News

Security | Protecting Places of Worship

 
This guide is intended to give protective security advice to those who are responsible for security in places of worship. It is aimed at those places where there may be a risk of a terrorist attack either because of the nature of the place of worship or the number of people who congregate in it.
 
The guide seeks to reduce the risk of a terrorist attack and limit the damage an attack might cause. It highlights the vital part you can play in the UK counter terrorism strategy.
 

Protection for business and commercial centres

 
 
This guide is intended to give protective security advice to those who are responsible for security in commercial centres. It is aimed at those places where there may be a risk of a terrorist attack either because of the nature of the building, it's location or the number of people who work in it.
 
The guide seeks to reduce the risk of a terrorist attack and limit the damage an attack might cause. It highlights the vital part you can play in the UK counter terrorism strategy.
 
It is accepted that the concept of absolute security is almost impossible to achieve in combating the threat of terrorism, but it is possible, through the use of this guidance, to reduce the risk to as low as reasonably practicable.
 

Wonderful Career Opportunity - Emergency Planning & Business Continuity Manager

EPO & BCM Manager Falkland Islands Government
 
The Falkland Islands Government (FIG) is looking for a new colleague to join its existing team in the Emergency Services Directorate.
 
Set in the South Atlantic Ocean, the Falkland Islands benefits from a great quality of life in a safe environment, good work life balance, a strong sense of community, unique wildlife and the close proximity of South America as a holiday destination.
 
THE POST  - Emergency Planning & Business Continuity Manager 
 
An exciting opportunity has arisen within the Emergency Services Directorate for a positive and dynamic Emergency Planning and Business Continuity Manager to join the team.
 
This is a fixed contract for one year and the Directorate is keen to appoint as soon as possible.
 

*** Star Job *** Head of Incident Management & Business Continuity

 
Head of Business Continuity & Incident Management
Role: Head of Incident Management & Business Continuity
Salary: £51,203 - £58,638
Location: Bootle, Merseyside
 

Make an impact at ONR by ensuring that incidents don’t.
 
The challenge
A fast-evolving public corporation, the Office for Nuclear Regulation (ONR) is committed to shaping the future of regulation in the UK nuclear industry. As our Head of Incident Management & Business Continuity, you’ll establish a brand new framework that will support the whole organisation. It’s an exceptional opportunity to make your name in Business Continuity, Emergency Planning and Incident Management, by transforming ONR’s resilience in a vital, senior role. 
 
The role
It’s crucial that ONR can continue to perform when faced with disruption. That’s why we’ve created a new Integrated Incident Management Framework. We now need a skilled, collaborative leader to embed and manage this Framework, while co-ordinating incident response activity including crisis management and business continuity. 
 
Reporting directly to the Finance Director, you’ll lead, deliver and manage the Framework on both strategic and operational levels. That means embedding, testing and continuously improving the Framework, while ensuring it meets statutory responsibilities. You’ll also see that staff receive suitable training, so they’re equipped to act if the worst should happen. And if it does, you’ll be there to co-ordinate our response across ONR’s various teams. This is therefore a critical role, where you’ll be a central point of contact, as well as a source of expert advice for the Finance Director and the Head of Corporate Governance.   
 
The person
To drive incident management throughout the organisation, you need to be a strategic, dynamic and experienced leader. A qualified member of the Business Continuity Institute (MBCI), you’ll have wide-ranging experience across incident management, business continuity and crisis management. You’ll also bring a proven ability to implement new approaches, along with a record of cross-directorate collaboration. Articulate, influential and brimming with initiative, you’ll have the motivation to engage others and take the lead in this exciting new development.  
 
The rewards
We offer competitive salaries at the ONR, with these roles attracting a salary of £51,203 - £58,638. In addition, up to £15,000 relocation may be available. Furthermore, you’ll be eligible for a substantial Civil Service Pension scheme (including ill-health retirement and lump sum family benefits). Plus, you’ll receive a very generous holiday entitlement.
 
About Us
ONR is a Public Corporation created to ensure the highest standards of safety and security across all of the UK’s licensed nuclear sites. Our inspectors are drawn from all manner of professional backgrounds including civil engineering, radiological protection, human factors, chemical engineering, mechanical engineering and nuclear physics. And together they’re involved in everything from assessing safety cases to planned security inspections to the development and implementation of a new domestic safeguards regime. 
 
Apply
To find out more and apply, please visit our website by clicking on the link.
 
Apply for the role | Head of Business Continuity and Incident Management
 

Compliance Management | ISO 19600 review and survey

ISO - International Standards Organization
The ISO Technical Committee for ISO 19600 relating to Compliance Management is preparing to discuss whether a revision of this standard should take place and, if so, how it can be improved.
 
