Business Continuity Institute, BCI Exam Certification process.

Those candidates who successfully pass the BCI Certificate are entitled to use the post-nominal credential of CBCI – they are not members of the Business Continuity Institute but are expected to uphold the Code of Practice and Ethics. CBCIs will have the opportunity to be placed on a register of those holding this credential (an annual fee is payable). They will also be invited to apply for professional membership of the Business Continuity Institute if they are able to demonstrate sufficient practical application of their knowledge. Professional membership grades include AMBCI, SBCI, and MBCI.

After successful payment, your information will be filled out towards the CBCI Application. This form requires basic demographic information, details about prior work history in Business Continuity Management, and the provision of 2 referees. A current resume is also required to submit the application.
Once submitted, an Education Consultant will contact you within 4 working days, usually sooner, to provide you an authorization to test letter, which will include a link for you to choose a venue date and time.

The examination (English language) consists of 120 multiple choice questions which the candidate will have 2 hours to complete.

What happens after the examination?

At the end of examination all candidates should receive an immediate confirmation notice that their answers have been submitted by for marking. This confirmation will show where results will be sent – please check this for accuracy.

Results should be available within 4 to 6 weeks after the examination and will be mailed to the address shown on the confirmation notice. Under no circumstances will scores or pass/fail information be released over the phone.

Email support@bccmanagement.com to help you book your exam.

OTTAWA OPERATION CENTER OC

MAILING ADDRESS
P.O BOX 42054
RPO ST LAURENT
OTTAWA, ON, K1K 4L8
CANADA

Tel: +1.800.961.7592
Fax: +1.613.248.5149
TORONTO HEAD OFFICE HO
4915 BATHURST STREET, UNIT # 209-338
TORONTO, ON, M2R 1X9
CANADA
Tel: +1.800.961.7592

Middle East Regional Office

P.O.Box 116-5108
Beirut -Lebanon
Tel: +961.7061.9274
Fax: +961.923.2406
ttp://lebanon.bccmanagement.com

Business Continuity Training in LEBANON – Beirut October 5-6 2009 B.C.C Management Canada – Lebanon

BCC Management Canada – Lebanon, Is proud to present Business Continuity Training in Lebanon on October 5-6 2009 in Radisson Hotel – Beirut Lebanon.

Recommended Participants:
::: Business Continuity Managers
::: MIS / I.T Managers
::: Project Managers
::: Head of Operations
::: Audit Professionals
::: Internal and External Auditors
::: Financial Controllers
::: Risk Manager
::: IT Security Manager

Objectives:
The Objective of this course is to facilitate the
participants to understand the Business
Continuity concept.

The Course Content will cover 5 major processes
as endorsed by the Business Continuity Institute BCI.

::: Understand your business
::: BCM Strategies
::: Developing a BCM Response
::: Developing a BCM Culture
::: Exercising, Maintenance & audit
::: Understanding compliance requirement regarding Basel ii, BDL.
ISO 27002 and BS 25999

Outcome of the Course:
::: Understanding of the different standards
(BS 25999 and ISO 27002)
::: Understand how BCM works towards your organization
::: Understand the Benefit of Business Continuity Management
::: Understanding how to be an accredited certication

Material Provided:
::: Workshop Manual
::: Support documents & Solutions for exercises (ON CD)
::: Course certificate
::: BCM Case Studies (ON CD)

Registration:
Price: 530 USD
Includes:
::: Lunch
::: Free Internet Available

To Download the registration form :
lebanon.bccmanagement.com/ or
lebanon.bccmanagement.com/registration.doc
Email it to info@bccmanagement.com
Or Fax it to +961.9.232406

http://www.facebook.com/event.php?eid=160537960405&ref=mf
http://events.linkedin.com/Business-Continuity-Training-LEBANON/pub/120404

About BCCManagement:
We’ve been in Business since 2006, we have participated in several related International Conferences
and seminars held in many countries including Canada, United Kingdom, and the United States.
Also, we published numerous Business Continuity studies and articles in renowned magazines and international
websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
In 2009 BCCManagement has done a corporate partnership with Business Continuity Institute BCI to Bring It’s Client the state of the art Business Continuity practice.

