Category Archives: Workforce Continuity

Business Continuity Institute, BCI Exam Certification process.


Those candidates who successfully pass the BCI Certificate are entitled to use the post-nominal credential of CBCI – they are not members of the Business Continuity Institute but are expected to uphold the Code of Practice and Ethics. CBCIs will have the opportunity to be placed on a register of those holding this credential (an annual fee is payable). They will also be invited to apply for professional membership of the Business Continuity Institute if they are able to demonstrate sufficient practical application of their knowledge. Professional membership grades include AMBCI, SBCI, and MBCI.

After successful payment, your information will be filled out towards the CBCI Application. This form requires basic demographic information, details about prior work history in Business Continuity Management, and the provision of 2 referees. A current resume is also required to submit the application.
Once submitted, an Education Consultant will contact you within 4 working days, usually sooner, to provide you an authorization to test letter, which will include a link for you to choose a venue date and time.

The examination (English language) consists of 120 multiple choice questions which the candidate will have 2 hours to complete.

What happens after the examination?

At the end of examination all candidates should receive an immediate confirmation notice that their answers have been submitted by for marking. This confirmation will show where results will be sent – please check this for accuracy.

Results should be available within 4 to 6 weeks after the examination and will be mailed to the address shown on the confirmation notice. Under no circumstances will scores or pass/fail information be released over the phone.

Email support@bccmanagement.com to help you book your exam.

OTTAWA OPERATION CENTER OC

MAILING ADDRESS
P.O BOX 42054
RPO ST LAURENT
OTTAWA, ON, K1K 4L8
CANADA

Tel: +1.800.961.7592
Fax: +1.613.248.5149
TORONTO HEAD OFFICE HO
4915 BATHURST STREET, UNIT # 209-338
TORONTO, ON, M2R 1X9
CANADA
Tel: +1.800.961.7592

Middle East Regional Office

P.O.Box 116-5108
Beirut -Lebanon
Tel: +961.7061.9274
Fax: +961.923.2406
ttp://lebanon.bccmanagement.com

ISO 27002:2005

business continuity
ISO 27002:2005
Information technology — Security techniques — Code of practice for information security management
ISO/IEC 27002 part of a growing family of ISO/IEC ISMS standards, the ‘ISO/IEC 27000 series’ is an information security standard published by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) as ISO/IEC 17799:2005 and subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line with the other ISO/IEC 27000-series standards. It is entitled Information technology – Security techniques – Code of practice for information security management. The current standard is a revision of the version first published by ISO/IEC in 2000, which was a word-for-word copy of the British Standard (BS) 7799-1:1999.
ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad:
the preservation of confidentiality (ensuring that information is accessible only to those authorised to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorised users have access to information and associated assets when required).
Contents

Outline of the Standard
After the introductory sections, the standard contains the following twelve main sections:
1. Risk assessment
2. Security policy – management direction
3. Organization of information security – governance of information security
4. Asset management – inventory and classification of information assets
5. Human resources security – security aspects for employees joining, moving and leaving an organization
6. Physical and environmental security – protection of the computer facilities
7. Communications and operations management – management of technical security controls in systems and networks
8. Access control – restriction of access rights to networks, systems, applications, functions and data
9. Information systems acquisition, development and maintenance – building security into applications
10. Information security incident management – anticipating and responding appropriately to information security breaches
11. Business continuity management – protecting, maintaining and recovering business-critical processes and systems
12. Compliance – ensuring conformance with information security policies, standards, laws and regulations
Within each section, information security controls and their objectives are specified and outlined. The information security controls are generally regarded as best practice means of achieving those objectives. For each of the controls, implementation guidance is provided. Specific controls are not mandated since:
1. Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances. The introduction section outlines a risk assessment process although there are more specific standards covering this area such as ISO/IEC 27005.
2. It is practically impossible to list all conceivable controls in a general purpose standard. Industry-specific implementation guidelines for ISO/IEC 27001 and ‘27002 are anticipated to give advice tailored to organizations in the telecomms, financial services, healthcare and other industries.

The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.

