Those candidates who successfully pass the BCI Certificate are entitled to use the post-nominal credential of CBCI – they are not members of the Business Continuity Institute but are expected to uphold the Code of Practice and Ethics. CBCIs will have the opportunity to be placed on a register of those holding this credential (an annual fee is payable). They will also be invited to apply for professional membership of the Business Continuity Institute if they are able to demonstrate sufficient practical application of their knowledge. Professional membership grades include AMBCI, SBCI, and MBCI.
After successful payment, your information will be filled out towards the CBCI Application. This form requires basic demographic information, details about prior work history in Business Continuity Management, and the provision of 2 referees. A current resume is also required to submit the application.
Once submitted, an Education Consultant will contact you within 4 working days, usually sooner, to provide you an authorization to test letter, which will include a link for you to choose a venue date and time.
The examination (English language) consists of 120 multiple choice questions which the candidate will have 2 hours to complete.
What happens after the examination?
At the end of examination all candidates should receive an immediate confirmation notice that their answers have been submitted by for marking. This confirmation will show where results will be sent – please check this for accuracy.
Results should be available within 4 to 6 weeks after the examination and will be mailed to the address shown on the confirmation notice. Under no circumstances will scores or pass/fail information be released over the phone.
Email support@bccmanagement.com to help you book your exam.
OTTAWA OPERATION CENTER OC
MAILING ADDRESS
P.O BOX 42054
RPO ST LAURENT
OTTAWA, ON, K1K 4L8
CANADA
Tel: +1.800.961.7592
Fax: +1.613.248.5149
TORONTO HEAD OFFICE HO
4915 BATHURST STREET, UNIT # 209-338
TORONTO, ON, M2R 1X9
CANADA
Tel: +1.800.961.7592
Middle East Regional Office
P.O.Box 116-5108
Beirut -Lebanon
Tel: +961.7061.9274
Fax: +961.923.2406
ttp://lebanon.bccmanagement.com
Categories: 27002-2005 · BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999 · BS 25999-1:2006 · BS 25999-2:2007 · BS25999 CERTIFICATION PROCESS · BS25999-2:2007 · BSI BS25999 CERTIFICATION PROCESS · British Standards Institution · Business Continuity Assessment · Business Continuity Institute · Business Continuity Institutes · Business Continuity MENA · Business Continuity Management · Business Continuity Training · Business Continuity beirut · Business Continuity certification · Business Continuity certifications · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Business Continuity training Lebanon · Business Continuity training beirut · Disaster Recovery · Disaster Recovery planning · I.t · Middle East and north africa · Security · University · Workforce Continuity · X Business Continuity Trainin · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity certification process · business continuity exam · business continuity exam process · business continuity middle east · business continuity mina · business continuity plan Lebanon · business continuity plan middle east · business continuity planning Lebanon · business continuity strategy · business strategy · computer · continuity central · continuity planning · continuitycentral.com · counter · iec 27002-2005 · information security · iso 27002-2005 · iso iec 27002-2005 · it · it continuity · middle east · middle east north africa · network · networking · pandemic · partnership · poll · press release · securing Microsoft · securing Microsoft Windows · securing Microsoft Windows Business environment · securing Microsoft Windows environment · securing Windows · swine flu · thebci.org · virus
Tagged: antivirus, Availability Risk, BCCMANAGEMENT, BCM, BCP, BIA, Business Continuity, Business Continuity certification, business continuity certification process, Business Continuity certifications, business continuity exam, business continuity exam process, Business Continuity Institute, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, confiker, Contingency Planning, Continuity of Operations, COOP, IT Disaster Recovery, it security, middle east, Operational Risk Management, Pandemic Planning, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, survey business continuity, tourism crisis, Workforce Continuity
Technology alone will not solve the IT security problem.
Technology is an important part, but only a part of a comprehensive information security solution. Equally important is the development of an information security policy for your company, an assessment of your current situation, and training for all users and process owners.
Securing the internal network is as important as securing the external network (ex-employees, contractors, temporary personnel, fired employees, Viruses …)
Also never think that Security incidents won’t happen in your organization, no matter how big or small you are, because it does and once it hits it hits hard.
It is a must that the technical implementation is actually drafted from a policy not just on the ground only.
Security is part of an organization internal process never to be outsourced, Technical capabilities can be found outside but the process should be owned by the organization only.
Below are some 20 steps to consider for securing your Information Technology, Microsoft Windows Business environment:
One man do it all should not exist in your organization, small or big since it is a serious threat.
One man show was a phenomenon and is becoming more since the economy recession and this may lead to the organizations depending on one single person to do the Security/IT administration job and the High potential risk of losing him and its consequence on the job and security aspect. (Retirement, Firing, Resignation or Sudden Death)
Lock down your workstations and Network
Don’t Allow End Users and Administrators to Log On as Administrator
Create an alternative account non administrator for administrators, to do the daily work and when admin privileges is needed use the RunAs Feature, the application will run in administrator account privileges.
