Global Disaster Alert Business Survival (tm) NewsNEW BOOK - Pandemic Influenza: Emergency Planning, Community Preparedness
The new book Pandemic Influenza: Emergency Planning and Community Preparedness introduces readers to the critical global and domestic issues regarding a potential pandemic. More...
Manufacturing, Distribution Business Continuity
A new Business Continuity template specifically designed for manufacturing or distribution businesses with 1,150+ pages on CD-ROM. More...
Emotional Crises in the Workplace
Provides well-tested Emotional Continuity Management tools that bridge human emotional dynamics with the fiscal demands of a company. More...
Principles and Practice of Business Continuity
This new book explores the subject of Business Continuity Management: from basic principles to best practices. More...
Disaster Recovery Testing
Untested contingency / recovery plans are of little value. Testing is far more than finding holes in the plan: it confirms the underlying assumptions are workable; it can also be a valuable training tool. More...
Comprehensive Business Continuity Management Program
The National Institute for Standards and Technology (NIST) recently released Special Publication SP 800-124, entitled Guidelines on Cell Phone and PDA Security.
InterCEP, the International Center for Enterprise Preparedness at New York University, the world’s first major academic center dedicated to private sector crisis management and business continuity, is hosting the next phase of working groups in which participants will provide input on the design and development of the Voluntary Public Sector Certification & Accreditation Program, also known as Title IX.
At the recent BCI board of directors meeting in Brighton, England, there was a discussion on BCM standards development activities in Europe, particularly at the ISO level. According to board members who are active in the standards committees, it could be another 18 months or so before we see a definitive global BC standard from the ISO. The BCI board is also keenly aware of the ASIS BCM project and is keeping a close eye on things.
Much has been happening with Title IX Legislation that directed the U.S. Department of Homeland Security to administer a program for a voluntary private sector preparedness accreditation and certification program. Early in October, ASIS and other industry players met to discuss the ASIS proposal to develop an American national standard for business continuity.
This blog has been keeping you informed on the developments in this important activity, and we are pleased to provide you with additional links to information that should be useful. As more become available we will add them.
FEMA National Preparedness Directorate
500 C Street S.W., Washington, D.C. 20472.
E-mail: privatesectorpreparedness@hsi.dhs.gov
Early in October, ASIS International hosted a planning meeting with business continuity professionals from more than a dozen organizations to discuss its initiative to develop a business continuity management (BCM) standard, for ultimate approval by ANSI (American National Standards Institute). Among the organizations represented were the Disaster Recovery Institute International, Association of Contingency Planners, the Business Continuity Institute and its U.S. Chapter BCI-USA, which commented on the proposed ASIS standards project registered with ANSI.
The U.S. Department of Defense has published a Unified Facilities Criteria (UFC) for Emergency Operations Center Planning and Design.
This UFC provides unified criteria for the design and construction of Emergency Operation Centers (EOC). This UFC provides:
Poll Indicates more than one-third of Canadians expect a disaster will affect their community.
Toronto, October 8, 2008 - More than 40 per cent of Canadians say the company where they work does not have an emergency plan in place according to a recent study1. Canadian Standards Association (CSA), a leading developer of standards and codes, today officially announced a new emergency management and business continuity programs standard, CSA Z1600, which is designed for private and public organizations of all sizes to use if disaster strikes. This new standard is based on the National Fire Protection Association (NFPA) 1600 Disaster/Emergency Management and Business Continuity Programs standard.
“A company without an emergency management and business continuity program is like a homeowner without insurance,” says Suzanne Kiraly, president, standards, Canadian Standards Association. “A natural or human-induced disaster can happen anywhere at any time and CSA Z1600 can improve the likelihood of organizations keeping their employees safe and their business running if disaster strikes.”
The (ISC)2 has announced it will offer a new security qualification known as the CSSLP to software developers to certify their competence in the area of security design. The certification, officially known as the Certified Secure Software Lifecycle Professional (CSSLP), is designed to benefit both the professionals who take the $599 examination, and the companies who hire them. Those who pass the test will have to prove a high degree of competence across any programming language in understanding how to integrate good security practice into the software development lifecycle.
The seventh Plenary meeting of the ANSI Homeland Security Standards Panel (ANSI-HSSP) will be held on October 2, 2008 from 8:00 AM to 4:30 PM at the U.S. Chamber of Commerce in Washington, DC.
