Spring World 2015

Conference & Exhibit

Attend The #1 BC/DR Event!

Fall Journal

Volume 27, Issue 4

Full Contents Now Available!

Jon Seals

Anyone who currently holds an ICOR ISO 22301 Lead Auditor Certificate or who passes the exam in the future is eligible to apply to the PECB ISO 22301 Auditor Certification Scheme as a Provisional Auditor, Auditor, or Lead Auditor dependent upon your BCM experience and audit hours.  PECB's certification scheme is ANSI accredited.
To learn more about the PECB ISO 22301 Auditor Certification Scheme visit PECB.

BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor
 BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor is a 5-day instructor led course that prepares internal and 3rd party auditors as well as BCM professionals to audit BCM programs against ISO 22301 - the international standard for Business Continuity Management Systems.  In addition, in the US participants are also taught the critical content of the NFPA 1600 and ASIS.SPC.1 standards.

   

BCM 5000 provides students with the skills and knowledge to conduct and lead effective business continuity management system audits in accordance with the requirements of the BCMS standards, ISO 19011: 2012 and ISO 17022: 2012.  Participants learn how to audit a BCMS, how to write an audit report, how to interpret the requirements of ISO 22301, how to understand the guidance of ISO 22313, and will explore examples of compliance to these requirements for the purpose of audit, program improvement, and self-assessment. 

2014 Course Schedule
*  
November 17-21, 2014        Bangalore, India                    Chenthil.kd@ind.tuv.com
December 1-5, 2014           Brisbane,Australia                 www.jbtglobal.com
December 8-12, 2014         Flagstaff, Arizona                  High Country Conference Center   

*Go to www.theBCI.org for courses scheduled via BCI global partners. 


Class meets 8:00 AM - 5:00 PM Daily
 

 Register Now! 

  

Course Description  (Download the Brochure

ISO 22301 Lead Auditor teaches the principles and practices of independent auditing of a BCMS and
guides the student through the audit process using a balance of formal instruction and practical case study activities. The focus of the course content is on the requirements of ISO 22301 and how these requirements are implemented in a Business Continuity Management System. 

BCM 5000 provides students with the skills and knowledge to conduct and lead effective business continuity management system audits in accordance with the requirements of ISO 22301:2012, ISO 19011:2012, and ISO 17022: 2012. 

Attendees will also gain the necessary knowledge to prepare for an external audit, conduct an compliance audit as part of a self-assessment, as well as how to develop a standards-based business continuity program.

Who should attend? Existing Lead Auditors, BC professionals, IS professionals, & Internal Auditors.
The course audience also includes those with auditing experience who are interested in adding
the auditing of BCM Systems to their audit capabilities for conducting internal and/or external audits as well as BCM professionals who wish to add the auditing competence to their skill sets. 

  

To assist with the understanding of the overall process, the class is constructed around a case study and each activity is applied to the case study as we move through the course and practice applying the requirements of the standards to auditing practices.

  

Also included in the course are small 'quizzes" taken after each section and an exam review "Jeopardy" game to prepare for the exam. 

Course materials include the following:

  • Student Guide - Over 300 pages of text and pictures (not ppts!) to be used as a future reference 
  • Case study
  • Sample plans and supporting documentation to evaluate the case study against the standards and audit requirements
  • Compliance Scorecard for meeting requirements of ISO 22301 and PS-Prep standards
  • Standards Compliant Templates for all major requirements  

Course Outline and Learning Objectives

Part 1:  Requirements of a Business Continuity Management System

Part 2:  Developing Strategies to Mitigate Risk

Part 3:  BCM Program Implementation - the elements of a BCM program and keeping it up to date

Part 4:  Embedding BCM into the Culture of the Organization

Part 5:  Program Improvement, Audit Practices, Writing the Audit Report, exam review and exam

  

As a result of successfully completing BCM 5000, students will demonstrate competence in and an understanding of the following areas:

  1. The key practices of a business continuity program for organizations of all sizes  
  2. The requirements for auditing business continuity programs under ISO 22301 and the PS-Prep standards  
  3. The essential elements of the standards
  4. Practical audit practices and how to write the audit report 

Attendees should have one or more of the following competencies:

  1. Experience in internal and / or 3rd party auditing 
  2. Experience / expertise in business continuity management    
  3. Understanding of standards and standard implementation  

Accreditation and Certification

 

BCM 5000: ISO 22301 Lead Auditor - PS-Prep BCMS Auditor is accredited by the American National Standards Institute (ANSI).  ANSI is the only US accreditation body.    

