Executive

How often should a BIA be conducted?

Generally: Every 2-3 years unless there are significant reorganizations, divestitures or acquisitions.

~ Patrick Ridder, MBCP, MBCI, CHPCP ISO 22301 Lead Auditor

Culture and Legal/regulatory environment: Every organization is different and requirements for BIA frequency are often dictated by an organization's culture as well as it's associated regulatory guidelines.

Program Maintenance: Many organizations review BIA's yearly and some even quarterly. The review is often baked into a plan review process where the process level RTO and associated impacts are confirmed to ensure they still apply.

~ Laura Mosley, MBCI MBCP CBCLA SCRA

How do I rate / evaluate/ audit my data center?

I would recommend you partner with your internal audit department.  They can help you understand what they would be looking for.

~ Beth Epstein, MA, CBCP, MBCI

The Uptime Institute established the criteria for Data Center ranking. I'd start by reviewing their tier levels and develop an understanding of what the various rankings require. Measure your facility against that criteria and build a gap report from the results. It's also helpful to have an idea of what type of performance you require from your Data Center.

~ Patrick Ridder, MBCP, MBCI, CHPCP  
ISO 22301 Lead Auditor

I have been hearing about a variety of business continuity standards. A.) Which are the most recognized? B.) What should I be looking at? C.) What is this certification process?

There are many to chose from:

ISO 22301

National Fire Protection Association: NFPA 1600:2010

ASIS International: ASIS SPC.1-2009

Australia/New Zealand Standard AS/NZS 5050

British Standars Institute:  BS 25999, Part

Canadian Standard: CSA Z1600

Government of Japan BCP Guideline

Japanese Corporate Code – BCP

ISO 24762 (IT Disaster Recovery)

National Association of Stock Dealers: NASD 3510/3520

National Institute of Standards and Technology: NIST SP 800-34

New York Stock Exchange: NYSE Rule 446

~ Beth Epstein, MA, CBCP, MBCI

What is the difference between Crisis Management and Business Continuity Management?

Let's start by directing you to one of the best resources out there, the DRJ Glossary. You can find it here: http://www.drj.com/resources/tools/glossary-2.html To answer your question, Crisis Management is primarily focused on responding to an event whereas Business Continuity Management or BCM looks at the organizations business continuity needs more holistically. Crisis Management is a component of BCM but BCM is not necessarily a component of Crisis Management.

~ Patrick Ridder, MBCP, MBCI, CHPCP  
ISO 22301 Lead Auditor