Disable Booting from CD, USB and everything else but the Primary Hard Disk, and put a password on the Bios.
With that in place no change can be done, or any trials of booting from alternative.
Rename the Administrator and Other Highly Privileged accounts, first thing a virus tries is to get admin privileges using the administrator account and trying passwords and if it is renamed with a strong password then it is 100 % Safe
Defeat Password Crackers Enable password complexity in your environment no matter what.
And enabled password lockout (be careful Viruses e.g.: Conficker.C) Disable LM hashing. And enable NTLM version 2 and run (LC 4 to test Cracking SAM)
Strengthen Windows Services.
Disable un-necessary service e.g. telephony or schedules.
Define the log on as a services accounts as a GPO.
Change Standard ports for Example SQL Server.
Work on NTFS permission for users files and important executable
And be careful on the registry it is an important part of security which you must secure, Firstly if it is possible to stop remote registry access, and always deny non admin user to have write on it.
Run Firewall, antivirus, spyware on local Workstation and on networks for example internet/email gateway (in case the antivirus on the Workstation is outdated or disabled) have different brands make sure you antivirus can’t be disabled or killed.
Separate the external network from the internal, using DMZ; never Ever publish any service directly to internet from the internal network.
Patch, Patch and Patch
Nothing more important as patching as an organization you need a patch management solution, there is plenty in the market for Example Windows SUS which comes for free.
Others such as SMS, GFI, Shavlik.
Get a remote access solution, in case there is a need for it or in case a disaster hit and no accessibility to the premises.
Get and Have an effective backup/Restore solution, Test Backups Frequently, and don’t forget to integrate it to the policy.
Disable FTP access to the outside world.
Invest in your network:
Get network firewalls (from layer 1 to layers 7 today’s viruses are on all layers) for VPN/IPSec Tunnels and segregation of network (VLANS)
Get web and email filters but an intrusion prevention system.
And not forgetting someone dedicated to look at the logs otherwise all the investment is thrown away
Also encrypt tunnels or data if you have more than one branch, never send clear data and never presume it is safe.
Lock, Log and protect the IT Server Room/Data Centre (theft, Fire, breaking, leakage)
Clustering Alone is not enough using Data replication where adequate also. Since Clustering only protects application failure not data.
Do periodic external checks using Nesuss or any other product just to see if you are exposed to the outside world.
Be careful of SNMP Components to change the password never leave them to defaults since a virus/technical person can issue command to shut them down or unauthorized access to the components can happen, which may lead to undesirable events.
Have all your employees acknowledge formally the IT/Security Policies and procedures.
Wireless:
Be careful from wireless Networks if they are configured wrongly.
Always have them behind a firewall; always use high encryption and never use static password connect them to a Radius server or any other password mechanism for ultimate security.
About BCCManagement:
We’ve been in Business since 2006, we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States.
Also, we published numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
In 2009 BCCManagement has done a corporate partnership with Business Continuity Institute BCI to Bring It’s Client the state of the art Business Continuity practice.
Categories: 27002-2005 · BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999 · BS 25999-1:2006 · BS 25999-2:2007 · BS25999-2:2007 · BSI BS25999 CERTIFICATION PROCESS · British Standards Institution · I.t · Middle East and north africa · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bs25999 · iec 27002-2005 · information security · iso 27002-2005 · iso iec 27002-2005 · it continuity · it security · middle east · middle east north africa · securing Microsoft · securing Microsoft Windows · securing Microsoft Windows Business environment · securing Microsoft Windows environment · securing Windows
Tagged: 20 steps for securing, BCCMANAGEMENT, BCCMANAGEMENT.COM, Business Continuity, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, confiker, Contingency Planning, Continuity of Operations, IT Disaster Recovery, it security, Microsoft Windows Business environment, middle east, Operational Risk Management, Recovery Planning, Resiliency, Risk Assessment, securing it, securing Microsoft, securing Microsoft Windows, securing Microsoft Windows Business environment, securing Windows, securing your Information Technology, securing your IT, survey business continuity
BCC Management Canada – Lebanon, Is proud to present Business Continuity Training in Lebanon on October 5-6 2009 in Radisson Hotel – Beirut Lebanon.
Recommended Participants:
::: Business Continuity Managers
::: MIS / I.T Managers
::: Project Managers
::: Head of Operations
::: Audit Professionals
::: Internal and External Auditors
::: Financial Controllers
::: Risk Manager
::: IT Security Manager
Objectives:
The Objective of this course is to facilitate the
participants to understand the Business
Continuity concept.
The Course Content will cover 5 major processes
as endorsed by the Business Continuity Institute BCI.
::: Understand your business
::: BCM Strategies
::: Developing a BCM Response
::: Developing a BCM Culture
::: Exercising, Maintenance & audit
::: Understanding compliance requirement regarding Basel ii, BDL.
ISO 27002 and BS 25999
Outcome of the Course:
::: Understanding of the di�fferent standards
(BS 25999 and ISO 27002)
::: Understand how BCM works towards your organization
::: Understand the Benefit of Business Continuity Management
::: Understanding how to be an accredited certi�cation
Material Provided:
::: Workshop Manual
::: Support documents & Solutions for exercises (ON CD)
::: Course certi�ficate
::: BCM Case Studies (ON CD)
Registration:
Price: 530 USD
Includes:
::: Lunch
::: Free Internet Available
To Download the registration form :
lebanon.bccmanagement.com/ or
lebanon.bccmanagement.com/registration.doc
Email it to info@bccmanagement.com
Or Fax it to +961.9.232406
http://www.facebook.com/event.php?eid=160537960405&ref=mf
http://events.linkedin.com/Business-Continuity-Training-LEBANON/pub/120404
About BCCManagement:
We’ve been in Business since 2006, we have participated in several related International Conferences
and seminars held in many countries including Canada, United Kingdom, and the United States.
Also, we published numerous Business Continuity studies and articles in renowned magazines and international
websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
In 2009 BCCManagement has done a corporate partnership with Business Continuity Institute BCI to Bring It’s Client the state of the art Business Continuity practice.
Categories: 27002-2005 · BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999 · BS 25999-1:2006 · BS 25999-2:2007 · BS25999 CERTIFICATION PROCESS · BS25999-2:2007 · BSI BS25999 CERTIFICATION PROCESS · British Standards Institution · Business Continuity · Business Continuity MENA · Business Continuity Training · Business Continuity beirut · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Business Continuity training Lebanon · Business Continuity training beirut · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity Lebanon · business continuity middle east · business continuity mina · business continuity plan Lebanon · business continuity plan middle east · business continuity planning Lebanon · business continuity planning middle east
Tagged: survey business continuity, Backup and Recovery, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Crisis Management, Data Protection, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Pandemic Planning, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, Workforce Continuity, business, middle east, financial crisis, crisis, Business Continuity, tourism crisis, tourism, DSP, Dubai strategic plan, strategic plan, confiker, virus, antivirus, it security, BCCMANAGEMENT, Business Continuity Institute, business continuity Lebanon, Banque du liban, Business Continuity Training, Business Continuity training Lebanon, Business Continuity Trainin, Business Continuity beirut, muhammad ghazali, muhammad ghazali wasati, muhammad wasati, mohammad ghazali, mohammad ghazali wasati, mohammad wasati, disaster recovery institute, drii, dri
ISO 27002:2005
Information technology — Security techniques — Code of practice for information security management
ISO/IEC 27002 part of a growing family of ISO/IEC ISMS standards, the ‘ISO/IEC 27000 series’ is an information security standard published by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) as ISO/IEC 17799:2005 and subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line with the other ISO/IEC 27000-series standards. It is entitled Information technology – Security techniques – Code of practice for information security management. The current standard is a revision of the version first published by ISO/IEC in 2000, which was a word-for-word copy of the British Standard (BS) 7799-1:1999.
ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad:
the preservation of confidentiality (ensuring that information is accessible only to those authorised to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorised users have access to information and associated assets when required).
Contents
Outline of the Standard
After the introductory sections, the standard contains the following twelve main sections:
1. Risk assessment
2. Security policy – management direction
3. Organization of information security – governance of information security
4. Asset management – inventory and classification of information assets
5. Human resources security – security aspects for employees joining, moving and leaving an organization
6. Physical and environmental security – protection of the computer facilities
7. Communications and operations management – management of technical security controls in systems and networks
8. Access control – restriction of access rights to networks, systems, applications, functions and data
9. Information systems acquisition, development and maintenance – building security into applications
10. Information security incident management – anticipating and responding appropriately to information security breaches
11. Business continuity management – protecting, maintaining and recovering business-critical processes and systems
12. Compliance – ensuring conformance with information security policies, standards, laws and regulations
Within each section, information security controls and their objectives are specified and outlined. The information security controls are generally regarded as best practice means of achieving those objectives. For each of the controls, implementation guidance is provided. Specific controls are not mandated since:
1. Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances. The introduction section outlines a risk assessment process although there are more specific standards covering this area such as ISO/IEC 27005.
2. It is practically impossible to list all conceivable controls in a general purpose standard. Industry-specific implementation guidelines for ISO/IEC 27001 and ‘27002 are anticipated to give advice tailored to organizations in the telecomms, financial services, healthcare and other industries.
The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.
References:
Wikipedia.org
iso.org
About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.