References:
Wikipedia.org
iso.org

About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.
For More info:
Business Continuity Consultancy and Management
info@bccmanagement.com http://www.bccmanagement.com

North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada

Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon

Our Partners:
Thebci

Business Continuity Middle East Presence – BCCManagement


Business Continuity Consultancy and Management (BCCManagement) is delighted to announce its presence in the Middle East.

Business Continuity Management:
Is about anticipating the events or circumstances that could hinder the running of a business, and planning to make sure that the business responds swiftly and continue to function in the event of an emergency. A business continuity plan sets out clear roles and responsibilities, for example those assigned to manage all liaison with customers, employees and the emergency services. It lists a series of contingencies that enable key business activities to continue in the most difficult circumstances.

Some examples of threats to a business are:
• A vital computer system or telecom is unavailable.
• Critical process machinery is damaged.
• Loss of key employees due to sudden death, illness.
• Bomb/Terrorism threat.
• Natural disasters such as tornadoes, floods, earthquakes and fire.
• Pandemics.
• The building, or part of the building, or office, cannot be accessed, and.
• Suppliers are unable to deliver.

What BCCManagement can offer you?
• A full Study for Business Continuity Planning.
• Review existing Business Continuity Plans.
• Business impact analysis.
• I.T Disaster Recovery, Information Technology Solutions.
• Review of disaster recovery plans.
• Awareness and Training.
• Compliance with BS25999.
• I.T Security Consultancy.
• Data Replication Solutions.
• SMS Emergency Notification System

About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published
numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.

BCC Management Has partnered with Different Associations and Vendors and professional bodies to being its customers Value added services.

BCI partnership:
Was launched in 2007 to enable organizations to work with the Business Continuity Institute to deliver the overall BCI mission of: Promoting the art and science of business continuity management worldwide.

The Corporate partnership aims to achieve the highest standards of BCM practice Corporate Excellence in Business Continuity Management.

-Bronze level partnership with Business Continuity institutes BCI
-Strategic Golden partnership with Business Continuity ME – BCME
-Disaster Recovery institutes Exchange – DRIE
-Continuity Forum
-Business Continuity software Provider
-Online Data Disk Storage and backup

**Ask For our free analysis on the current Business Continuity status of your organization.

For More info:
Business Continuity Consultancy and Management info@bccmanagement.com http://www.bccmanagement.com
North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada
Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon

BS 25999 Business Continuity Assessment Process

BCCManagement.com Highlights the BSI BS25999 CERTIFICATION PROCESS

TAKING THE NEXT STEP:

ACCORDING TO BSI-GLOBAL

Initial Assessment

Stage 1
The following aspects will be covered:
Review of the organization’s BCMS documentation
High level evaluation of the organization’s readiness

Stage 2 assessment Review the organization’s understanding of the
requirements of the standard Understanding of the proposed scope of the stage 2 assessment
Review and confirm the resources needed for the stage 2 assessment
Plan the stage 2 assessment
Ensure that Management Reviews and audit/self assessments are being planned and performed Any areas deemed not in compliance will be raised as nonconformities and must be cleared and approved by the
lead auditor prior to moving into the Stage 2 phase of the
certification audit.

Stage 2

The purpose of the stage 2 audit is to evaluate the
implementation, including effectiveness, of the
organization’s BCMS.

This phase is carried out using the process audit approach.
Unlike a checklist approach, the audit approach assesses
all processes included in the scope of operation and all linked
processes to ensure effectiveness and consistency. This will
include interviews with the stakeholders, gathering of
objective evidence (procedures, reports and test results)
and evaluating those findings against the standard.
Any areas deemed not in compliance and/or effective will
be raised as nonconformities and must be cleared and
approved by the lead auditor prior to being recommended
for certification.

