This site  The Web 

Archive Newer | Older

Sunday, January 22, 2012

Business Continuity vs. Major Incident Handling

Over the past few years, this question has been asked of me more than once as I present on the topic of Major Incident Handling. It is a very valid question because the topics are very closely related, yet at the same time they are distinctly different. Below is my attempt to differentiate the two and provide some clarity to the topic.

Question: Business Continuity Planning and Major Incident Handling seem to be quite similar. Can you share where you see similarities and differences?

-- In my view, Business Continuity Plans tend to focus on an "after the fact" response to catastrophic events that have already occurred and that have already produced a significant impact which now threatens Business Continuity. A good example would be a Data Center fire that requires restoration of services to an alternate location. Business Continuity Plans are also more business focused and tend to look at multiple aspects of the business that may be impacted, not necessarily just only Incident Response.

-- Major Incident Handling is more "real time" and seeks to control or mitigate an event in progress in order to prevent a significant impact to the business that might threaten Business Continuity.

-- Both are focused on Incident Response with the caveat that Major Incident Handling tends to be focused on managing an incident in progress while Buisness Continuity is usually post event with a goal of managing the after effects of the Incident.

-- Think of Major Incident Handling as the fire fighters fighting a major fire in a housing community while Business Continuity would be the rescue and relocation teams who work with the victims of the fire after it has been extinguished in order to insure they have adequate shelter and basic necessities to survive.

Just like Major Incident Planning, Business Continuity planning has a very important role to play in an overall Organizational Risk Management scheme.  With that in mind, I want to share a source of some well-founded guidance. For me, I have found that the National Institute of Standards and Technology (NIST) is a very good source. Below are some links to the NIST guidance concerning Business Continuity and Risk Management that I think you will find useful.

Link to all of the NIST Standards (Special Publication Series 800-XX)

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

Contingency Planning Guide for Federal Information Systems (Errata Page - Nov. 11, 2010

NIST Contingency Plan Template

DRAFT Guide for Conducting Risk Assessments

More to follow...

Braun Tacon

3:13 pm pst 

Monday, January 9, 2012

If you write it, you own it, right? Maybe

From Fox News comes this story concerning intellectual property ownership rights: NASA Questions Astronaut's Right to Sell Apollo 13 Memorabilia

NASA is questioning whether Apollo 13 commander James Lovell has the right to sell a 70-page checklist from the flight that includes his handwritten calculations that were crucial in guiding the damaged spacecraft back to Earth.
The document was sold by Heritage Auctions in November for more than $388,000, some 15 times its initial list price. The checklist gained great fame as part of a key dramatic scene in the 1995 film "Apollo 13" in which actor Tom Hanks plays Lovell making the calculations.

According to Lovell and a trio of his fellow astronauts (Duke, Schweickart, Cernan) who were interviewed today along with Lovell, it has been a fact that for over 40 years the ownership or disposition of personal memorabilia in the astronauts possession has never been questioned.

Read the rest as they say, and view the interview at the second link for a rare glimpse of four of America's greatest heroes together in one setting.

More to follow...

Braun Tacon

2:08 pm pst 

Archive Newer | Older

BraunsBlog...Random musings on specific topics.  The central themes will be ITIL V.3, Information Security, and other sundry ITSM topics.  That said, there are many more things in this world on which to opine, so don't be surprised if I do now and then.

About me...Braun Tacon, Portland Oregon.  Husband, father, aviator and former Air Traffic Controller with over 20 years experience in the Information Technology and IT Service Management field, the last thirteen years of which having been spent at a Fortune 500 in the Pacific Northwest. 

Professional background and certifications include Aviation Management, Education, Systems Management, Information Security and Process, Standards and Quality Management.  Always delivered with a strong focus on ITIL and similar Process Improvement Frameworks such as LEAN, SixSigma and TQM (Thank you Mr. Deming!).

Hobbies include reading, writing, and even the occasional Karaoke contest!

All opinions expressed here are mine and mine alone.

Contact me...

Questions?  Comments?  Suggestions?  You may contact me at btacon@BraunsBlog.com.

BraunsBlog - 99 and 44 one hundredth percent pure ITIL...66 one hundredth percent pure Braun