For More info:
Business Continuity Consultancy and Management
info@bccmanagement.com http://www.bccmanagement.com
North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada
Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon
Our Partners:
Categories: 27002-2005 · BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999 · BS 25999-1:2006 · BS 25999-2:2007 · BS25999 CERTIFICATION PROCESS · BS25999-2:2007 · BSI BS25999 CERTIFICATION PROCESS · BSI-GLOBAL · British Standards Institution · Business Continuity · Business Continuity Assessment · Business Continuity Institute · Business Continuity Institutes · Business Continuity Management · Business Continuity certification · Business Continuity certifications · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Disaster Recovery · Disaster Recovery plan · Disaster Recovery planning · I.t · Middle East and north africa · Security · University · Workforce Continuity · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity Lebanon · business continuity middle east · business continuity mina · business continuity plan Lebanon · business continuity plan middle east · business continuity planning Lebanon · business continuity planning middle east · business continuity strategy · business strategy · computer · continuity central · continuity planning · continuitycentral.com · counter · iec 27002-2005 · information security · iso 27002-2005 · iso iec 27002-2005 · it · it continuity · it security · mena · middle east · middle east north africa · network · networking · pandemic · partnership · poll · press release · swine flu · thebci.org · virus
Tagged: survey business continuity, Availability Risk, Backup and Recovery, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Contingency Planning, Continuity of Operations, COOP, Crisis Management, Data Protection, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Operational Risk Management, Pandemic Planning, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, Workforce Continuity, business, financial crisis, crisis, Business Continuity, tourism crisis, tourism, UAE, DSP, Dubai strategic plan, strategic plan, confiker, virus, antivirus, BCCMANAGEMENT, business continuity plan, ISO 27002:2005, ISO 27002, ISO27002:2005, ISO27002, SO/IEC 27002, SO/IEC27002, SO/IEC 27002:2005, mena, Middle East and north africa, middle east north africa
Business Continuity Consultancy and Management (BCCManagement) is delighted to announce its presence in the Middle East.
Business Continuity Management:
Is about anticipating the events or circumstances that could hinder the running of a business, and planning to make sure that the business responds swiftly and continue to function in the event of an emergency. A business continuity plan sets out clear roles and responsibilities, for example those assigned to manage all liaison with customers, employees and the emergency services. It lists a series of contingencies that enable key business activities to continue in the most difficult circumstances.
Some examples of threats to a business are:
• A vital computer system or telecom is unavailable.
• Critical process machinery is damaged.
• Loss of key employees due to sudden death, illness.
• Bomb/Terrorism threat.
• Natural disasters such as tornadoes, floods, earthquakes and fire.
• Pandemics.
• The building, or part of the building, or office, cannot be accessed, and.
• Suppliers are unable to deliver.
What BCCManagement can offer you?
• A full Study for Business Continuity Planning.
• Review existing Business Continuity Plans.
• Business impact analysis.
• I.T Disaster Recovery, Information Technology Solutions.
• Review of disaster recovery plans.
• Awareness and Training.
• Compliance with BS25999.
• I.T Security Consultancy.
• Data Replication Solutions.
• SMS Emergency Notification System
About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published
numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.
BCC Management Has partnered with Different Associations and Vendors and professional bodies to being its customers Value added services.
BCI partnership:
Was launched in 2007 to enable organizations to work with the Business Continuity Institute to deliver the overall BCI mission of: Promoting the art and science of business continuity management worldwide.
The Corporate partnership aims to achieve the highest standards of BCM practice Corporate Excellence in Business Continuity Management.
