regulation

Business Continuity Forum Support guidance 25999 standards 

The US Commodity Future Trading Commission is proposing to introduce new regulations affecting Business Continuity and Disaster Recovery, based on an expected standard for Designated Contract Markets and the associated Derivative Clearing Organisations. The CFTC has recommended that rule changes be put in place requiring both DCM’s and DCO’s to harden measures that aim to prevent wide scale disruption to Commodity trading arising from an event. 

Business Continuity Forum

The Financial Reporting Council has released its updated corporate governance code which builds and clarifies the responsibility on Listed companies.

The new code applies from 29 June 2010 and applies to those with a Premium Listing regardless of whether they are incorporated in the UK or elsewhere.

BSI British Standard  BS 25777 for Information and Communications Technology continuity management.

Following on from the development of BS25999 BSI has announced a complimentary standard aimed at detailing good practice at the ICT level, BS25777 for ICT Continuity.

ICT continuity management, a key part of the overall business continuity management (BCM) process of an organization, ensures that ICT services are resilient and in the event of disaster, can be recovered within timescales agreed with senior management.

Among the resolutions filed by an increasingly activist shareholding community, none has yet centred on a company’s failure to address business continuity planning.

However, consultants and security experts believe it is only a matter of time before proxy votes are applied to corporate performance on business continuity.

Taking Decisions about Evacuation during a Chemical Incident

From a Business Continuity or Emergency Planning perspective is it better to evacuate people in the vicinity of a serious chemical fire or should they remain where they are?

A study* comparing the health outcomes in sheltered and evacuated populations after a chemical fire suggests that there are health advantages in people sheltering rather than evacuating. The study is published in the BMJ and was based on a real incident in 1999. It involved collaboration between public health staff at a local health authority and national health experts (now at Bristol University and the Health Protection Agency).

A view on SOX and the BC Process

In a recent interesting piece by Dr Eric Schmidt of TDS Inc. he explores some of the background of the Sarbanes Oxley and looks at the implications it has for Organisations affected and specifically the impact on Business Continuity Practitioners. He argues persuasively that regulatory initiatives and world events are driving the convergence of business continuity, security and information management under the umbrella of enterprise risk management, sometimes referred to as global assurance.

Business Continuity Management BCM - EVENT - Regulation - Advice

Regulation - Basle II, Sarbanes Oxley, Companies Act and BS25999

The Continuity Forum is pleased to announce an event focused on Regulation and its impact on BCM. This event provides access to advice from leading experts in their fields, as well as valuable support and insight on the issues affecting your organisation.

Information  could have been used to clone credit cards

Police are investigating reports that an Indian call centre worker sold the bank account details of 1,000 UK customers to an undercover reporter.
The Sun claims one of its journalists bought the personal details from an IT worker in Delhi for £4.25 each.

They included account holders' secret passwords, addresses, phone numbers and passport details, it reports.

City of London Police has begun an investigation after being handed a dossier by the newspaper.

While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare City of London Police

The centre worker reportedly told the Sun he could sell up to 200,000 account details each month.

Details handed to the reporter had been examined by a security expert who had indicated they were genuine, the paper said.

The information passed on could have been used to raid the accounts of victims or to clone credit cards.

'Reflect on decision'

More than one bank is thought to be involved in the fraud.

A police spokeswoman said officers were not yet aware of "the breadth of what we are going to be investigating".

"While the allegations made in the dossier are very serious, City of London Police would like to remind people that incidents of this kind are still relatively rare," she said.

The Amicus union said it had warned of the "data protection implications" of offshoring financial services.

"Companies that have offshore jobs need to reflect on their decision and the assumption that cost savings benefiting them and their shareholders outweigh consumer confidentiality and confidence," senior finance officer Dave Fleming said.

Continuity Forum Comment

In the past few months we have seen an increased media focus on the security of Electronic Banking Systems with both TV and Print news sources citing alarming lapses in the procedures followed.

While technology can go a long way to 'secure' information there remains for many the issue of the 'insider'.

Whilst a lot of time and money is spent combating external Security threats it appears as though there is still some way to go to protect the organisation and its stakeholders from the actions of someone on the 'inside'. Whatever the motivation, Greed or Revenge, the threat posed can be far greater both in financial terms and in damage to the Reputation of the organisation.

To help you consider the risks to your organisation we have listed below some of the common characteristics of the 'insider' below:

Insider Characteristics

The majority of the insiders were former employees.

• At the time of the incident, 59% of the insiders were former employees or contractors of the affected organizations and 41% were current employees or contractors.

• The former employees or contractors left their positions for a variety of reasons. These included the insiders being fired (48%), resigning (38%), and being laid off (7%). Most insiders were either previously or currently employed full-time in a technical position within the organization.

• Most of the insiders (77%) were full-time employees of the affected organizations, either before or during the incidents. Eight percent of the insiders worked part-time, and an additional 8% had been hired as contractors or consultants. Two (4%) of the insiders worked as temporary employees, and one (2%) was hired as a subcontractor.

• Eighty-six percent of the insiders were employed in technical positions, which included system administrators (38%), programmers (21%), engineers (14%), and IT specialists (14%). Of the insiders not holding technical positions, 10% were employed in a professional position, which included, among others, insiders employed as editors, managers, and auditors. An additional two insiders (4%) worked in service positions, both of whom worked as customer service representatives.

Insiders were demographically varied with regard to age, racial and ethnic background, gender, and marital status.

• The insiders ranged in age from 17 to 60 years (mean age = 32 years) and represented a variety of racial and ethnic backgrounds.

• Ninety-six percent of the insiders were male.

• Forty-nine percent of the insiders were married at the time of the incident, while 45% were single, having never married, and 4% were divorced.

• Thirty percent of the insiders had been arrested previously, including arrests for violent offences (18%), alcohol or drug related offences (11%), and nonfinancial/
fraud related theft offences (11%).

Organization Characteristics

The incidents affected organizations in the following critical infrastructure sectors:

• banking and finance (8%)

• continuity of government (16%)

• defence industrial base (2%)

• food (4%)

• information and telecommunications (63%)

• postal and shipping (2%)

• public health (4%)

In all, 82% of the affected organizations were in private industry, while 16% were government entities. Sixty-three percent of the organizations engaged in domestic activity only, 2% engaged in international activity only, and 35% engaged in activity both domestically and internationally.

Below we have outlined some of the effects on the organisation:

Consequences for Targeted Organizations

Key Findings

• Insider activities caused organizations financial losses, negative impacts to their
business operations and damage to their reputations.

• Incidents affected the organizations’ data, systems/networks, and components.

• Various aspects of organizations were targeted for sabotage by the insider.

• In addition to harming the organizations, the insiders caused harm to specific
individuals.

Supporting Data

Eighty-one percent of the organizations experienced a negative financial impact as a
result of the insiders’ activities. The losses ranged from a reported low of $500 to a
reported high of “tens of millions of dollars.” The chart below represents the percentage
of organizations experiencing financial losses within broad categories.
Percentage of Organizations Financial Loss

For the full 45 page Report or to comment on this piece please mail us HERE! or call Russell Price directly on +44 (0) 208 993 1599.

The Government remains on track to bring the bulk of the duties in Part 1 of the Act fully into force in November 2005.

Business continuity and disaster recovery fundamentals are strong in Singapore because of its: Strategic geographical location - Free from natural disasters such as earthquakes and typhoons, Singapore is well known as a major financial, transportation and infocomm hub, and is home to more than 7,000 multinational corporations. Many use it as a launch pad to expand into the region.