An Update on TC 223 and ISO 22301

Posted on August 11, 2011 by Brian Zawada

Online Exclusive – as published on drj.com | Updated June 2012

[EDITOR'S NOTE – Brian Zawada is a member of the US Technical Advisory Group to ISO Technical Committee 223. Zawada participated in the 2011 and 2012 meetings as a member of Working Group 4, the team charged with developing ISO 22301, 22313 and 22323.]

There are numerous articles and conversations currently taking place regarding ISO 22301 and ISO Technical Committee (TC) 223 in general – some based on fact, but many based on assumption and rumor. So, what’s the real story on ISO 22301 and the work being performed related to societal security?

The purpose of this article is to provide updated information to help business continuity professionals better understand the ISO TC 223 standards development efforts underway and when to expect final work product that can help your organization better prepare for disruption. Continue reading →

Are We Okay?

Posted on July 11, 2011 by Brian Zawada

As Published in the May/June 2011 Issue of Continuity Insights Magazine

When executives called you the day after the earthquake in Japan, could you answer that question?

On Friday, March 11, 2011, at 7:30a.m. EST, the Chief Operations Officer (COO) of a Fortune 500 company called the director of business continuity and asked a simple question: “Are we okay?” After waking up and watching the news, he saw the devastation in Japan resulting from a powerful earthquake, as well as the tsunami warnings throughout the Pacific including the U.S. mainland.

Admittedly, the business continuity director–despite the organization’s operations on the West Coast and numerous suppliers in Japan–hadn’t thought about preparing a response to such a question because the company is headquartered in the Atlanta area. He was out of harm’s way–but the organization wasn’t. Continue reading →

Data Breaches On Deck for Federal Oversight (Again)

Posted on June 27, 2011 by Christopher Burton

In December 2009, my perspective titled “Data Breaches: A Sidewalk Sale of Consumer and Personal Information” detailed the financial, reputational and regulatory implications surrounding a data breach occurrence. Since then, little has changed (other than the fact that the term “data breach” is now commonplace throughout workplaces and households due the continuous increase of breaches worldwide). Organizations around the world ranging from US Bank and Outback Steakhouse to the U.S. Air Force and Sony have experienced (or are currently experiencing) a data breach and the headache of breach notification. Despite numerous attempts to implement federal data breach notification legislation, little has been done on a national level to streamline the process.

This perspective highlights the data breach notification process and how recent legislation proposed by the Obama Administration is hoping to consolidate dozens of diverse state breach notification regulations into one integrated national plan. Continue reading →

Cloud Computing: Questions Continuity Professionals Should Ask

Posted on April 13, 2011 by Robert Giffin

Everyone seems to be talking about “the cloud” these days. Unfortunately, that is a REALLY broad term! So, let’s take a closer look at what “the cloud” really means, and then examine some key questions that continuity professionals should ask both their organization and cloud provider when the topic of cloud-based applications and recovery comes up. Continue reading →

Business Continuity: Now Required at Most Hedge Funds

Posted on March 11, 2011 by Ross Ladley

Business Continuity planning is no longer just a best practice for hedge funds, as the Securities and Exchange Commission (SEC) now requires most hedge funds to maintain up to date business continuity programs. This article explains the new regulatory mandates and describes a recommended approach that hedge funds can employ to not only meet the spirit and intent of new SEC requirements, but also begin building toward business continuity readiness. Continue reading →

Are You a Zealot?

Posted on February 28, 2011 by Robert Giffin

As published in the Summer 2010 Issue of the Disaster Recovery Journal – Volume 23, Number 3.

As business continuity professionals, we are often asked to “lead the charge” in establishing a business continuity capability throughout our organization. It’s a task we take seriously because we know the result should we fail. We’ve studied everything from hurricanes and fires to workplace violence and pandemics. However, in our passion for business continuity, it’s very easy to lose sight of what we’re trying to protect: an organization that must take risks to deliver value to its stakeholders. Continue reading →

The Basics of ISO 31000 – Risk Management

Posted on January 19, 2011 by Glen Bricker

After approval by the ISO member bodies, the ISO Technical Management Board Working Group on risk management released ISO 31000:2009, Risk Management – Principles and Guidelines in November of 2009. The authors designed the standard to be applicable for any organization and any risk type, but, unlike the familiar ISO quality standards, ISO 31000 is not certifiable.

For those familiar with the AS/NZS 4360:2004 standard on risk management, this ISO standard should be easily recognizable. With the exception of wording changes, ISO 31000 is essentially the same standard. Continue reading →

The Death of All Hazards Planning?

Posted on December 20, 2010 by Christopher Burton

As published in the Summer 2010 Issue of the Disaster Recovery Journal – Volume 23, Number 3.

The time has come for business continuity to evolve beyond the idea of “all hazards” planning and deal directly with the core causes of business interruptions. This article details an approach that takes everything you loved about all hazards planning and enhances it with detailed procedures focused on the resources that your organization cares about most. Continue reading →

BP: Ushering in a Risk Conscious World

Posted on September 30, 2010 by Ross Ladley

In the time following the Macondo (BP) well blowout, the world watched a true disaster unfold. As the days turned into weeks, then weeks into months, and even after BP finally stopped the flow of oil into the gulf, disgust remains on the minds of many because of one simple fact: the disaster appears – by most accounts – to have been totally preventable. Continue reading →

The Intersection of Business Continuity and Data Breach Preparedness

Posted on August 13, 2010 by Brian Zawada

The assertion that data breach prevention and preparedness is strictly an information technology security issue could not be further from the truth. Proper planning for, and response to, a data breach event requires a multi-faceted approach, with participation from diverse elements of the organization. Although an IT Security department may be an obvious choice to lead the development of data breach incident planning, business continuity professionals possess an array of preparedness approaches, processes, skills, information and relationships that could contribute to the development of appropriate levels of preparedness to respond to this type of crisis. Furthermore, as business continuity professionals continue to seek new areas in which they can add value, data breach is an excellent opportunity.

This article presents the business case as to why business continuity professionals need to learn about this unique threat and how they can add value to the planning effort. Continue reading →

Avalution Perspectives

Avalution's Perspective on Business Continuity

Category Archives: Risk Management