The Netherlands Adopts the ASIS International Organizational Resilience Standard


ASIS International’s American National Standard for Organizational Resilience has been adopted as a national standard in the Netherlands. The ANSI/ASIS SPC.1-2009 American National Standard, “Organizational Resilience: Security, Preparedness and Continuity Management Systems–Requirements with Guidance for Use,” was published as a Dutch National Standard (NEN 7131) by the Netherlands Standardization Institute in January 2010. This follows the publication as a Danish National Standard (DS 3001) in September 2009 by Danish Standards.
Read the rest of this entry »

Applying the ISO 27005 risk management standard


ISO 27005, issued in 2008, filled a noticeable gap in the ISO 27000 series of standards. The standard is officially titled ISO/IEC 27005.2008, “Information technology — Security techniques — Information security risk management.”

Read the rest of this entry »

New ISO 31000 risk management standard receives good early reviews


Two months after its debut, reviewers pretty much agree that ISO 31000 lives up to its billing as a good generic, process-oriented risk management framework that addresses myriad forms of risk across many industries. The question is, do you need it?

Read the rest of this entry »

A short tour of business continuity management standards: How we got here and where we are goin


This article summarizes standards for business continuity over the past decade.

Read the rest of this entry »

BS 25999: key issues to address for certification


BS 25999‐2 (Part 2 ‐ the Specification) was issued in November 2007. Since that time many organizations have been certified and UKAS (the United Kingdom Accreditation Service) has been assessing the audits undertaken by certification bodies as part of its process towards accrediting these bodies in respect of BS 25999.

Read the rest of this entry »

Opinion: Why is DRI Speaking Out Against Organizational Certification?


Over the last few months, DRI (Disaster Recovery Institute International) has spent a lot of time spreading a message of caution with regard to organizational certification.

Read the rest of this entry »

Dust Explosion Safety Video and OSHA Combustible Dust Standard


CSB Releases New Safety Video, “Inferno: Dust Explosion at Imperial Sugar”

The U.S. Chemical Safety Board (CSB) has released a new nine-minute safety video on the combustible dust explosion at the Imperial Sugar refinery in Port Wentworth, Georgia, which claimed the lives of 14 workers, injured 36, and caused extensive property damage on February 7, 2008.
Read the rest of this entry »

Contingency Planning Guide for Federal Information Systems (Draft)


On Oct. 27, 2009, the National Institute of Standards and Technology (NIST) Information Technology Laboratory (ITL) Computer Security Division (CSD) published Special Publication (SP) 800-34 Revision (Rev) 1, “DRAFT Contingency Planning Guide for Federal Information Systems” and requested comments from readers by Jan. 6, 2010.

Read the rest of this entry »

DHS Announces Intent to Adopt BSI’s Preparedness Standard


BS 25999 is a business continuity management standard developed by British Standards Institution and is used by businesses globally. The U.S. Department of Homeland Security (DHS) has announced its intent to adopt BS 25999 (which comes in two parts) on a trial basis as one of three standards for use in the Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep).

Read the rest of this entry »

10 Tips Towards BS25999 Certification


A word of advice before applying for BS25999-2 certification

Read the rest of this entry »

International Standards: Public comments requested on Australian and New Zealand business continuity management standard


Standards New Zealand is asking for public comments to be made about the draft Australian and New Zealand business continuity management standard,  AS/NZS 5050:2009 parts 1-3.

Read the rest of this entry »