News

The London Cyberspace Conference

 
International leaders from government and business are meeting in London to discuss cyberspace and how to manage its risks. The UK Foreign Secretary, William Hague, will welcomes participants form around the world including US Secretary of State Hillary Clinton, Swedish Foreign Minister Carl Bildt, and Jimmy Wales, the founder of Wikipedia.
 
Criminals are exploiting the growth of cyberspace. They are using it to extort money, steal identities, ideas and designs, defraud government departments and businesses, as well as exploit the most vulnerable in our societies, particularly children. The annual cost of cyber crime to the global economy could be as much as $1 trillion.

BSI launch new Crisis Management Standard with the Cabinet Office

 

BSI Crisis Management. Guidance and Good PracticeThe Cabinet Office and the British Standards Institution are today launching a new crisis management standard to help businesses cope with unexpected emergencies like civil unrest, employee deaths, corporate espionage or natural disaster.

The standard – known technically as PAS 200 – advises organisations on the kind of capabilities they need to develop and maintain in order to detect, prepare and respond to a crisis.  

Phase 2 Consultation of Civil Contingencies Act

After two years the revision of the Civil Contingencies Act (CCA) through the Enhancement Programme (EP) is nearing completion with the final consultations closing on 27th September 2011.  
 
The Enhancement Programme to the Civil Contingencies Act covers most areas of the legislation and has been split into phases. The phase has delivered updates centred primarily on Emergency Response and Recovery across the country and builds on the lessons learnt since the introduction of the Act. Clarification and updates have also been made on Good Practice Guidance, Mutual Aid and the fit with other legislation. (Summary of Phase One work)   
 
The work continues with consultation on the changes proposed in the following areas: 
 
Co-operation
Local Responder Risk Assessment Duty
Business Continuity Management
Communicating with the Public
Business Continuity Advice and Assistance to Business and the Voluntary Sector);
Arrangements for London
 
If you have yet to review these changes to the Act time is running out. You can use the links below to see and comment on the changes proposed.  
 
The Continuity Forum welcomes the revision process, particularly the aligning of Business Continuity arrangements with the British Standard BS25999 that we feel the revisions significantly clarify the expectations of the Act within all Category One and Two Responders. Another Major plus for the revised Act are the expectations relating to communications which we feel is a major step forward, providing greater clarity and removing much of the ambiguity that previously existed. It is clear to us that the CCA team has worked hard to a balanced review that provides flexibility in delivering appropriate solutions and processes, whilst maintaining clear direction on the expectations of the Act.    
 
The alignment with BS25999 is of particular importance to the sector and our communities as the Civil Contingencies Act preceded the launch of the Standard. Whilst many of those within the sector had aligned with BS25999 principles the now revisions make this expectation far clearer. We would hope that those planing in Category One and Two organisations will quickly move to assess and adapt their planning to meet this expectation, in particular the aspects that address their supply chain. Many BCM professionals working within organisations covered by the CCA have found this area to be a difficult area to address with management and has led to numerous avoidable problems.     
 
One area that we feel may need to be strengthened is the verification and audit of of the Business Continuity arrangements in place. Whilst we accept that some aspects of the BCM capabilities within Category One organisations may need a degree of adaption (and indeed BS25999 allows for this) this should not undermine the intent of either the Act or BS25999. Consequently, we would to see a condition added to justify variance from the standard.  This would not undermine the flexibility of either the Act or standard, but would result in evidence for the need to vary from accepted Good Practice to be justified more clearly. We also feel that a little more focus should be given to the audit and assessment of the plans developed and deployed as could be argued as fundamental to delivery of value from the investment being made. 
 
With regards to Category Two responders, we feel that the regulators for these sectors need to pay far more attention to the Business Continuity arrangements developed by the companies they are responsible for regulating and should demand similar levels of detail and regular updates. The Continuity Forum is working in this area and we are hoping to meet with the primary regulators shortly to discuss this issue further.        
 
Links to more information is shown below: (Opens in new window)
 
In a change to previous consultations, those wishing to comment are asked to submit their comments, via a dedicated on-line survey. The link is HERE!
   
If preferred, paper based comments will be accepted and a template can be requested from ccact@cabinet-office.x.gsi.gov.uk
 
Final versions of the revised Act are expected to be complete in early Spring 2012. 
 
If you have any questions or would like to discuss the Civil Contingencies Act in more detail please do get in touch.
 

 

 

Getting Started Events Continuity Forum

 
Getting Started with Business Continuity - Events
Getting started with Business Continuity, Risk and Resilience
 
The Continuity Forum has built a special series of education events designed to get your planning off to the right start and help you and your colleagues develop the right skills as your planning develops and matures.
 
Our approach is to break down the whole Business Continuity Management Cycle into manageable chunks that help ensure the lessons learned can be applied between sessions.
 

ICM shares data on the causes of BCM plan invocation

ICM Business Continuity has released figures showing the causes of customer invocations from January through to June 2011. 
 
Out of 58 events 42 where related to hardware with 15 attributed to other causes including seven down to power issues and two instances each of Flooding, Fire and Data Corruption. There was even one denial of Access event.
 

Updated Counter Terrorism Strategy announced

The government has completed its review of the CONTEST Strategy designed to fight the threat of terrorism across the UK and the international interests of the country.

The changes have been made to continue to reflect risks posed by terrorists. The four strands of the approach cover:

Pursue: to stop terrorist attacks

Prevent: to stop people from becoming terrorists or supporting terrorism

Protect: to strengthen our protection against terrorist attack

Prepare: where an attack cannot be stopped, to mitigate its impact

Business Continuity Awards - 2011

 
The CIR Business Continuity awards dinner was held last night at the Hilton Park Lane Hotel. 
 