-Bronze level partnership with Business Continuity institutes BCI
-Strategic Golden partnership with Business Continuity ME – BCME
-Disaster Recovery institutes Exchange – DRIE
-Continuity Forum
-Business Continuity software Provider
-Online Data Disk Storage and backup
**Ask For our free analysis on the current Business Continuity status of your organization.
For More info:
Business Continuity Consultancy and Management info@bccmanagement.com http://www.bccmanagement.com
North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada
Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon
Categories: 27002-2005 · BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999 · BS 25999-1:2006 · BS 25999-2:2007 · BS25999 CERTIFICATION PROCESS · BS25999-2:2007 · BSI BS25999 CERTIFICATION PROCESS · BSI-GLOBAL · British Standards Institution · Business Continuity · Business Continuity Assessment · Business Continuity Institute · Business Continuity Institutes · Business Continuity Management · Business Continuity certification · Business Continuity certifications · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Disaster Recovery · Disaster Recovery plan · Disaster Recovery planning · I.t · Security · University · Workforce Continuity · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity Lebanon · business continuity middle east · business continuity mina · business continuity plan Lebanon · business continuity plan middle east · business continuity planning Lebanon · business continuity planning middle east · business continuity strategy · business strategy · computer · continuity central · continuity planning · continuitycentral.com · iec 27002-2005 · information security · iso 27002-2005 · iso iec 27002-2005 · it · it continuity · it security · mena · middle east · middle east north africa · network · networking · pandemic · partnership · poll · press release · swine flu · thebci.org · virus
Tagged: survey business continuity, Availability Risk, Backup and Recovery, BCM, BCP, BIA, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, Continuity of Operations, COOP, Crisis Management, Data Protection, Disaster Recovery, Emergency Notification, Emergency Preparedness, Incident Management, IT Disaster Recovery, Mass Notification, Operational Risk Management, Recovery Planning, Recovery Plans, Workforce Continuity, business, middle east, financial crisis, Business Continuity, tourism crisis, tourism, UAE, DSP, Dubai strategic plan, strategic plan, virus, antivirus, it security, it, BCCMANAGEMENT, business continuity middle east, business continuity Lebanon, business continuity plan, business continuity plan middle east, business continuity planning middle east, business continuity plan Lebanon, business continuity planning Lebanon, Banque du liban, Banque du liban circulaire 123, Banque du liban 123, Banque du liban business continuity plan, Banque du liban business continuity planning, iso iec 27002-2005, iso 27002-2005, iec 27002-2005, 27002-2005
BCCManagement.com Highlights the BSI BS25999 CERTIFICATION PROCESS
TAKING THE NEXT STEP:
ACCORDING TO BSI-GLOBAL
Initial Assessment
Stage 1
The following aspects will be covered:
Review of the organization’s BCMS documentation
High level evaluation of the organization’s readiness
Stage 2 assessment Review the organization’s understanding of the
requirements of the standard Understanding of the proposed scope of the stage 2 assessment
Review and confirm the resources needed for the stage 2 assessment
Plan the stage 2 assessment
Ensure that Management Reviews and audit/self assessments are being planned and performed Any areas deemed not in compliance will be raised as nonconformities and must be cleared and approved by the
lead auditor prior to moving into the Stage 2 phase of the
certification audit.
Stage 2
The purpose of the stage 2 audit is to evaluate the
implementation, including effectiveness, of the
organization’s BCMS.
This phase is carried out using the process audit approach.
Unlike a checklist approach, the audit approach assesses
all processes included in the scope of operation and all linked
processes to ensure effectiveness and consistency. This will
include interviews with the stakeholders, gathering of
objective evidence (procedures, reports and test results)
and evaluating those findings against the standard.
Any areas deemed not in compliance and/or effective will
be raised as nonconformities and must be cleared and
approved by the lead auditor prior to being recommended
for certification.
Surveillance Audit
The first surveillance visit is typically planned to take place
yearly after the date of the stage 2 audit.
BSI will perform periodic monitoring audits of the certified
organization’s BCMS. Typically, an organization may be
visited for such an audit once a year. The purpose of these
monitoring audits is to verify the certified organization’s
continued compliance with certification requirements.
Surveillance audits typically cover critical activities that ensure
continuous improvement and effectiveness such as:
Management review and audits/self assessments
Review of actions taken on nonconformities from previous audits
Effectiveness of the BCMS
Progress of planned activities aimed at continual improvement
Verifying the effective interaction among all BCMS elements
Continuing operational control
Review of any changes
Use of marks and any other reference to certification
Verifying a demonstrated commitment by the organization
to maintaining the BCMS effectiveness
Reassessment
The purpose of the reassessment audit is to confirm the
continued conformity and effectiveness of the BCMS and
its continued relevance and applicability for the scope of
certification. The reassessment audit will typically include
the following aspects:
The effectiveness of the BCMS in its entirety in the light of
internal and external changes and applicability to the
scope of certification.
Demonstrated commitment to maintain the effectiveness
and improvement of the BCMS in order to enhance overall
performance.
Whether the operation of the certified BCMS contributes to
the achievement of the organizations policy and objectives.
All steps noted are typical accepted practice based on ISO 17021
and subject to revision at anytime.
Any areas deemed not in
compliance and/or effective will
be raised as nonconformities and
must be cleared and approved by
the lead auditor prior to being
recommended for certification.
BSI Management Systems How to deploy BS 25999
CONCLUSIONS
BS 25999 establishes the processes, principles and
terminology to address business continuity and availability
risk. It also provides a comprehensive set of controls based on
industry leading practices that help organizations develop,
implement, maintain and mature business continuity
processes. The standard can be used as a framework so that
those organizations without a BCMS can efficiently establish
a workable program, and those that already have a program
can ensure it meets best practices where applicable.