Surveillance Audit
The first surveillance visit is typically planned to take place
yearly after the date of the stage 2 audit.
BSI will perform periodic monitoring audits of the certified
organization’s BCMS. Typically, an organization may be
visited for such an audit once a year. The purpose of these
monitoring audits is to verify the certified organization’s
continued compliance with certification requirements.
Surveillance audits typically cover critical activities that ensure
continuous improvement and effectiveness such as:
Management review and audits/self assessments
Review of actions taken on nonconformities from previous audits
Effectiveness of the BCMS
Progress of planned activities aimed at continual improvement
Verifying the effective interaction among all BCMS elements
Continuing operational control

Review of any changes
Use of marks and any other reference to certification
Verifying a demonstrated commitment by the organization
to maintaining the BCMS effectiveness

Reassessment

The purpose of the reassessment audit is to confirm the
continued conformity and effectiveness of the BCMS and
its continued relevance and applicability for the scope of
certification. The reassessment audit will typically include
the following aspects:
The effectiveness of the BCMS in its entirety in the light of
internal and external changes and applicability to the
scope of certification.
Demonstrated commitment to maintain the effectiveness
and improvement of the BCMS in order to enhance overall
performance.

Whether the operation of the certified BCMS contributes to
the achievement of the organizations policy and objectives.
All steps noted are typical accepted practice based on ISO 17021
and subject to revision at anytime.

Any areas deemed not in
compliance and/or effective will
be raised as nonconformities and
must be cleared and approved by
the lead auditor prior to being
recommended for certification.

BSI Management Systems How to deploy BS 25999

CONCLUSIONS

BS 25999 establishes the processes, principles and
terminology to address business continuity and availability
risk. It also provides a comprehensive set of controls based on
industry leading practices that help organizations develop,
implement, maintain and mature business continuity
processes. The standard can be used as a framework so that
those organizations without a BCMS can efficiently establish
a workable program, and those that already have a program
can ensure it meets best practices where applicable.
The growing consensus regarding BS 25999, combined with
the opportunity to become certified in its use, provides
unparalleled benefits to companies of all sizes whose
customers rely on their products and services

Reference:
BSI Global

Business Continuity Consultancy and Management BCCManagement partnership with Business Continuity Institute BCI

Business Continuity Consultancy and Management (BCCManagement) is delighted to announce that a Corporate Partnership has been formed with The Business Continuity Institutes (BCI) to bring its customers the practice of the highest standards of Business Continuity Management (BCM).

BCI partnership:
Was launched in 2007 to enable organizations to work with the Business Continuity Institute to deliver the overall BCI mission of: Promoting the art and science of business continuity management worldwide.
Corporate partnership aims to achieve the highest standards of BCM practice Corporate Excellence in Business Continuity Management

http://www.bcipartnership.com/

Business Continuity Management:
Is about anticipating the events or circumstances that could hinder the running of a business, and planning to make sure that the business responds swiftly and continue to function in the event of an emergency. A business continuity plan sets out clear roles and responsibilities, for example those assigned to manage all liaison with customers, employees and the emergency services. It lists a series of contingencies that enable key business activities to continue in the most difficult circumstances.

Some examples of threats to a business are:
• A vital computer system or telecom is unavailable.
• Critical process machinery is damaged.
• Loss of key employees due to sudden death, illness.
• Bomb/Terrorism threat.
• Natural disasters such as tornadoes, floods, earthquakes and fire.
• Pandemics.
• The building, or part of the building, or office, cannot be accessed, and.
• Suppliers are unable to deliver.

What BCCManagement can offer you?
• A full Study for Business Continuity Planning.
• Review existing Business Continuity Plans.
• Business impact analysis.
• I.T Disaster Recovery, Information Technology Solutions.
• Review of disaster recovery plans.
• Awareness and Training.
• Compliance with BS25999.
• I.T Security Consultancy.
• Data Replication Solutions.
• SMS Emergency Notification System

About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published
numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.

**Ask For our free analysis on the current Business Continuity status of your organization.

For More info:
Business Continuity Consultancy and Management info@bccmanagement.com http://www.bccmanagement.com
North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada
Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon
business continuity institute

vtey2faukx

Maximum Tolerable Period of Disruption MTPOD

Maximum Tolerable Period of Disruption MTPOD

The standard BS 25999 [1]requires the dependencies of critical activities to be identified (other activities, assets, resources, suppliers and outsource partners).

BS 25999-2, 20 Nov. 2007 Section 4 says that the goal of a Business Impact Analysis BIA is to “determine the impact of any disruption of the activities that support the organization’s key products and services.”