The winners were:
 

VSAT launched in the South West

 
The Continuity Forum was delighted to once again be working with our colleagues at NaTSCO, Dorset Police and the Counter Terrorism Intelligence unit at this weeks South West Regional launch of the Vulnerability Self Assessment Toolkit (VSAT). The launch was held for around 100 people and included many of the areas leading employers. 
 

MIR3 advises checking Preparedness & DR Plans ahead of Hurricane Season

 
Hurricane season approaches, MIR3 checklist helps Business Continuity Planners prepareWith the 2011 hurricane season set to officially begin June 1, MIR3, the innovator of real-time Intelligent Notification™ and response technology, is urging employers to review their current business continuity and disaster recovery (BC/DR) plans to keep employees safe and operations running should a hurricane or tropical storm hit.
 
 
According to the Colorado State University forecast team, the 2011 hurricane season is anticipated to be an above average season, with 16 named tropical storms and nine hurricanes likely to form in the Atlantic basin, with five expected to develop into major hurricanes of Category 3 or higher. Employers with staff along the eastern and Gulf coasts of the Atlantic must prepare for risks associated with these storms that can negatively impact business operations including mass power outages, property damage and potential harm to employees.
 

BCM and the Cloud lessons from experience

 
A relatively simple and entirely repeatable human error led to the failure of one of the most respected and reliable Cloud Computing providers, Amazon.
 
Despite having Business Continuity Plans, the resulting collapse left 1,000's of customers and millions of users unable to access a wide variety of Websites causing millions to be lost.
 
Some forecasters are already saying that the EC2 failure will slow the growth of Cloud Computing, with companies concentrating rather more on private Cloud options, rather commit to Public Clouds.   
 

Commons Transport Select Committee reports on winter travel chaos

 
Snow causes massive disruption across the UK The Commons Transport Select Committee has issued its report on last year's snow chaos that shut Heathrow airport and disabled significant parts of the rail network.
 
Many roads including motorways were badly affected and it is reported that £280 million was lost to the UK economy each day.
 

Are rules to tighten over data protection and Business Continuity?

 
In a move that may well impact on all Business Continuity and IT Security departments the European Vice President responsible for Justice is calling for the introduction of rules forcing banks, e.commerce businesses, social networking sites and others who hold confidential data to tell customers as soon as there has been a data security breach.
 
Viviane Reding was previously responsible as an EU member for Information, Society and Media before taking the role of Vice-President of the European Commission, responsible for Justice, Fundamental Rights and Citizenship in February 2010.
 
In a speech centred on the need to bolster online privacy she said "trust in an 'information society' has been damaged by the recent events such as the Sony data breach". Her initiative comes at the end of a long line of data breaches that have affected not just many businesses, but also government departments, including health services and tax offices, around Europe. 
 
Viviane Reding, EU Vice President JusticeTo address the concerns raised by these events the Justice Minister is looking at toughening up data protection rules that are already in place for the telecommunications industry to include immediate notification to the regulator when Data has been compromised.
 
The Commissioner is also reviewing the possibility of introducing an enforcement arm that would be responsible for ensuring compliance with the regulations.   
 
Reding is championing the need for plans to address the digital world and the increasing reliance and embedding if technology into everyday activities. The Minister outlined 5 pillars that were needed to build proper data protection. These are: the right to have data forgotten, transparency, 'privacy by design', making firms and authorities responsible for they handle all data and independent oversight and monitoring.
 
The responsibility to protect data is already enshrined under the EU Charter of Fundamental Rights, but Reding stressed the need for this Charter principles to be supported as the pace of technology change and use brings new risks. 
 
Previous attempts to increase the regulation of Data Protection in business have failed due to the added cost burden and a lack of industry consistency on methods with the result that compliance has been been somewhat watered down. 
 
This time around it may well be different though with the challenge of ensuring business continuity, security and compliance becoming much more important for all organisations.   
 

 

 

 

Former FEMA Exec advocates all hazards approach to Business Continuity in wake of tornados

 
The dozens of tornadoes that ripped through the Southern States of the US in 2011 left 340 people dead and hundreds unaccounted for, according to the latest reports from the Associated Press.
 
In what is one of the worst natural disasters to hit the region since Hurricane Katrina in 2005, the storms have people and businesses scrambling to recover from the incredible devastation. But is it even possible for businesses and employees to prepare for a catastrophe of this scale? 
 

ISO announce new ICT security standard to improve Business Continuity resilience

ISO security standards and Business Continuity
 
 
The International Standards Organisation (ISO) has released a new set of international guidelines to help protect and ensure the security of information and communication technologies and boost Business Continuity capabilities.
 
ISO/IEC 27031:2011 is aimed at all organisations regardless of their type, size and complexity and it is hoped that through the adoption of the standard greater resilience against hacking, denial of service and malware attacks will be seen.
 

Obama orders new review of US national preparedness

Obama signs policy directive for Resilience review
 
President Barack Obama has signed a new presidential policy directive (PPD-8) thataims  to deliver a full review and consequently a more streamlined approach national preparedness policy in the US in the wake of Katrina, H1N1 and the Japan Earthquake.

Brian Kamoie, senior director for preparedness policy on the White House National Security Staff, states that many incidents were examined during the directive’s development, including the 2009 H1N1 pandemic, the Gulf of Mexico oil spill in 2010 as well as Hurricane Katrina. The federal government included 24 national associations representing a range of stakeholders and disciplines in the review of the national preparedness policy.
Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...