January 21, 2009
These NewsBriefs are produced and delivered weekly by
Attainium to keep our friends and clients
current on topics relating to Business Continuity, Disaster Recovery and Crisis Management.
Every business needs a continuity plan, and there are a number of standards, laws, and regulations
governing the development and maintenance of those plans. This week, we have provided links to some
of these laws and standards, as well as a couple of articles about their implications. The first four
items will introduce some of these standards and laws:
Item #1. Title IX of Public Law 110-53
Item #2. NFPA 1600: Standard on Disaster/Emergency Management and Business Continuity Programs
Item #3. BS25999: Code of Practice for Business Continuity Management
Item #4. ISO/PAS 22399:2007 - Guideline for incident preparedness and operational continuity management
Item #5 discusses the specific implications of Title IX of Public Law 110-53, comparing it to Sarbanes Oxley for the masses.
Item #6 is a case study of a company that applied business continuity and disaster recovery standards through a certified program.
As always, we look forward to hearing about your concerns
with regards to business continuity. If you have a topic
you'd like to see covered, please email me at
[email protected]
Best Regards,
Bob Mellinger
President
Attainium Corp
Quote of the Week
"Studies that were done show that even in Europe and the United States,
50 percent of companies that were surveyed showed that
they weren't in a readiness state in terms of business continuity."
- John DiMaria -
product manager for business continuity for the American arm of BSI
Articles
1. Title IX of Public Law 110-53
The legislation was signed into law on August 3, 2007. It is entitled ''Implementing Recommendations
of the 9/11 Commission Act of 2007,'' but it is not just about counter-terrorism and national security.
Title IX of Public Law 110-53 calls for the creation of a new program targeted at "all-hazards" business
emergency preparedness and continuity.
http://www.pachamber.org/www/conferences/presentations/0812/Title_IX_of_Public_Law_110.pdf
2. NFPA (National Fire Protection Association) 1600:
Standard on Disaster/Emergency Management and Business Continuity Programs
NFPA 1600 is one of NFPA's most widely implemented standards. The standard establishes a common set
of criteria that sets a foundation for disaster management, emergency management, and business continuity
programs using a total program approach. Organizations and parties responsible for developing such programs
will benefit from information on emergency management, prevention, mitigation, preparedness, response, recovery,
and business continuity.
http://www.nfpa.org/newsReleaseDetails.asp?categoryid=488&itemId=33516
More than 115,000 copies have been downloaded from NFPA's Web site since 2004. Download the current standard free at:
http://www.nfpa.org/assets/files//PDF/NFPA1600.pdf
3. BS25999: Code of Practice for Business Continuity Management
BS25999 is a standard that establishes the process, principles and terminology of business continuity
management. The standard deals with broad goals and is therefore non prescriptive so as to make it applicable
to small and large business and local or global organizations. The standard may be downloaded at the link below.
http://www.bs25999.com/bs25999/1-what-is-bs25999
4. ISO/PAS 22399:2007 (from the International Organization for Standardization)
Guideline for incident preparedness and operational continuity management
ISO/PAS 22399:2007 provides general guidance for an organization - private, governmental, and non-governmental
organizations - to develop its own specific performance criteria for incident preparedness and operational continuity,
and design an appropriate management system. It also enables the organization to measure its resilience in a consistent
and recognized manner. Read the complete abstract and download the guideline here:
http://www.iso.org/iso/iso_catalogue/catalogue_tc/catalogue_detail.htm?csnumber=50295
5. The next Sarbanes Oxley for 7 million businesses: Look for your letter from DHS
The Department of Homeland Security is currently rolling out enforcement of Public Law 110-53, Title IX
requiring all public and private businesses to have continuity plan with independent third party certification.
This law represents the potential to create a Sarbanes Oxley level of commitment and expense for all businesses.
DHS began contacting 7 million business in Sept. 2008.
http://www.glgroup.com/News/The-next-Sarbanes-Oxley-for-7-million-businesses--Look-for-your-letter-from-DHS-27291.html
6. Can Business Continuity Standards Help Your Business?
This case study on Repligen, a pharmaceutical company, takes a close look at the benefits and costs
of applying business continuity and disaster recovery standards through a certified program. One expert
in the field argues that companies should go slow with this process and examine all costs associated with
it before deciding on a competing standard. Certifications are a business, but real cost benefits can come
in the form of customer loyalty and more efficient auditing, as well as streamlining business continuity processes.
http://www.baselinemag.com/c/a/Infrastructure/Can-Business-Continuity-Standards-Help-Your-Business/
|