ISO 27002:2005

ISO 27002:2005
Information technology — Security techniques — Code of practice for information security management
ISO/IEC 27002 part of a growing family of ISO/IEC ISMS standards, the ‘ISO/IEC 27000 series’ is an information security standard published by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) as ISO/IEC 17799:2005 and subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line with the other ISO/IEC 27000-series standards. It is entitled Information technology – Security techniques – Code of practice for information security management. The current standard is a revision of the version first published by ISO/IEC in 2000, which was a word-for-word copy of the British Standard (BS) 7799-1:1999.
ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad:
the preservation of confidentiality (ensuring that information is accessible only to those authorised to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorised users have access to information and associated assets when required).
Contents

Outline of the Standard
After the introductory sections, the standard contains the following twelve main sections:
1. Risk assessment
2. Security policy – management direction
3. Organization of information security – governance of information security
4. Asset management – inventory and classification of information assets
5. Human resources security – security aspects for employees joining, moving and leaving an organization
6. Physical and environmental security – protection of the computer facilities
7. Communications and operations management – management of technical security controls in systems and networks
8. Access control – restriction of access rights to networks, systems, applications, functions and data
9. Information systems acquisition, development and maintenance – building security into applications
10. Information security incident management – anticipating and responding appropriately to information security breaches
11. Business continuity management – protecting, maintaining and recovering business-critical processes and systems
12. Compliance – ensuring conformance with information security policies, standards, laws and regulations
Within each section, information security controls and their objectives are specified and outlined. The information security controls are generally regarded as best practice means of achieving those objectives. For each of the controls, implementation guidance is provided. Specific controls are not mandated since:
1. Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances. The introduction section outlines a risk assessment process although there are more specific standards covering this area such as ISO/IEC 27005.
2. It is practically impossible to list all conceivable controls in a general purpose standard. Industry-specific implementation guidelines for ISO/IEC 27001 and ‘27002 are anticipated to give advice tailored to organizations in the telecomms, financial services, healthcare and other industries.

The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.

References:
Wikipedia.org
iso.org

About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.
For More info:
Business Continuity Consultancy and Management
info@bccmanagement.com http://www.bccmanagement.com

North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada

Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon

Our Partners:

Maximum Tolerable Period of Disruption MTPOD

Maximum Tolerable Period of Disruption MTPOD

The standard BS 25999 [1]requires the dependencies of critical activities to be identified (other activities, assets, resources, suppliers and outsource partners).

BS 25999-2, 20 Nov. 2007 Section 4 says that the goal of a Business Impact Analysis BIA is to “determine the impact of any disruption of the activities that support the organization’s key products and services.”

A key aspect of determining the impact of a disruption is identifying what BS 25999 calls the “Maximum Tolerable Period of Disruption,” or MTPOD.

BS 25999 defines MTPOD as the “duration after which an organization’s viability will be irrevocably threatened if product and service delivery cannot be resumed.”

MTPOD is just a useful metric that determines how much unavailability you can stand before everything crashes and burns and can’t be put back together again.

A corrigendum by Jacque Rupert for BS 25999’,Maximum Tolerable Period of Disruption, which was approved on June 9th 2009 by [[3]]BSI’s BCM/1 standard development committee.

MTPOD is the maximum amount of time that an enterprise’s key products or services can be unavailable or undeliverable before its stakeholders see unacceptable consequences.

BCC management BCCManagement.com has been in business since 2006. It specializes in business continuity, disaster recovery planning, and strategic reviews of conceptual plans. http://www.BCCManagement.com

References:
2. ^ http://www.bsi-global.com/
1. ^ http://www.continuitycentral.com/feature0675.html
1. ^ http://www.continuitycentral.com/feature0677.html
1. ^ http://www.bccmanagement.com/mtpod.html
1. ^ http://e-janco.com
1. ^ http://en.wikipedia.org/wiki/BS_25999
1. ^ http://en.wikipedia.org/wiki/BSI_Group
1. ^ http://en.wikipedia.org/wiki/Maximum_Tolerable_Period_of_Disruption

Further reading

BS 25999-1:2006 Business Continuity Management Part 1 – [[4]]British Standards Institution
BS 25999-2:2007 Business Continuity Management Part 2 – [[5]]British Standards Institution

Top 10 IT Disaster Considerations

Top 10 IT Disaster Considerations

Today’s businesses are growing and they share two common criteria’s,
Information Technology Systems,Broader National/International presence

Being in business, you need to be online 24x7x226 a higher business continuity requirement, why other offices overseas or in another state need to be affected in case you are down; today an IT disaster recovery Plan is a must.

