.

To follow the debate of whether or not this bill goes far enough to protect the thousands of chemical related facilities in the United States, click here.

If applicable, please pass this information along to those team members in your organization responsible for risk management, physical security, regulatory compliance or business continuity planning.

Photo source courtesty of 123rf.com

Filed Under: Business Continuity Info, Physical Security, Regulatory Compliance, Standards & Best Practices Tagged With: , , , , , , ,

New EU Privacy Law and the Cookie Monster

May 30, 2011 By Leave a Comment

How does your information security plan address the possibility of a law requiring companies to get permission before installing cookies on a person’s computer?

If your organization has operations in EU countries, you may want to bring your information security and privacy rights specialists team member’s attention to a recent article posted on the InfoSecurity.com website.

Click here to read more about this cybersecurity issue and potential regulatory requirement in the EU.

If applicable, please pass this on to those information security and risk management team members in your organization.

Photo courtesy of netsoltech.com

Filed Under: Information Security, Regulatory Compliance, Security Tagged With: , , , ,

PS-Prep and the Update Status on NFPA 1600 — 2013 Edition

May 9, 2011 By Leave a Comment

Work on the 2013 edition of NFPA 1600Standard on Disaster/Emergency Management and Business Continuity Programs” is well underway. The technical committee met in Orlando in late March, this year,  to continue the research and development of what will become the sixth edition of the standard. The technical committee is also asking for public input for new content or revisions to existing text.

In an article written by Donald L. Schmidt, ARM, CBCP, CBCLA, CEM and posted on the Disaster-Resource.com website, our readers may read more about how the NFPA 1600 Technical Committee tries to achieve a balance between writing prescriptive requirements and writing a standard that is widely applicable and not overly burdensome.

The committee is soliciting your input on the 2013 edition. But, meanwhile you can download the 2010 edition for free. (Click here)

You can submit your suggestions for additions or revisions online via NFPA’s Online Submission System. (Click here)

You can also download (Microsoft Word format), complete, and return a Document Proposal Form. (Click here)   Instructions for submitting the form via mail, fax, or email are included at the bottom of the form. The deadline for submissions is May 23, 2011.

The first draft of the 2013 edition is expected to be published for public review by December 23, 2011.

Once published, public comments on the draft will be accepted until March 2, 2012. Following the second round of public comments the committee will meet to finalize and vote on the draft prior to issuance by NFPA as early as November 2012.

This website thanks Mr. Schmidt for writing this article, and, asks that if applicable, this information would be forwarded to those PS-Prep strategy planning teams in your organization.

Photo courtesy of campussafetymagazine.com

Filed Under: PS-Prep Program, Regulatory Compliance, Standards & Best Practices, Standards & Best Practices Tagged With: , , , , ,

“Five Hottest Topics in E-Discovery” Free Podcast Now Available

May 5, 2011 By Leave a Comment

The threat of having your organization affected by an e-Discovery request is becoming more of a reality every day.   And, if your organization is a small or mid-sized business, that threat has the potential to place an economic and human resource burden on your company that might be just enough to drive that company out of business.

Being aware and being prepared, for these e-discovery requests, are disaster preparedness actions that require much learning, evaluating and planning effort(s).

To help that process, the Legal Talk Network has released the latest edition of Sensei’s Digital Detectives podcast, entitled “The Five Hottest Topics in E-Discovery.” Podcasters Sharon D. Nelson, Esq. and John W. Simek, Sensei’s President and Vice President, welcomed California attorney and e-discovery expert, Josh Gilliland, the noted author of the Bow Tie Blog to discuss the five hottest topics in e-discovery today.

Their discussion included the form of production,  litigation holds after the Pension Committee case, how small firms are surviving their entry into e-discovery, preservation of ESI and how to prove that an e-discovery request will cause an “undue burden.”

Ms. Nelson noted, “Josh is not only a true expert in this area, but he invests his commentary with wit, which is undoubtedly why he is such a popular e-discovery speaker. We were honored to have him share his expertise with our listeners.”

Click here to listen to that podcast and learn more about and how to avoid and survive an e-discovery request.

If applicable, please pass this information along to those business continuity planning and risk management team members in your organization.

Photo courtesy of proofspace.com

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance Tagged With: , , , , , ,

Regulatory Compliance Forecasted to be Top 2011-2012 Business Issue

April 21, 2011 By Leave a Comment

According to a recent survey announced by the Information Systems Audit and Control Association (ISACA) at this year’s InfoSec conference in London, regulatory compliance will be the top business issue affecting enterprise information security professionals in the next 12 to 18 months.

ISACA said the increase in regulations, data breaches and new technologies, such as cloud computing and the rise of personal technology in the workplace, are accelerating complexity and risk.

Tony Noble, a member of ISACA’s guidance and practices committee, said: “The survey shows more clearly than ever that information technology cannot be managed in a vacuum. From the growing number of government regulations to consumer privacy concerns and hacktivist attacks, enterprise IT assets are being challenged in ways that go far beyond the server room.