The growing consensus regarding BS 25999, combined with
the opportunity to become certified in its use, provides
unparalleled benefits to companies of all sizes whose
customers rely on their products and services
Reference:
BSI Global
Categories: BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999 · BS 25999-1:2006 · BS 25999-2:2007 · BS25999 CERTIFICATION PROCESS · BS25999-2:2007 · BSI BS25999 CERTIFICATION PROCESS · BSI-GLOBAL · British Standards Institution · Business Continuity · Business Continuity Assessment · Business Continuity Institute · Business Continuity Institutes · Business Continuity Management · Business Continuity certification · Business Continuity certifications · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Disaster Recovery · I.t · Security · University · Workforce Continuity · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity middle east · business continuity mina · business continuity strategy · business strategy · computer · continuity central · continuity planning · continuitycentral.com · information security · it · it continuity · it security · mena · middle east · middle east north africa · network · networking · pandemic · partnership · press release · swine flu · thebci.org · virus
Tagged: Availability Risk, Backup and Recovery, BCCMANAGEMENT, BCCMANAGEMENT.COM, BCM, BCP, BIA, BS 25999, bs 25999-1, BS 25999-1:2006, bs 25999-2, BS 25999-2:2007, bs25999, BS25999 CERTIFICATION PROCESS, BSI BS25999 CERTIFICATION PROCESS, BSI-GLOBAL, business, Business Continuity, Business Continuity Assessment, Business Continuity certifications, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, confiker, Contingency Planning, Continuity of Operations, crisis, Crisis Management, Data Protection, Disaster Recovery, DSP, Dubai strategic plan, Emergency Notification, Emergency Preparedness, financial crisis, Incident Management, IT Disaster Recovery, it security, Mass Notification, middle east, Operational Risk Management, Recovery Planning, Recovery Plans, Resiliency, Risk Assessment, strategic plan, survey business continuity, virus, Workforce Continuity
Business Continuity Consultancy and Management (BCCManagement) is delighted to announce that a Corporate Partnership has been formed with The Business Continuity Institutes (BCI) to bring its customers the practice of the highest standards of Business Continuity Management (BCM).
BCI partnership:
Was launched in 2007 to enable organizations to work with the Business Continuity Institute to deliver the overall BCI mission of: Promoting the art and science of business continuity management worldwide.
Corporate partnership aims to achieve the highest standards of BCM practice Corporate Excellence in Business Continuity Management
http://www.bcipartnership.com/
Business Continuity Management:
Is about anticipating the events or circumstances that could hinder the running of a business, and planning to make sure that the business responds swiftly and continue to function in the event of an emergency. A business continuity plan sets out clear roles and responsibilities, for example those assigned to manage all liaison with customers, employees and the emergency services. It lists a series of contingencies that enable key business activities to continue in the most difficult circumstances.
Some examples of threats to a business are:
• A vital computer system or telecom is unavailable.
• Critical process machinery is damaged.
• Loss of key employees due to sudden death, illness.
• Bomb/Terrorism threat.
• Natural disasters such as tornadoes, floods, earthquakes and fire.
• Pandemics.
• The building, or part of the building, or office, cannot be accessed, and.
• Suppliers are unable to deliver.
What BCCManagement can offer you?
• A full Study for Business Continuity Planning.
• Review existing Business Continuity Plans.
• Business impact analysis.
• I.T Disaster Recovery, Information Technology Solutions.
• Review of disaster recovery plans.
• Awareness and Training.
• Compliance with BS25999.
• I.T Security Consultancy.
• Data Replication Solutions.
• SMS Emergency Notification System
About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published
numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.
**Ask For our free analysis on the current Business Continuity status of your organization.
For More info:
Business Continuity Consultancy and Management info@bccmanagement.com http://www.bccmanagement.com
North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada
Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon
vtey2faukx
Categories: BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · Business Continuity · Business Continuity Institute · Business Continuity Institutes · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Disaster Recovery · I.t · Security · University · Workforce Continuity · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity middle east · business continuity mina · business continuity strategy · business strategy · computer · continuity planning · information security · it · it continuity · it security · mena · middle east · network · networking · pandemic · partnership · press release · swine flu · thebci.org · virus
Tagged: antivirus, Availability Risk, Backup and Recovery, BCI, bci partnership, BCM, BCP, BIA, business, Business Continuity, Business Continuity Institute, business continuity institute partnership, business continuity middle east, business continuity mina, business continuity strategy, business strategy, press release, thebci.org
Pandemic (H1N1) 2009 briefing note 2
WHO recommendations on pandemic (H1N1) 2009 vaccines
13 JULY 2009 | GENEVA — On 7 July 2009, the Strategic Advisory Group of Experts (SAGE) on Immunization held an extraordinary meeting in Geneva to discuss issues and make recommendations related to vaccine for the pandemic (H1N1) 2009.
SAGE reviewed the current pandemic situation, the current status of seasonal vaccine production and potential A(H1N1) vaccine production capacity, and considered potential options for vaccine use.
The experts identified three different objectives that countries could adopt as part of their pandemic vaccination strategy:
* protect the integrity of the health-care system and the country’s critical infrastructure;
* reduce morbidity and mortality; and
* reduce transmission of the pandemic virus within communities.