A key aspect of determining the impact of a disruption is identifying what BS 25999 calls the “Maximum Tolerable Period of Disruption,” or MTPOD.

BS 25999 defines MTPOD as the “duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed.”

MTPOD is just a useful metric that determines how much unavailability you can stand before everything crashes and burns and can’t be put back together again.

A corrigendum by Jacque Rupert for BS 25999’,Maximum Tolerable Period of Disruption, which was approved on June 9th 2009 by [[3]]BSI’s BCM/1 standard development committee.

MTPOD is the maximum amount of time that an enterprise’s key products or services can be unavailable or undeliverable before its stakeholders see unacceptable consequences.

BCC management BCCManagement.com has been in business since 2006. It specializes in business continuity, disaster recovery planning, and strategic reviews of conceptual plans. http://www.BCCManagement.com

References:
2. ^ http://www.bsi-global.com/
1. ^ http://www.continuitycentral.com/feature0675.html
1. ^ http://www.continuitycentral.com/feature0677.html
1. ^ http://www.bccmanagement.com/mtpod.html
1. ^ http://e-janco.com
1. ^ http://en.wikipedia.org/wiki/BS_25999
1. ^ http://en.wikipedia.org/wiki/BSI_Group
1. ^ http://en.wikipedia.org/wiki/Maximum_Tolerable_Period_of_Disruption

Further reading

BS 25999-1:2006 Business Continuity Management Part 1 – [[4]]British Standards Institution
BS 25999-2:2007 Business Continuity Management Part 2 – [[5]]British Standards Institution

Top 10 IT Disaster Considerations

Top 10 IT Disaster Considerations

Today’s businesses are growing and they share two common criteria’s,
Information Technology Systems,Broader National/International presence

Being in business, you need to be online 24x7x226 a higher business continuity requirement, why other offices overseas or in another state need to be affected in case you are down; today an IT disaster recovery Plan is a must.

The IT Disaster Recovery plan, have everything, from the who, the where the what, to keeping a copy of the Disaster Recovery updated and off site. But some of the below points sometimes are either
forgotten or bypassed.

Here is the list, of what to have/needs to be done, before a disaster hit.

1.    Always have spare disks in recovery site for your servers and for your SAN. Because during a

disaster, a lot of power failures, and lower voltage may play a roles is killing the disks, and even
if your supplier SLA is less then X hours, he might not be able to access his ware house.
2. Power regulator, during a disaster, electricity voltage plays a lot, and it can lead to burning the
power supplies of all your machines.

3.    A cluster of COOLING SYSTEMS is a must in case one set failed, the other set will pick up, be

careful of the circuit breakers , have an effective monitoring system, to alert the evolved parties with    an “S” because it proved the S in plural will work.

4.    A clustered UPS in case the primary fails the second will pick up, add in some extra batteries for
long autonomy  in case of battery failures or Fails  in A disaster

5.    Telecom interference should be thought of.

6.    Redundant Internet supplier, and also think of Satellite communications

7.    Fuel for power generators, should be stored safely , but a bit far away from the recovery centre,
in case something happened to them and they started burning that they don’t affect you
recovery center, and also take a closer look on the design of the fuel tanks and asks yourself
what happens if the tank burns will it affect the other tanks, think of a Separated clustered fuel
tanks supply

8.    Be careful of having your recovery centre in a busy neighborhood/building, very close by petrol
stations  or HAZ/MAT and other  high risk factors, for example you are located in the  16th floor
and a fire hit in the 14th floor, “ where would all the smoke go, will I be affected, do they have
efficient fire fighting  procedure etc….

9.    Check your supplier/vendor if he has a BC plans and if he will support you in case a major
disaster/such as a hurricane or War etc and do they have an out of state presence near the
affected area.

10. Employees: because IT can’t run by itself one of your major risks are: the human element, train
and rotate people in your IT environment, just in case the bad happens.

info@BCCManagement.com

www.bccmanagement.com

Swine Flu, another knock on the doors of Business Continuity

Over the weekend, Mexico and the US had reported, Swine Flu Outbreak H1N1 in Human.