The 2008 Plenary will address Public Law 110-53, Implementing the 9/11 Commission Recommendations Act of 2007, specifically the Title IX Voluntary Certification Program for Private Sector Preparedness. Panel sessions will cover the standards involved in the Title IX program, details on accreditation/certification, and the business case for certification.
The ANSI-HSSP Plenary provides this opportunity for the homeland security, emergency preparedness, and business continuity communities (public sector, private sector and standards developing organizations) to come together to discuss current issues and challenges, strategic approaches, recent successes, and future outlooks. Feedback from past plenary meetings has cited not only the useful information sharing and dialog during the formal program, but also the valuable networking and connections established for future collaboration. Additional details and the meeting agenda can be found on the meeting web site or by contacting Matt Deane at mdeane@ansi.org.
The conference fee is $299 for non-ANSI members. If you are an ACP member, you can receive a discounted conference rate of $249. To receive the ACP discount, write “ACP” in the registration fee box on the registration form.
The British Standards Institution (BSi) recently unveiled a draft code of practice, BS 25777, to address disaster recovery and continuity issues associated with information and communications technology (ICT). The draft document, available for a small fee, is currently out for public comment until October 17, 2008. BS 25777 supersedes Publicly Available Specification (PAS) 77, which addressed the same issues. It is designed to address IT issues not currently covered in BS 25999, the British standard for business continuity management (BCM).
Curiously, a review of BS 25777 shows it to be very similar in content to the International Organization for Standardization (ISO) 24762:2008, which was published early in 2008. While there will certainly be subtle differences between the two documents, it remains a mystery that the BSi would issue a proposed British standard that is similar to an already published international standard.
The document can be obtained by clicking here. To comment on the draft document, please click here.
The Disaster Recovery Institute International (DRII) has issued a call to its membership and others in the profession to stop the development of a new ASIS business continuity standard (see blog entry dated August 6). Calling for BC professionals to, in effect, “stop the madness” with the continued development of new BC standards, DRII asked people to write to ASIS and even offered several possible messages to send ASIS. Following are excerpts from the message.
“Last October, Disaster Recovery Institute International (DRII) issued a position statement regarding the establishment of a standard for Business Continuity Planning. This was in response to the American Society for Industrial Security (ASIS) attempting push through an unproved and ill-considered standard with the American National Standards Institute (ANSI). We believed that our statement had settled the matter.”
“However, ASIS has filed two notices with the ANSI called “PINS Forms: Standards Action Public Review Requests.” One of these is “BSR/ASIS BCM.01-200x, Business Continuity Management: Preparedness, Crisis Management, and Disaster Recovery”. This proposed standard is being drafted “to include auditable criteria for preparedness, crisis management, business/operational continuity and disaster management using a process approach with the Plan-Do-Check-Act model, as required by Title IX of H.R. 1 and Public Law 110-53 ‘Implementing Recommendations of the 9/11 Commission Act of 2007′”.”
“DRI International strongly opposes this filing. We are asking our colleagues and certified professionals in the field to oppose this effort to create a “Business Continuity Management” standard in an industry already beset with multiple and often confusing standards. The comment period for this “PINS” phase of “BSR/ASIS BCM.01-200x” closes on August 30, 2008.”
“Please send a clear message to ANSI through its designated point of contact, Susan Carioti at scarioti@asisonline.org. We are making every attempt to coordinate this effort and track the comments, which we believe will help in making presentations to ANSI and other appropriate agencies. When you send your e-mail to Ms. Carioti, please send a bcc to standards@drii.org. Your efforts are greatly appreciated.”
Commentary: While it’s true that there are over two dozen standards that address business continuity in one way or another, and it’s true that NFPA 1600 (National Fire Protection Association) is the American national standard, few professionals in this country are actually using the standards. Previously conducted surveys by such firms as Deloitte and Touche showed that less than one-quarter of the respondents knew about NFPA 1600, much less used it. More attention is being focused on the British Standard, BS 25999, than NFPA 1600. Further, it is likely that within the coming year the International Organization for Standardization (ISO) will issue a global standard for business continuity. What happens then? Hopefully most of the standards commotion will cease, and we can move forward with our profession, knowing that it has a global set of guidelines on how to perform this vital service.
RSS Feed