An Update on TC 223 and ISO 22301

Online Exclusive – as published on drj.com  | Updated June 2012

[EDITOR’S NOTE – Brian Zawada is a member of the US Technical Advisory Group to ISO Technical Committee 223. Zawada participated in the 2011 and 2012 meetings as a member of Working Group 4, the team charged with developing ISO 22301, 22313 and 22323.]

There are numerous articles and conversations currently taking place regarding ISO 22301 and ISO Technical Committee (TC) 223 in general – some based on fact, but many based on assumption and rumor. So, what’s the real story on ISO 22301 and the work being performed related to societal security?

The purpose of this article is to provide updated information to help business continuity professionals better understand the ISO TC 223 standards development efforts underway and when to expect final work product that can help your organization better prepare for disruption. Continue reading

Key Skills a Business Continuity Professional Must Have or Obtain: 2011 and Beyond

As with most things in life, one should expect that some business continuity professionals are, and will continue to be, more effective in their role than others. But, why? What skills and attributes determine who will and won’t be most effective?

Based on our work with hundreds of business continuity professionals around the world, we’ve identified the top ten attributes – organized in no particular order – that increase the likelihood of being successful in a preparedness-related role. Continue reading

Are We Okay?

As Published in the May/June 2011 Issue of Continuity Insights Magazine

When executives called you the day after the earthquake in Japan, could you answer that question?

On Friday, March 11, 2011, at 7:30a.m. EST, the Chief Operations Officer (COO) of a Fortune 500 company called the director of business continuity and asked a simple question: “Are we okay?” After waking up and watching the news, he saw the devastation in Japan resulting from a powerful earthquake, as well as the tsunami warnings throughout the Pacific including the U.S. mainland.

Admittedly, the business continuity director–despite the organization’s operations on the West Coast and numerous suppliers in Japan–hadn’t thought about preparing a response to such a question because the company is headquartered in the Atlanta area. He was out of harm’s way–but the organization wasn’t. Continue reading

Is a Questionnaire-Based Approach to the Business Impact Analysis the Best Approach?

BIA perspectiveWe often receive requests for proposals (RFPs) to perform a business impact analysis (BIA) – some dictating the preferred approach, some leaving it open. A recent RFP requested a consultant-executed BIA (and did not dictate the desired approach), but the use of consultants was eliminated due to budgetary constraints. As a result, they began the process to internally build and administer a questionnaire-based BIA approach. Why? They thought this approach would be more efficient when compared to an interview-based data gathering effort, thus preserving the internal team’s time to perform other activities.

The key question is this – is a questionnaire-based approach more efficient and what are the possible drawbacks? This perspective explores this issue and summarizes the pros and cons associated with the exclusive use of questionnaires versus an interview-based data gathering approach. Continue reading

Turning Standards into Features

standards into featuresAs Published in the January/February 2011 Issue of Continuity Insights Magazine

A few weeks ago, I walked into my favorite electronics store with the objective of finding a new television. I had a general idea of what I wanted (I spent an hour or so researching televisions), as well as a general budget in mind. Right away, I found four flat-screen televisions that seemed to align with my needs, all of which met my budget. Then I saw a fifth option, but it was 20 percent more than what I wanted to spend. So, I called my wife to “sell” her on it. My pitch went something like this Continue reading

The Intersection of Business Continuity and Data Breach Preparedness

Intersection PerspectiveThe assertion that data breach prevention and preparedness is strictly an information technology security issue could not be further from the truth.  Proper planning for, and response to, a data breach event requires a multi-faceted approach, with participation from diverse elements of the organization.  Although an IT Security department may be an obvious choice to lead the development of data breach incident planning, business continuity professionals possess an array of preparedness approaches, processes, skills, information and relationships that could contribute to the development of appropriate levels of preparedness to respond to this type of crisis.  Furthermore, as business continuity professionals continue to seek new areas in which they can add value, data breach is an excellent opportunity.

This article presents the business case as to why business continuity professionals need to learn about this unique threat and how they can add value to the planning effort. Continue reading

A Word from YOUR Business Continuity Sponsor…

Word from SponsorSenior-level sponsors of business continuity programs have spoken, and here’s what they wish you’d do…

As Published in the July/August 2010 Issue of Continuity Insights Magazine

“It’s the economy. Business continuity isn’t a priority this year. I don’t know why our steering committee meetings are no longer attended. I’m not sure why my budget was cut beyond those of other departments. Why did my program experience a staffing reduction twice that of other areas in the business?”

The preceding comments and questions are frequently communicated by business continuity managers who may not have a program aligned to the strategic needs of the organization or who are not meeting the expectations of the program sponsor. Continue reading

Great Ideas: The Top Five Questions to Ask Your Critical Suppliers

QuestionsAs Published in the March/April 2010 Issue of Continuity Insights Magazine

It seems as though a growing number of organizations are finally getting around to assessing their critical suppliers’ business continuity capabilities.

The most common approach used to perform this activity is a survey. Unfortunately, surveys often go unanswered, especially long ones. And in many cases, survey questions are written in such a way as to be open to interpretation.

Considering ever-present time and resource constraints, it is essential that surveys – or even interviews – be streamlined. And here’s how to do just that. Continue reading

PS-Prep – Myth or Fact

PS-PrepHaving attended a number of conferences recently – many of which were focused on topics other than business continuity and disaster recovery – I’ve found that the amount of discussion regarding PS-PREP has increased substantially over the past 2+ years. In addition, as more and more professionals and organizational disciplines are being made aware of PS-PREP-related developments, concern and skepticism increases. And, unfortunately, because of the unknowns that remain – as well as the raw emotion on display by those adamantly opposed to this effort – few people walk away from presentations understanding what this effort is all about. The purpose of this article is to not only describe what PS-PREP is today and where we think it’s headed, but most importantly, to dispel (or possibly confirm) some of the rumors out there that may be getting in the way of organizations carefully evaluating the possible benefit that may result. Continue reading