Click here to read Antony Savvas’ article about this risk management and potential threat that should be included in business impact analysis processes affecting many business continuity plans.

Photo courtesy of evantix.com

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance Tagged With: , , , , , , , , , , ,

E-Discovery Concerns Offer Cloudy Guidance Process

April 14, 2011 By Leave a Comment

The subjects of e-discovery and cloud computing remain hot topics within risk management strategic planning meetings.  Unfortunately, evidence is beginning to show that too many executive management teams are driven to cloud computing for primarily cost reduction purposes.  And to make things more difficult, there is a vast range of information provided on these topics from private sector cloud computing providers, which drives many organizations to strive for more visibility,clarity and understanding regarding the regulations and requirements and ultimately the consequences that might accompany a decision to move data to a cloud computing environment. 

If you are a chief privacy officer, information security specialist or simply a risk manager trying to assess either e-discovery or cloud computing within the scope of a business impact analysis input to your organization’s business continuity planning process, our staff recommends listening to a recent Federal News Radio (WFED) radio broadcast interviewing Allison Stanton, the U.S. Department of Justice’s director of E-Discovery.

Additionally, many private sector preparedness (PS-Prep) strategies could benefit from observing and watching closely how the General Services Administration, the Agriculture Department and other governmental agencies move their email and collaboration services to private sector cloud computing providers.

In this interview we can watch how e-discovery considerations play a role in moving to the cloud involve and at the same time try to address the following questions:

  1. How would a litigation hold be implemented on their data out in the cloud somewhere?
  2. What is the process of searching and collecting information from that data in the cloud?
  3. How does the jurisdiction of wherever that data is stored in the cloud affect this process?

As also given in this interview — e.g. the estimate that one terabyte of data costs about $1 million in litigation costs to do discovery — one clearly sees the value of doing this right the first time!

This website has had many postings dealing with this potential risk and threat to all organizations and remains concerned that the potential economic penalties that could be imposed by regulatory agencies for violations of e-discovery rules and regulations could be an economic and organizational penalty which few companies could survive.

Thus, this website takes the position that both e-discovery and cloud computing should remain considerations in every organization’s business impact analysis process.

If applicable, click here to read and hear (be sure to download the audio version of the interview) more about these topics.

Photo courtesy of blog.softheme.com

Filed Under: Business Continuity Info, Information Security, PS-Prep Program, Regulatory Compliance Tagged With: , , , , , , , , , , , ,

E-Discovery Reaches Historic Milestone

March 24, 2011 By 1 Comment

The Association of Certified E-Discovery Specialist (CEDS) announced that “,,,a new day in e-discovery dawned from coast to coast in the United States and other countries this week as practitioners in law, litigation support, information technology, records management and other fields of endeavor learned they are members of the inaugural class of professionals who earned the Certified E-Discovery Specialist (CEDS) designation.”

The landmark CEDS exam, which the CEDS candidates took at more than 40 secure testing centers worldwide, is the first legally defensible, scientifically verifiable e-discovery competency examination. Neither ACEDS nor the CEDS examinations have any ties or links to a software product or outside organization.

This website has consistently included e-discovery as an important part of the potential threat that organizations need to be aware of as part of their regulatory requirements applied to their internal records management and information security functions.

More succinctly the potential risk managment issue here to consider can be better understood when a definition of the term e-discovery is reviewed.  Per the ACEDS website,  e-discovery is defined as “… the major new legal and technological specialty area focused on the complex obligations of private sector and government organizations and individuals, to retain, organize, retrieve and disclose electronically stored information in civil and criminal litigation, governmental and internal investigations, arbitration, and other types of dispute resolution“.

From a business continuityor regulatory audit perspective, non-compliance with any of these requirements, could present an economic risk and/or penalty cost beyond the resources available to most small or mid-size companies.  This milestone now reached could offer a risk mitigation resource for those organizations now facing e-discovery litigation or requirement challenges.

World now has independent uniform standards, verifiable competency level

This is a milestone in the e-discovery field,” said ACEDS president and founder Charles A. Intriago, a former Assistant US Attorney and litigator at a large international law firm, who also founded the now 10,000-member Association of Certified Anti-Money Laundering Specialists (ACAMS.)   “For the first time the world has an independent, authoritative, scientifically verifiable mechanism to set uniform standards and establish a base level of competency, knowledge and skill for e-discovery practitioners wherever they do business,” he added.

For the successful candidates, the CEDS designation will be powerful evidence of highly specialized expertise that will be recognized and welcomed by law firms, corporations, courts, peers, government agencies, and clients,” said William Hamilton, a partner at the law firm of Quarles & Brady, who chairs the ACEDS Advisory Board.

This should be good news for all organizations now facing the challenge of compliance to many new and developing regulatory requirements in the field of e-discovery.

Read more about this e-discovery announcement….

If applicable, please pass this information along to those information security and/or records management team members in your organization.