Countries could use a variety of vaccine deployment strategies to reach these objectives but any strategy should reflect the country’s epidemiological situation, resources and ability to access vaccine, to implement vaccination campaigns in the targeted groups, and to use other non-vaccine mitigation measures.
Although the severity of the pandemic is currently considered to be moderate with most patients experiencing uncomplicated, self-limited illness, some groups such as pregnant women and persons with asthma and other chronic conditions such as morbid obesity appear to be at increased risk for severe disease and death from infection.
Since the spread of the pandemic virus is considered unstoppable, vaccine will be needed in all countries. SAGE emphasized the importance of striving to achieve equity among countries to access vaccines developed in response to the pandemic (H1N1) 2009
The following recommendations were provided to the WHO Director-General:
* All countries should immunize their health-care workers as a first priority to protect the essential health infrastructure. As vaccines available initially will not be sufficient, a step-wise approach to vaccinate particular groups may be considered. SAGE suggested the following groups for consideration, noting that countries need to determine their order of priority based on country-specific conditions: pregnant women; those aged above 6 months with one of several chronic medical conditions; healthy young adults of 15 to 49 years of age; healthy children; healthy adults of 50 to 64 years of age; and healthy adults of 65 years of age and above.
* Since new technologies are involved in the production of some pandemic vaccines, which have not yet been extensively evaluated for their safety in certain population groups, it is very important to implement post-marketing surveillance of the highest possible quality. In addition, rapid sharing of the results of immunogenicity and post-marketing safety and effectiveness studies among the international community will be essential for allowing countries to make necessary adjustments to their vaccination policies.
* In view of the anticipated limited vaccine availability at global level and the potential need to protect against “drifted” strains of virus, SAGE recommended that promoting production and use of vaccines such as those that are formulated with oil-in-water adjuvants and live attenuated influenza vaccines was important.
* As most of the production of the seasonal vaccine for the 2009-2010 influenza season in the northern hemisphere is almost complete and is therefore unlikely to affect production of pandemic vaccine, SAGE did not consider that there was a need to recommend a “switch” from seasonal to pandemic vaccine production.
WHO Director-General Dr Margaret Chan endorsed the above recommendations on 11 July 2009, recognizing that they were well adapted to the current pandemic situation. She also noted that the recommendations will need to be changed if and when new evidence become available.
SAGE was established by the WHO Director-General in 1999 as the principal advisory group to WHO for vaccines and immunization. It comprises 15 members who serve in their personal capacity and represent a broad range of disciplines from around the world in the fields such as epidemiology, public health, vaccinology, paediatrics, internal medicine, infectious diseases, immunology, drug regulation, programme management, immunization delivery, and health-care administration.
Additional participants in the SAGE meeting included members of the ad hoc policy advisory working group on influenza A(H1N1) vaccine, chairs of the regional technical advisory groups and external experts. Observers included industry representatives and regulators who did not take part in the recommendation process in order to avoid conflicts of interest.
RELATED LINKS
Strategic Advisory Group of Experts (SAGE) on Immunization
Pandemic (H1N1) 2009: full coverage
WHO
Categories: Uncategorized
Maximum Tolerable Period of Disruption MTPOD
The standard BS 25999 [1]requires the dependencies of critical activities to be identified (other activities, assets, resources, suppliers and outsource partners).
BS 25999-2, 20 Nov. 2007 Section 4 says that the goal of a Business Impact Analysis BIA is to “determine the impact of any disruption of the activities that support the organization’s key products and services.”
A key aspect of determining the impact of a disruption is identifying what BS 25999 calls the “Maximum Tolerable Period of Disruption,” or MTPOD.
BS 25999 defines MTPOD as the “duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed.”
MTPOD is just a useful metric that determines how much unavailability you can stand before everything crashes and burns and can’t be put back together again.
A corrigendum by Jacque Rupert for BS 25999’,Maximum Tolerable Period of Disruption, which was approved on June 9th 2009 by [[3]]BSI’s BCM/1 standard development committee.
MTPOD is the maximum amount of time that an enterprise’s key products or services can be unavailable or undeliverable before its stakeholders see unacceptable consequences.