The IT Disaster Recovery plan, have everything, from the who, the where the what, to keeping a copy of the Disaster Recovery updated and off site. But some of the below points sometimes are either
forgotten or bypassed.

Here is the list, of what to have/needs to be done, before a disaster hit.

1.    Always have spare disks in recovery site for your servers and for your SAN. Because during a

disaster, a lot of power failures, and lower voltage may play a roles is killing the disks, and even
if your supplier SLA is less then X hours, he might not be able to access his ware house.
2. Power regulator, during a disaster, electricity voltage plays a lot, and it can lead to burning the
power supplies of all your machines.

3.    A cluster of COOLING SYSTEMS is a must in case one set failed, the other set will pick up, be

careful of the circuit breakers , have an effective monitoring system, to alert the evolved parties with    an “S” because it proved the S in plural will work.

4.    A clustered UPS in case the primary fails the second will pick up, add in some extra batteries for
long autonomy  in case of battery failures or Fails  in A disaster

5.    Telecom interference should be thought of.

6.    Redundant Internet supplier, and also think of Satellite communications

7.    Fuel for power generators, should be stored safely , but a bit far away from the recovery centre,
in case something happened to them and they started burning that they don’t affect you
recovery center, and also take a closer look on the design of the fuel tanks and asks yourself
what happens if the tank burns will it affect the other tanks, think of a Separated clustered fuel
tanks supply

8.    Be careful of having your recovery centre in a busy neighborhood/building, very close by petrol
stations  or HAZ/MAT and other  high risk factors, for example you are located in the  16^th floor
and a fire hit in the 14^th floor, “ where would all the smoke go, will I be affected, do they have
efficient fire fighting  procedure etc….

9.    Check your supplier/vendor if he has a BC plans and if he will support you in case a major
disaster/such as a hurricane or War etc and do they have an out of state presence near the
affected area.

10. Employees: because IT can’t run by itself one of your major risks are: the human element, train
and rotate people in your IT environment, just in case the bad happens.

info@BCCManagement.com

www.bccmanagement.com

Swine Flu, another knock on the doors of Business Continuity

Over the weekend, Mexico and the US had reported, Swine Flu Outbreak H1N1 in Human.

As of 06:00 GMT, 4 May 2009, 20 countries have officially reported 985 cases of influenza A (H1N1) infection.

Is your pandemic plan related to World Health Organization
WHO Alert Phase System?

Here are some questions to think about:

Do you have a plan?
Are you at least thinking of preparing?
Are you employees advised to use masks?

Are you plan ready and revised?
Be careful the layoffs revisit your plan and re-assign where gaps available
Does the plan include remote or working from home or reduction to 40 % operations?
Does your plan include remote teleconferencing capabilities?
Do you have an internal Communication plan for all employees to notify them of the status?
Does you plan include lowering visit of vendors to your premises to the minimal?
Does your plan include notifying your customers if you stop your business for a short term?

Business Impact of swine Pandemic:

 

Key personnel affected and might not show up to work
Employees may choose to stay at home rather than risk exposure;
Offices closed (either someone sick or by the authorities);
The Supply chain may be affected;
Transport systems may be stoped;
Overwhelm of communication systems being exhausted that might affect your office and your remote users.
Customer not being serviced;

To view the latest Pandemic Map
Google Pandemic (2009 H1N1 Flu Outbreak Map)
http://swinemap.org

Courtesy of Google Maps (As of May 4 2009)

WHO Pandemic Phases

“There is one thing stronger than all the armies in the
world: and that is an idea/plan whose time has come.”
-Victor Hugo

 

 

References:

 

Use of masks WHO advise 3 may 2009

http://www.who.int/csr/resources/publications/Adviceusemaskscommunityrevised.pdf

List of infected countries

http://www.who.int/csr/don/2009_05_04/en/index.html

Google Maps

http://swinemap.org

BCC management BCCManagement.com has been in business since 2006. It specializes in business continuity, disaster recovery planning, and strategic reviews of conceptual plans. www.BCCManagement.com

BUSINESS CONTINUITY “The University Guide”

BCC Management Has Published An article about ” BUSINESS CONTINUITY The University Guide”

Click here to get it

http://www.bccmanagement.com/BUSINESSCONTINUITYTheUniversityGuide.pdf