As of 06:00 GMT, 4 May 2009, 20 countries have officially reported 985 cases of influenza A (H1N1) infection.

Is your pandemic plan related to World Health Organization
WHO Alert Phase System?

Here are some questions to think about:

Do you have a plan?
Are you at least thinking of preparing?
Are you employees advised to use masks?

Are you plan ready and revised?
Be careful the layoffs revisit your plan and re-assign where gaps available
Does the plan include remote or working from home or reduction to 40 % operations?
Does your plan include remote teleconferencing capabilities?
Do you have an internal Communication plan for all employees to notify them of the status?
Does you plan include lowering visit of vendors to your premises to the minimal?
Does your plan include notifying your customers if you stop your business for a short term?

Business Impact of swine Pandemic:

 

Key personnel affected and might not show up to work
Employees may choose to stay at home rather than risk exposure;
Offices closed (either someone sick or by the authorities);
The Supply chain may be affected;
Transport systems may be stoped;
Overwhelm of communication systems being exhausted that might affect your office and your remote users.
Customer not being serviced;

To view the latest Pandemic Map
Google Pandemic (2009 H1N1 Flu Outbreak Map)
http://swinemap.org

googleCourtesy of Google Maps (As of May 4 2009)

WHO SCALEWHO Pandemic Phases

“There is one thing stronger than all the armies in the
world: and that is an idea/plan whose time has come.”
-Victor Hugo

 

 

References:

 

Use of masks WHO advise 3 may 2009

http://www.who.int/csr/resources/publications/Adviceusemaskscommunityrevised.pdf

List of infected countries

http://www.who.int/csr/don/2009_05_04/en/index.html


Google Maps

http://swinemap.org

BCC management BCCManagement.com has been in business since 2006. It specializes in business continuity, disaster recovery planning, and strategic reviews of conceptual plans. www.BCCManagement.com

April 1, Confiker day, and now what?

<!–[if gte mso 9]> Normal 0 false false false MicrosoftInternetExplorer4 <![endif]–><!–[if gte mso 9]> <![endif]–>

BCC Management Highlight about Confiker

Time has ticked and we have arrived on D-Day.

Confiker the most talked about event of the year day (in the I.T security world at least).Experts awaited Wednesday as a worm infecting millions of computers activated itself as predicted on April 1.

 

So where to now?
Awaiting what?

 

According to :

Chris Thomas, principal consultant for CA’s Internet Security Business Unit told CRN, 1 April is when machines infected with the Conficker.C malware will “wake up” and start communicating with each other, waiting for commands.

“The sheer scale of infections is bigger than anything that CA has seen to date,” he said.

The virus scare has launched a hunt for the writer of the worm, in the software business so much so that Microsoft has offered a $250,000** USD bounty on his head.

 

In February, Microsoft partnered with technology industry leaders and academia to implement a coordinated, global response to the Conficker.C (aka Downadup) worm
<!–[if !supportLineBreakNewLine]–>
<!–[endif]–>

Offering rewards can do no harm, but will it be enough to attract the computer underground to inform on the Confiker creators ring,

 

The deadline has prompted fears of a Y2K-like occurrence, though most experts say that similar to the meltdown fears at the turn of the century, April 1 deadline will hardly be noticed by most computer users.

So what have you done to prevent such attacks, are you ready?

Will it effect your business?
Did you patch all your systems in your environment?

Did you have time to patch all your systems in your environment?
Does this fall under your business continuity plan/ strategy?

** “Small Reminder of past Microsoft rewards”
In November 2003 Microsoft offered a total of USD 500,000 for the arrest and successful prosecution of the people behind the Blaster and Sobig worms, and said that it was earmarking a further USD 4.5 million bounty for the purposes of capturing future virus writers. In May 2004, Microsoft also agreed to pay USD 250,000 to a group of informants who contacted the company about Sven Jaschan, the teenage German author of the rampant Sasser and Netsky worms.

 


 

Sources CNN, Sophos, CA

BCC management BCCManagement.com has been in business since 2006. It specializes in business continuity, disaster recovery planning, and strategic reviews of conceptual plans. www.BCCManagement.com