Upon completion of BCM 5000 and passing the exam with a rate of 80% or higher, attendees will earn a certificate as an ISO 22301 Lead Auditor and/or BCMS Auditor.   

  

Register NOW!

  

Course Fee: $2,895.00 USD includes all course materials, breakfast, lunch, and refreshments. 

All course materials are shipped to you upon registration via FedEx.

  

Questions?  Contact Lynnda Nelson at toll free North America 866-765-8321, +1630-705-0910 or Education@theicor.org

   
ANSI
Upgrade your BCMS-Auditor or
BS-25999-1 Lead Auditor Certificate
to an ANSI-Accredited ISO 22301 Leader Auditor Certificate Online!
 
This elearning course is only for those practitioners who hold the ICOR BCMS-Auditor or the BS-25999-1 Lead Auditor Certificate.
BCM 5050: ISO 22301 Lead Auditor Training

BCM 5050 is an elearning course designed to provide those currently holding certificates as BCMS-Auditors and BS-25999-1 Lead Auditors with the knowledge to conduct ISO 22301 audits. 
As a result of successfully completing this course you will earn the ANSI Accredited ISO 22301 Lead Auditor Certificate.
  • Online exam included in course fee
  • Standards are not included in course materials (cost for both standards is over $300.00.)  
Course Outline:
  • In-depth review of ISO 22301 - Includes references to ISO 22313 - Guidance for 22301
  • Introduction to ISO 19011: 2011 - Guidelines for Auditing Management Systems
  • Introduction to ISO 17022:Conformity assessment - Requirements and recommendations for content of a third-party audit report on management systems
  • Templates for "Standards Compliance"
BCM 5050 is comprised of the following elements:
  1. Voice over Power Point Presentation (approximately 3 hours)
  2. Student Book (pdf download)  
  3. Templates for "Standards Compliance"
  4. Comparison of BS 25999 and ISO 22301 (excel spreadsheet)
  5. Comparison of the following BCM standards in an excel spreadsheet (drives content for the Templates)
    • ASIS SPC.1
    • ASIS BCM 01
    • NFPA 1600: 2010
    • ISO 22301
  6. Moving from BS 25999-2 to ISO 22301 (BSI)
  7. ISO 22301 Assessment Checklist (BSI)
  8. Online exam (approximately 1 hour to complete)  Consists of 10 short answer questions.  Passing is 80% or 80 points. 
Upon successful completion of the online exam, you will receive your updated ANSI Accredited ISO 22301 Lead Auditor Certificate. The course fee includes multiple submissions of the online exam. There is no additional fee to re-take the exam.
 

Register Now and Begin Today!

Questions?  Contact Lynnda Nelson at 866-765-8321 or Lynnda@theicor.org

While You May be Concentrating Your Efforts on Recovery after an Incident, Be Sure that Information Provided to the Media is What You Want Publicized

Part One of Three Regarding Your Crisis Communications

I recently had the pleasure of attending the 6th. Annual Business Continuity Symposium held in Rochester, New York, and sponsored by the Eastern Great Lakes Chapter of the Association of Contingency Planners (EGLACP). Chapter President John J. Luce and his organization staff lined up some great speakers and set a record for the number of sponsors attending the annual event.

The lead speaker was James W. Satterfield, President, COO and Founder of Firestorm Solutions, LLC, whose session was entitled “Crisis Management Reality Check: Consequence Management Lessons Learned After a Crisis”. At the start of the session, Mr. Satterfield asked “Have You Heard the One About Cannibalistic Rites Being Performed on a Major College Campus?“

...

http://www.strategicbcp.com/blog/cannibalism-how-to-handle-crisis-communications/

By Shailendra Singh

Organizations today are presented with an ever-growing number of challenges, compounded by the speed of technological change and evolution, all of which act together to increase business risk.

In such an unpredictable environment, the ability to weather market and technological and financial stress is critical to sustainability. Reactive corporate disaster recovery is no longer sufficient. Resilient systems and processes that keep businesses running as usual during any crisis are the key to retaining competitive advantage.

One of the biggest issues facing organizations today is a plethora of unpredictable disruptions that have the potential to seriously destabilise business.

...

http://www.continuitycentral.com/feature1245.html

November 6, 2014

PAS 7000 now available

BSI has launched PAS 7000, a universally applicable supply chain information standard for suppliers and buyers at organizations of all sizes around the globe. PAS 7000 ‘Supply Chain Risk Management- Supplier prequalification’ helps answer three key questions relating to any organization’s supply chain partners: Who are they? Where are they? Can they be relied upon?

The standard draws on the collective expertise of 240 professionals drawn from global industry associations and organizations, and it addresses product, process and behavioural criteria for supplier prequalification.