BCC management BCCManagement.com has been in business since 2006. It specializes in business continuity, disaster recovery planning, and strategic reviews of conceptual plans. www.BCCManagement.com
References:
2. ^ http://www.bsi-global.com/
1. ^ http://www.continuitycentral.com/feature0675.html
1. ^ http://www.continuitycentral.com/feature0677.html
1. ^ http://www.bccmanagement.com/mtpod.html
1. ^ http://e-janco.com
1. ^ http://en.wikipedia.org/wiki/BS_25999
1. ^ http://en.wikipedia.org/wiki/BSI_Group
1. ^ http://en.wikipedia.org/wiki/Maximum_Tolerable_Period_of_Disruption
Further reading
BS 25999-1:2006 Business Continuity Management Part 1 – [[4]]British Standards Institution
BS 25999-2:2007 Business Continuity Management Part 2 – [[5]]British Standards Institution
Categories: BCCMANAGEMENT · BCCMANAGEMENT.COM · BCI · BS 25999-2:2007 · Business Continuity · Business Continuity Institute · Business Continuity Institutes · Business Continuity Management · Business Continuity partnership · Business Continuity press realease · Business Continuity press release · Disaster Recovery · I.t · Security · University · Workforce Continuity · bcc management · bccmanagement partnership bci · bccmanagement partnership with bci · bci partnership · bs25999 · business continuity middle east · business continuity mina · business continuity strategy · business strategy · computer · continuity planning · continuitycentral.com · information security · it · it continuity · it security · mena · middle east · network · networking · pandemic · partnership · press release · swine flu · thebci.org · virus
Tagged: antivirus, Backup and Recovery, BCM, BCP, BIA, British Standards Institution, BS 25999-1:2006, BS 25999-2:2007, BSI, BSI 25999, BSI 25999-1, BSI 25999-2, BSI25999, BSI25999-1, BSI25999-2, business, Business Continuity, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, confiker, Contingency Planning, Continuity of Operations, continuitycentral.com, COOP, crisis, Crisis Management, Disaster Recovery, Dubai strategic plan, it, IT Disaster Recovery, it security, Mass Notification, Maximum Tolerable Period of Disruption, middle east, mtpod, Pandemic Planning, Recovery Planning, Recovery Plans, Risk Assessment, strategic plan, survey business continuity, tourism, tourism crisis, UAE, virus, Workforce Continuity
Top 10 IT Disaster Considerations
Today’s businesses are growing and they share two common criteria’s,
Information Technology Systems,Broader National/International presence
Being in business, you need to be online 24×7x226 a higher business continuity requirement, why other offices overseas or in another state need to be affected in case you are down; today an IT disaster recovery Plan is a must.
The IT Disaster Recovery plan, have everything, from the who, the where the what, to keeping a copy of the Disaster Recovery updated and off site. But some of the below points sometimes are either
forgotten or bypassed.
Here is the list, of what to have/needs to be done, before a disaster hit.
1. Always have spare disks in recovery site for your servers and for your SAN. Because during a
disaster, a lot of power failures, and lower voltage may play a roles is killing the disks, and even
if your supplier SLA is less then X hours, he might not be able to access his ware house.
2. Power regulator, during a disaster, electricity voltage plays a lot, and it can lead to burning the
power supplies of all your machines.
3. A cluster of COOLING SYSTEMS is a must in case one set failed, the other set will pick up, be
careful of the circuit breakers , have an effective monitoring system, to alert the evolved parties with an “S” because it proved the S in plural will work.
4. A clustered UPS in case the primary fails the second will pick up, add in some extra batteries for
long autonomy in case of battery failures or Fails in A disaster
5. Telecom interference should be thought of.
6. Redundant Internet supplier, and also think of Satellite communications
7. Fuel for power generators, should be stored safely , but a bit far away from the recovery centre,
in case something happened to them and they started burning that they don’t affect you
recovery center, and also take a closer look on the design of the fuel tanks and asks yourself
what happens if the tank burns will it affect the other tanks, think of a Separated clustered fuel
tanks supply
8. Be careful of having your recovery centre in a busy neighborhood/building, very close by petrol
stations or HAZ/MAT and other high risk factors, for example you are located in the 16th floor
and a fire hit in the 14th floor, “ where would all the smoke go, will I be affected, do they have
efficient fire fighting procedure etc….
9. Check your supplier/vendor if he has a BC plans and if he will support you in case a major
disaster/such as a hurricane or War etc and do they have an out of state presence near the
affected area.
10. Employees: because IT can’t run by itself one of your major risks are: the human element, train
and rotate people in your IT environment, just in case the bad happens.
info@BCCManagement.com
www.bccmanagement.com
Categories: BCCMANAGEMENT · BCCMANAGEMENT.COM · Business Continuity · Disaster Recovery · I.t · Security · Workforce Continuity · bcc management · bs25999 · computer · continuity planning · information security · it · it continuity · it security · mena · middle east · network · networking · pandemic · virus
Tagged: antivirus, Availability Risk, Backup and Recovery, BCM, BCP, BIA, business, Business Continuity, Business Continuity Management, Business Continuity Planning, Business Impact Analysis, Business Resiliency, confiker, Contingency Planning, Continuity of Operations, COOP, crisis, Crisis Management, Dubai strategic plan, Emergency Notification, Emergency Preparedness, Incident Management, it, IT Disaster Recovery, it security, Mass Notification, middle east, Operational Risk Management, Pandemic Planning, Risk Assessment, strategic plan, survey business continuity, tourism crisis, UAE, virus, Workforce Continuity