To support this review a survey has been developed to gain feedback from both users and non-users of the standard looking at compliance management. You can help contribute to the decision making process by providing feedback and opinion by following the link below:
 
 
The scope of ISO 19600
 
The International Standard ISO 19600:2014 Compliance management systems – Guidelines were published in 2014 as a Management System Standard. The standard does not specify requirements, but provides guidance on compliance management systems and recommended practices.
 
ISO 19600 can be used by numerous standards covering Risk, Information Technology, Business Continuity and Resilience Management to identify just a few.  The guidance it provides is intended to be adaptable, and the use of this guidance can differ depending on the size and level of maturity of an organization’s compliance management system and on the context, nature and complexity of the organizations activities, including its compliancy policy and objectives.
 
You do not need to be a user of ISO standards either as the flexibility provided through the guidance can help with other processes or management systems. ISO 19600:2014 is based on the principles of good governance, proportionality, transparency and sustainability.
 
The deadline for completing the survey is Monday 16th April 2018.
 

Consultation on review of ISO Business Continuity Standards | Urgent

URGENT | Review of ISO 22301:2012 and ISO 22313:2012 – have your say!BSI Survey | Revision of ISO 22301 & 22313 | Business Continuity

 

For standards to remain relevant and keep up with the needs of industry they need to be reviewed and updated on a regular basis and after five years the time has come for the International Standards for business continuity management to be put under the spotlight to examine whether there are any revisions or amendments required.

As part of this process we are seeking the views from the community of standards users, from auditors and those who are certified, to those who align to it. This is your chance to help ensure that both the standard specification for ISO 22301 and the guidance available in ISO 22313 are delivering what is needed for stakeholders.

Please click on this link https://www.surveymonkey.co.uk/r/ISO-22301-17 and take the short survey to assist us with understanding the appetite for amendments and revision. The survey should take less than 10 minutes and will close on the 29th August 2017.

 

NOW CLOSED 

 


Revision of ISO 31000 Risk Management Guidelines - Draft available

 
International Standard Risk Management ISO 31000 Draft ReviewISO 31000, the international standard for Risk Management - ‘Risk Management – Principles and Guidelines’ - is now available for public consultation. 
 
The decision to review ISO 31000 was taken at in Chicago in 2013 and now, 4 years later, a draft version of the proposed updates to the ISO 31000 document is available for users to see.
 
The next steps will be a review of the comments submitted that will modify the text further and then a ballot by ISO members to move to the final publication.  The next ISO meeting is being held in San Francisco in July 2017 and this suggests publication of the revised risk management standard perhaps early in 2018. 
 
The draft of the standard for review and comment is now available on the BSI Draft Review system at https://standardsdevelopment.bsigroup.com/projects/76477a8f8de94a1e1d5c675e02973077. [registration required - Closing date for comments 11th April 2017] 
 
Click to Visit and View BSI DRAFT REVIEW SYSTEM
 

Supply Chain Continuity using new ISO 22318 Guidelines

New guidance from ISO and the BSI to help companies build resilience and continuity in their supply chains PD ISO/TS 22318:2015 - Overview of new ISO Supply Chain Continuity Guidance

An Introduction by Lead author Duncan Ford MBCI

BSi has just published the UK edition of the recently released ISO Technical Specification 22318 Guidelines for Supply Chain Continuity. The title describes where this document fits in with the established BCM standards 22301 and 22313.  A technical specification is not a full standard; its purpose is to amplify not undermine the established standards.

Every organisation has a supply chain which may range from the purchase of basic resources to complex outsourcing arrangements for the delivery of a core service including both external suppliers and internal support such as the provision of IT services.  Each of these arrangements presents a risk to the organisation if it is unavailable, which needs to be properly understood and appropriate contingency measures put in place to protect against disruption of that product supply or service. 22318 provides guidelines on how to manage Supply Chain Continuity challenges.

The scope of this Technical Specification was deliberately constrained. It considers specifically the issues faced by an organisation which needs continuity of supply of products or services to protect its business activities and the continuity strategies for current suppliers which can be used to mitigate the impact of disruption.

The approach is broken into five stages which align with the requirements of BS/ISO 22301 which ensures that Supply Chain Continuity Management (SCCM) can be managed within an established BCM programme:

Ø  Policy and strategy which considers the requirement for supply chain continuity and the parameters each organisation should define to frame its approach to SCCM.

Ø  Analysis of the supply chain which draws upon the organisation’s BIA to identify critical activities or processes and focusses on identifying the particular risks and impacts to these processes arising from disruption in the associated supply chain.

Ø  Consideration of appropriate and achievable Supply Chain Continuity strategies which can help to mitigate the emerging risks and identify an approach to manage disruption.

Ø  Planning to manage a supply chain disruption event and the requirement to integrate this with BC plans.

Ø  Ongoing performance management to maintain an appropriate level of continuity management within the supply chain and deliver continuous improvement.

Effective SCCM generates its own challenges for an organisation, it may impact procurement strategies as continuity requirements may be contrary to strategies of minimising supply chain cost.  The process of analysis should bring a focus onto the pressure points, for example where a critical process is dependent on a single supplier, and allow the associated risk to the organisation to be recognised and managed.