Filed Under: Business Continuity Info, Information Security, Regulatory Compliance, Regulatory Compliance Tagged With: , , , , , , , , ,

E-Discovery Issues to Follow in 2011

February 22, 2011 By Leave a Comment

While issues surrounding E-Discovery continue to become more critical components of how organizations and their legal counsel teams prepare for and conduct litigation, it seems to be perceived as more of a concern for large enterprises and less so for small businesses. Unfortunately, the emerging regulations and laws surrounding this topic do not follow this logic.  and, given the recent increase of economic penalties for non-compliance, e-discovery matters could quickly become enough of an economic burden to small and mid-sized companies to also be a threat to “keeping the doors open” for that company.

Therefore, it is with this logic in mind that we point our readers to a recent posting about e-discovery by the Huron Consulting Group.  The posting is entitled, “Ten Key E-Discovery Issues to Watch in 2011”.

James G. Mitchell, Managing Director and Head of Discovery Services for Huron Legal describes this posting by stating, “In the following article, David J. Lender, Partner, Weil Gotshal & Manges LLP; and Andrew J. Peck, Magistrate Judge, United States District Court for the Southern District of New York, assess the most important court rulings in 2010 and their impact on process and procedure in 2011. They also describe practical strategies to meet the challenges today and devise approaches that will be beneficial in the year ahead. Their commentary offers a blueprint for proactive ways to deal with 10 key issues they identify as important to all those working on e-discovery matters.

Click here to read their full listing of important issues surrounding e-discovery to watch in 2011.

If applicable, please pass this information along to those information security, privacy rights strategy, business risk and business continuity planning team members in your organization.

Filed Under: Business Continuity Info, Regulatory Compliance, Regulatory Compliance Tagged With: , , , , , , , ,

e-Discovery Provider Search Tool Now Available

February 17, 2011 By Leave a Comment

It cannot be denied that e-discovery is quickly becoming a topic that can be  a potential threat to small and mid-sized businesses and, as such, is something that risk managers and business continuity planning teams in those SME’s need to review and possibly put on their short term “to do” list

While certainly already an object of attention in large enterprises, e-discovery is more likely to be an internal process dynamic, however, when required, the e-discovery methodology and document or record retention dynamic is more likely to be something that a small or mid-sized organization will look to an outsource partner to provide those e-discovery related products and services.

With this thought in mind, we turn our reader’s attention to a recent article written by Robert J. Ambrogi and posted on the lawsiteblog.com website.

In this posting, Mr. Ambrogi states, “ George Socha and Tom Gelbmann, two names well known in the e-discovery field for their annual Socha-Gelbmann Electronic Discovery Survey and for their roles in developing the Electronic Discovery Reference Model, have launched Apersee, a website that aims to become the premier system for helping litigation professionals choose e-discovery providers and products. The site features the Selection Engine, a tool that lets you pick and rank the criteria that are important to you and then finds the vendors that most closely match.”

If applicable, we ask that you forward this information to those e-discovery, document control management, business continuity and risk management team members in your organization.   And, given the recent activity of and penalties declared for non-compliance or attention to the need for an e-discovery information control methodology, you might perceive this as a serious enough risk of economic burden so that it might be something you also include in your organization’s PS-Prep strategy planning efforts as well.

Click here to read about and access more information regarding this e-discovery provider search tool.

We ask that if our readers are aware of any similar search tools or methods to assist the selection of an outsource partner to provide e-discovery related services or products, please add that information in your comment(s) to this posting.  Thank you.

Filed Under: Business Continuity Info, Cybersecurity, Information Security, PS-Prep Program, Regulatory Compliance, Regulatory Compliance, Risk Management Tagged With: , , , , , , , , , , , ,

Information Security Compliance Strategies Found to Save More $$ than Non-Compliance

February 7, 2011 By Leave a Comment

Recently, one of our contributing staff writers, Lisa DuBrock, brought our attention to a survey conducted by the Ponemon Institute and sponsored by Tripwire and a recent announcement of its findings.  Ms. DuBrock’s point was that the results of this survey indicated that companies that actively employ information security compliance strategies, processes and procedures spend nearly one-third (1/3) the expense on risk management of security than non-compliant companies do.  And, the another point raised by Ms. DuBrock is that this finding does in fact confirm the observations she has made in consulting projects she has managed or participated in over the last eighteen (18) months.

This report states that “…Data protection and enforcement activities ranked among the most expensive compliance activities, and business disruption and loss of productivity were found to be the most significant expenses for companies that did not achieve or maintain compliance…and total cost of compliance varies by industry, ranging from $6.8 million for education and research to more than $24 million for the energy sector. The cost of compliance versus noncompliance also varies by industry, with energy showing the smallest difference at ($2 million) and technology showing the largest ($9.4 million).”

Understanding that many surveys and similar reports like this can cause much debate amongst the readers of those reports, we would ask our readership to please read more about this report and offer your comments on its findings relative to your interpretations and experiences.  Be sure to use the links in this story to also listen to an audio version of the findings of this report.

Filed Under: Information Security, Regulatory Compliance Tagged With: , , ,
« Older Posts
Newer Posts »