PAS 7000 has been created in response to industry demand, with three quarters of executives considering supply chain risk management important or very important (1). As supply chains increasingly span continents, and brands become ever more exposed due to the demand for increased transparency, the challenges for procurement teams to assess the suitability of suppliers increases. 63 percent of EMEA companies have experienced disruption to their value chain due to unpredictable events beyond their control in the last 12 months, at an average cost of £449,525 per incident per company (2).

PAS 7000 provides companies with a uniform set of common information requirements that reduces duplication of effort in completing tender forms and aids procurement in bringing consistency to the supplier base. It establishes a model of governance, risk and compliance information for buyers to pre-qualify suppliers and confirm their intention and ability, to adhere to key compliance requirements. This in turn helps organizations make an informed decision about whether or not to engage with a potential supply chain partner.

For further information and to download the standard free of charge visit: www.bsigroup.com/PAS7000 (registration required).

(1) Don’t play it safe when it comes to Supply Chain Risk Management – Accenture Global Operations Megatrends Study 2015
(2) Dynamic Markets – Managing the Value Chain in Turbulent Times – Oracle, March 2013.

undefined

At a Gala Dinner at the Science Museum in London on the 5th November, the Business Continuity Institute (BCI) hosted their Global Awards ceremony, an event to recognise the outstanding contribution of business continuity professionals and organisations from across the world.

The BCI Global Awards consist of ten categories – nine of which are decided by a panel of judges with the winner of the final category (Industry Personality of the Year) being chosen by their peers in a vote. As expected the entries received during the year were all to a high standard and the panel of judges had a difficult task deciding upon a shortlist to go forward to the ceremony.

Inevitably there can be only one winner in each of the categories and those who went home celebrating were:

  • Business Continuity Consultant of the Year: Bill Crichton FBCI, Managing Director and Principal Consultant at Crichton Continuity Consulting Ltd
  • Business Continuity Manager of the Year: John Zeppos FBCI, Group Business Continuity Management Director at OTE Group of Companies
  • Public Sector Business Continuity Manager of the Year: Brian Gray MBCI, Chief of Business Continuity Management at the United Nations
  • BCM Newcomer of the Year: Luke Bird MBCI, Business Continuity Executive at Atos
  • Business Continuity Team of the Year: Franklin Templeton Investments
  • Business Continuity Innovation of the Year: Deloitte
  • Business Continuity Provider of the Year (BCM Service): Continuity Shop
  • Business Continuity Provider of the Year (BCM Product): ezBCM
  • Most Effective Recovery of the Year: Bank of New Zealand
  • Industry Personality of the Year: Chittaranjan Kajwadkar MBCI

Steve Mellish, Chairman of the BCI said: "The geographical range of winners at tonight's awards is a sign of just how the industry is developing internationally and how global an organisation the BCI is. The high standard of entries we received gave the judges some very difficult decisions to make so my congratulations go to everyone who won for what is a tremendous achievement."

The BCI Global Awards are held annually and coincide with the BCI World Conference and Exhibition, one of the premier events in the global industry calendar. Held over two days, the conference features fifty exhibitors, a similar number of speakers and close to a thousand visitors.

The world turns and things change – and that includes computer hacker approaches too. The immediate threats of malware and cybercriminals are relatively well-known. Phishing emails are designed to get you to click right away on a hacker’s link. Worms burrow through systems, always on the go. Viruses in that free software you should not have downloaded replicate and ravage. But now there’s a new menace with a different approach. Instead of attacking your system now, some hackers are making themselves at home for the longer term. They enter by stealth and lie low. Then they start to use your computers – just like they were their own computers. Welcome to the Advanced Persistent Threat or APT for short.

The goal of the Advanced Persistent Threat is typically not to do damage, but to steal data. The most sophisticated APTs require considerable effort and expertise, possibly requiring new internal system code. APT campaigns are also part of the spying arsenal of certain governments that can muster the high levels of hacking resources and expertise required.

...

http://www.opscentre.com.au/blog/a-quick-guide-to-advanced-persistent-threats/

Big Data is changing things, and not just because it requires shiny, new solutions such as Hadoop or Apache whatsit-of-the-week. As organizations use and assimilate Big Data, the more obvious it becomes that IT will need to reimagine some old standards in the data toolbox.

Why? The obvious reason is standard data tools aren’t designed to handle unstructured or high-velocity data. But there are other issues unique to Big Data that will require us to rethink the tools we’re using to manage, analyze and present the data. Here are two that have been in the news recently:

The Executive Dashboard

Executive dashboards were created over a decade ago to help leaders visualize specific enterprise metrics, such as key performance indicators. Not a lot has changed since then. That’s a problem in the era of Big Data, when insight is gained not so much through route reporting as it is through exploration.

