Welcome to the eighth issue of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to ISO17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents. In view of recent events, this issue focuses particularly upon business continuity and disaster recovery.
Included in this issue are the following topics:
ISO17799 SECTION 11: THE NORTH AMERICAN POWER BLACKOUT
The sudden loss of the North American grid on 14 August 2003 caused severe outages that affected electricity supplies, water supplies, air conditioning, transportation, sanitation, traffic lights and much more. It is estimated that over 50 million people and many thousands of businesses were impacted directly.
It was also reported that large numbers of people were trapped for hours in subway trains and in pitch black elevators in temperatures of more than 90 degrees All airports in the region were reported to be immediately closed as security equipment would not operate.
The relief that this did not appear to have been caused by terrorism was tempered by the realization that despite the corrective activities following 911, most organizations located in the region were not adequately prepared for such unexpected catastrophes. This event is likely to intensify efforts around the world to speed up business continuity planning and contingency planning projects. Although this particular emergency is not believed to be related to terrorism, it is fairly easy to envisage how terrorist actions could result in similar catastrophes both in the US and the rest of the world.
But how difficult is it for your organization to quickly prepare base level plans to meet the most serious eventualities?
Actually this is a relatively simple process when using a template process, such as the widely acclaimed BCP Generator. This user friendly business continuity support product supplies the outline plan structure, all necessary templates, and project management assistance together with interactive comprehensive advice and guidance on how to develop the plans.
To develop a business continuity plan, in simple terms:
- The first task is to appoint a member of senior management to oversee the process and be responsible for the development of suitable continuity plans.
- The organization’s critical business activities need to be reviewed to determine what types of disaster would have a serious impact on the business
- Concentrate initial efforts on the most critical business system functions and do NOT restrict the plan to cover only information technology systems
- Alternative strategies and procedures need to be identified that would enable critical business activities to continue or recover in the shortest possible time.
- The potential financial impact of such disasters on the organization’s bottom line needs to be assessed
- Prepare a plan allocating responsibilities and required actions
- Review and test the plan under realistic conditions
- Train the staff and prepare alternative procedures to be used in emergencies – ensure everyone knows exactly what is expected of them in a particular emergency
- Identify and train a core team to look after the initial organization and emergency handling
- Keep the plan current with regular reviews of critical functions
All these issues and many more are comprehensively covered by tools like the above.
Further information is available from: