BraunsBlog.Com

MIHLogo.jpg

This site  The Web 

Archive Newer | Older

Sunday, January 22, 2012

 Business Continuity vs. Major Incident Handling

Over the past few years, this question has been asked of me more than once as I present on the topic of Major Incident Handling. It is a very valid question because the topics are very closely related, yet at the same time they are distinctly different. Below is my attempt to differentiate the two and provide some clarity to the topic.

Question: Business Continuity Planning and Major Incident Handling seem to be quite similar. Can you share where you see similarities and differences?

-- In my view, Business Continuity Plans tend to focus on an "after the fact" response to catastrophic events that have already occurred and that have already produced a significant impact which now threatens Business Continuity. A good example would be a Data Center fire that requires restoration of services to an alternate location. Business Continuity Plans are also more business focused and tend to look at multiple aspects of the business that may be impacted, not necessarily just only Incident Response.

-- Major Incident Handling is more "real time" and seeks to control or mitigate an event in progress in order to prevent a significant impact to the business that might threaten Business Continuity.

-- Both are focused on Incident Response with the caveat that Major Incident Handling tends to be focused on managing an incident in progress while Buisness Continuity is usually post event with a goal of managing the after effects of the Incident.

-- Think of Major Incident Handling as the fire fighters fighting a major fire in a housing community while Business Continuity would be the rescue and relocation teams who work with the victims of the fire after it has been extinguished in order to insure they have adequate shelter and basic necessities to survive.

Just like Major Incident Planning, Business Continuity planning has a very important role to play in an overall Organizational Risk Management scheme.  With that in mind, I want to share a source of some well-founded guidance. For me, I have found that the National Institute of Standards and Technology (NIST) is a very good source. Below are some links to the NIST guidance concerning Business Continuity and Risk Management that I think you will find useful.

Link to all of the NIST Standards (Special Publication Series 800-XX)

Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities

Contingency Planning Guide for Federal Information Systems (Errata Page - Nov. 11, 2010

NIST Contingency Plan Template

DRAFT Guide for Conducting Risk Assessments

More to follow...

Braun Tacon
3:13 pm pst 

Monday, January 9, 2012

 If you write it, you own it, right? Maybe

From Fox News comes this story concerning intellectual property ownership rights: NASA Questions Astronaut's Right to Sell Apollo 13 Memorabilia

NASA is questioning whether Apollo 13 commander James Lovell has the right to sell a 70-page checklist from the flight that includes his handwritten calculations that were crucial in guiding the damaged spacecraft back to Earth.
The document was sold by Heritage Auctions in November for more than $388,000, some 15 times its initial list price. The checklist gained great fame as part of a key dramatic scene in the 1995 film "Apollo 13" in which actor Tom Hanks plays Lovell making the calculations.

According to Lovell and a trio of his fellow astronauts (Duke, Schweickart, Cernan) who were interviewed today along with Lovell, it has been a fact that for over 40 years the ownership or disposition of personal memorabilia in the astronauts possession has never been questioned.

Read the rest as they say, and view the interview at the second link for a rare glimpse of four of America's greatest heroes together in one setting.

More to follow...

Braun Tacon

2:08 pm pst 
Archive Newer | Older

BraunsBlog...Random musings on specific topics.  The central themes will be ITIL V.3, Information Security, and other sundry ITSM topics.  That said, there are many more things in this world on which to opine, so don't be surprised if I do now and then.

About me...Braun Tacon, Portland Oregon.  Husband, father, aviator and former Air Traffic Controller with over 20 years experience in the Information Technology and IT Service Management field, the last thirteen years of which having been spent at a Fortune 500 in the Pacific Northwest. 

Professional background and certifications include Aviation Management, Education, Systems Management, Information Security and Process, Standards and Quality Management.  Always delivered with a strong focus on ITIL and similar Process Improvement Frameworks such as LEAN, SixSigma and TQM (Thank you Mr. Deming!).

Hobbies include reading, writing, and even the occasional Karaoke contest!

All opinions expressed here are mine and mine alone.

Contact me...

Questions?  Comments?  Suggestions?  You may contact me at btacon@BraunsBlog.com.

Standards, whitepapers and other documents available for download

A Major Incident Handling Plan

Braun's Bio 2014

Incident, Problem, Change & Knowledge Management as an Integral Component of Effective Service Delivery

ITIL V.3 Service Transition...Its all about the Change

Information Security is Foundational to Enterprise Risk Management

SIPOC

NIST Special Publications (800 Series)

FauxCorp -- Making the Business Case for the Major Incident Handling Plan

The Major Incident Handling Plan -- iCMG Architecture World 09 presentation July 2009 -- UPDATED with itSMF Toronto presentation Oct 2011

ITIL Should Not be Hard

One Page Disaster Preparedness Checklist

"Play Bunny" Rocky; circa 2002

NIST Contingency Plan Template

Governance Risk and Compliance - Strategy Drivers and Outcomes

InfoSec Compliance - Putting the "C" in GRC

Standard Change Template

HIPAA Audit - Dont Just Bet The Odds

Can We Talk?

BraunsBlog - 99 and 44 one hundredth percent pure ITIL...66 one hundredth percent pure Braun

ITIL3ServiceLifecycle.jpg

MIHP2

"Process is not only knowing where you are going...its knowing how you get there"
ITIL® is a Registered Trade Mark of the Office of Government Commerce in the United Kingdom and other countries.

Powered by Register.com