...

http://www.itbusinessedge.com/blogs/integration/two-standard-data-tools-to-rethink-in-big-data-era.html

Now that the software-defined data center (SDDC) is nearly upon us, enterprise executives need to start asking a number of pertinent questions; namely, how do I build one, and what do I do with it once it is built?

In essence, the SDDC is more about applications than technology. The same basic virtual and cloud technologies that have infiltrated server, storage and now networking are employed to lift data architectures off of bare metal hardware and into software. But it is the way in which those architectures support enterprise apps, and the way in which the apps themselves are reconfigured to leverage this new, more flexible environment that gives the SDDC its cachet.

Until lately, however, the application side of the SDDC has been largely invisible, with most developments aimed at the platform itself. Last week, however VMware announced an agreement with India’s Tata Consulting Services (TCS) to develop pre-tested and pre-integrated applications for the SDDC. Under the plan, TCS will provide architectural support and operational expertise to help organizations transition legacy apps into virtual environments powered by VMware solutions, namely vSphere, NSX, Virtual SAN and the vRealize Suite. The deal also calls for the creation of a Center of Excellence to link data centers in Milford, Ohio and Pune, India to handle beta test and workload assessment functions.

...

http://www.itbusinessedge.com/blogs/infrastructure/application-support-in-the-software-defined-data-center.html

Susan L. Cutter is a Carolina Distinguished professor of geography at the University of South Carolina where she directs the Hazards and Vulnerability Research Institute. Her primary research interests are in the area of disaster vulnerability/resilience science — what makes people and the places where they live vulnerable to extreme events and how vulnerability and resilience are measured, monitored and assessed.

Cutter is a GIS hazard mapping guru who supports emergency management functions. I posed a series of questions about mapping and asked her to respond in writing. In Cutter’s responses she reminds us to ask the “why of the where” question when looking at maps.

...

http://www.emergencymgmt.com/disaster/How-GIS-Can-Aid-Emergency-Management.html

NEW YORK – Send Word Now, the leading worldwide innovator of critical communications technologies, including emergency notification, desktop alerting and integrated incident management, today announced the deployment of its award-wining Alerting Service by Canadian, low-cost carrier, WestJet Airlines Ltd. (WJA, Toronto Stock Exchange).

WestJet, headquartered in Calgary with an eastern hub in Toronto, offers scheduled flight service to more than 90 destinations in North America, Central America, the Caribbean and Europe. Through its subsidiary, WestJet Encore, and with partnerships with airlines representing every major region of the world, the company offers guests more than 120 destinations in over 20 countries.

WestJet employs more than 10,000 individuals, and recently ranked third in Aon Hewitt's best employers in Canada. The airline was also designated as a J.D. Power Customer Service Champion in 2011, only one of two companies in the country to ever make the distinguished list.

With Send Word Now's Alerting Service, which replaced an on-premise, proprietary notification system, WestJet can immediately send voice and text messages to management, employees and other stakeholders as documented within its emergency preparedness and response plan. The Get Word Back feature allows the airline to gather crucial feedback, easily escalating communications to mobilize personnel as available and as needed.

WestJet also utilizes Send Word Now's Self-Registration Portal, through which message recipients can easily add, update and maintain their own emergency contact information.

"Every day, passengers entrust WestJet to safely reach their travel destinations," said Lorin Bristow, Senior Vice President, Marketing, for Send Word Now. "And, every day this first-class organization entrusts us for their critical communications needs. We are exceedingly grateful for the opportunity to serve them, and support their vision of becoming one of the most successful international airlines in the world."

About Send Word Now
http://www.sendwordnow.com/ | 212.379.4900 | 800.388.4796 | marketing@sendwordnow.com
Media inquiries: Linda Young | lyoung@sendwordnow.com | 615.295.6368
Follow us on:  TwitterLinkedIn and Facebook

Headquartered in New York City, Send Word Now is the leading provider of on-demand alerting for crisis communication. The company's easy-to-use, web-based emergency notification solutions and mobile applications are used by businesses, government agencies, universities and non-profit organizations worldwide to ensure fast, effective, two-way communication when it is needed the most.

Among its many accolades, Send Word Now was named a 'Leader' in Gartner's 2014 Magic Quadrant for U.S. Emergency/Mass Notification Services. Its Alerting Service was recently awarded "Notification System of the Year" by DRI International, and the company received the 2013 Small Business Achievement Award from the Department of Homeland Security for its work with the Federal Emergency Management Agency (FEMA).