A key approach is to encourage openness between an organisation and its critical suppliers delivering better understanding of each other’s priorities and risks and integrated continuity planning. This leads to continuous improvement and reducing risk.

SCCM is relevant to organisations of every size and type, TS 22318 focusses on a key aspect of managing the risks in the supply chain.

As an ISO document it is available as reference to support global supply arrangements helping the purchaser to define its continuity requirements to be included in contracts, monitor suppliers’ continuity provisions and be prepared to manage the impacts of disruption. The hope of the project team who worked on this document supported by the contributions from many global standards organisations is that PD ISO/TS 22318 takes another step towards improved global continuity and resilience.

To get a copy of the new Supply Chain Continuity Guidance please click here

Visit the BSI shop to get your copy of BS/ISO 22318

About the Author

 

Duncan Ford led the development for ISO TS 22318. He is a partner in Corpress LLP a consultancy working in the areas of risk, response and resilience including supply chain analysis.

For more information visit: www.corpress.uk

 

Industry Award for the Cyber Essentials scheme

 
Cyber Essentials Scheme
 
The government backed Cyber Essentials scheme has been recognised with the Editors Award from SC Magazine. The scheme was developed by BIS and CESG to help businesses put in place practical measures that have been proven to help protect against cyber risk following an extensive period of industry consultation. 
 

Managing risk, insurance and terrorism - Counting the Cost Guide

Counting the Cost 

Terrorism and other critical events, whatever their source or form, will always have social and economic consequences. This is why it is important that businesses consider how they can prevent, handle and recover from an attack, which usually arrives swiftly and unannounced.

The plans that you put in place to help you manage the risks involved can be both immediate and longer-term. Managing these risks effectively can help you to keep your business trading.

What is this guide about?

Counting the cost provides guidance and information that will help you, as a business, to protect yourself.

It will enable you to:

  • risk-assess the security and resilience needs of your business;

  • recognise threats and hazards; and

  • understand better the role of insurance.

    This guide also includes clear diagrams, easy-to-follow step-by-step help, links to useful websites and checklists. All of these will aid you in identifying your security and resilience needs. Click the image below to open the PDF file.

  •  

Counting the Cost  - NaCTSO Advice on managing risk, insurance and Counter terrorism

More help

Reading this guide in conjunction with its two sister documents – Expecting the unexpected and Secure in the knowledge – will give you the basic knowledge and skills required to protect your business.

You may also wish to read the National Counter Terrorism Security Office (NaCTSO) security guides. Please check the resource pages or visit NaCTSO here


 

UK Government to help Lawyers and Accountants protect against Cyber Attack

Department of Business, Innovation and Skills helps Lawyers and Accountants develop Cyber Risk knowledge Digital Economy Minister Ed Vaizey has announced a new free online training course to help members of the legal and accountancy professions develop the skills they need to protect themselves and their clients from cyber-attacks.
 
Developed by government and industry, the on-line training will also enable lawyers and accountants to advise their clients on the cyber risks to their business. This will help UK businesses protect themselves from information breaches and other threats that could potentially cost them millions of pounds.
 

Heartbleed, BASH and now POODLE - new SSL vulnerability discovered

POODLE Vulnerability discovered in SSL 3.0 Researchers from Google have announced the discovery of another major flaw in Web Security. It has been called POODLE and follows hot on the heels of Bash and Heartbleed. 

 

The vulnerability is rooted in SSL v3.0 that is used as part of the security framework used for encryption across the Internet. The POODLE bug makes it possible for hackers to use a ‘man in the middle’ attack to gain access to data. 

 

BSI Organizational Resilience Standard BS 65000 DPC - comment now

BS 65000 Organization Resilience Standard
 
For the past few years one of the BSI committees has been working to develop a guidance standard that can be used by organisations to better direct, inform and support their Organizations and positively impact on its resilience.
 
The Standard known as “BS 65000:2014 Guidance on organizational resilience” has challenged the author group and been through extensive revisions before finally getting to the Public comments stage. 

Another retailer suffers data theft - Morrisons payroll data stolen


Morrisons suffers data theftWm. Morrison, one of the UK's largest supermarket chains, has had the details of more than 100,000 staff stolen. While far fewer people have been affected by this data theft than in others recently reported.
 
The theft covers the payroll records of staff employed by the company and the firm has stated no customer records have been compromised.
 

BIS Cyber Hygiene Profile - CALL FOR REVIEW

BIS CYBER HYGIENE PROFILE DRAFT REVIEW - COMMENTS NEEDEDFeedback is needed from industry on the first draft of the Cyber Hygiene Profile developed by BIS and intended to identify the basic cyber controls that should be present in business.
 
The current draft can be viewed and comments submitted through the BSI’s Draft Review System and the review will close on the 16th March, 2014.
Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...