Sunday, January 22, 2012
Business Continuity vs. Major Incident Handling
3:13 pm pst
Over the past few years,
this question has been asked of me more than once as I present on the topic of Major Incident Handling. It is a very valid question because the topics are very closely related, yet at the same time they are distinctly different.
Below is my attempt to differentiate the two and provide some clarity to the topic.
Question: Business Continuity
Planning and Major Incident Handling seem to be quite similar. Can you share where you see similarities and differences?
In my view, Business Continuity Plans tend to focus on an "after the fact" response to catastrophic events that
have already occurred and that have already produced a significant impact which now threatens Business Continuity. A good
example would be a Data Center fire that requires restoration of services to an alternate location. Business Continuity Plans
are also more business focused and tend to look at multiple aspects of the business that may be impacted, not necessarily
just only Incident Response.
-- Major Incident Handling is more "real time" and seeks to control or
mitigate an event in progress in order to prevent a significant impact to the business that might threaten Business Continuity.
-- Both are focused on Incident Response with the caveat that Major Incident Handling tends to be focused on managing
an incident in progress while Buisness Continuity is usually post event with a goal of managing the after effects
of the Incident.
-- Think of Major Incident Handling as the fire fighters fighting a major fire in a housing community
while Business Continuity would be the rescue and relocation teams who work with the victims of the fire after it has been
extinguished in order to insure they have adequate shelter and basic necessities to survive.
Just like Major Incident
Planning, Business Continuity planning has a very important role to play in an overall Organizational Risk Management
scheme. With that in mind, I want to share a source of some well-founded guidance. For me, I have found that the National
Institute of Standards and Technology (NIST) is a very good source. Below are some links to the NIST guidance concerning Business
Continuity and Risk Management that I think you will find useful.
Link to all of the NIST Standards (Special Publication Series 800-XX)
Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities
Contingency Planning Guide for Federal Information Systems (Errata Page - Nov. 11, 2010
NIST Contingency Plan Template
DRAFT Guide for Conducting Risk Assessments
More to follow...
Monday, January 9, 2012
If you write it, you own it, right? Maybe
2:08 pm pst
From Fox News comes this story concerning intellectual
property ownership rights: NASA Questions Astronaut's Right to Sell Apollo 13 Memorabilia
is questioning whether Apollo 13 commander James Lovell has the right to sell a 70-page checklist from the flight that includes
his handwritten calculations that were crucial in guiding the damaged spacecraft back to Earth.
The document was sold by Heritage Auctions in November for more than $388,000, some 15 times
its initial list price. The checklist gained great fame as part of a key dramatic scene in the 1995 film "Apollo 13"
in which actor Tom Hanks plays Lovell making the calculations.
According to Lovell and a trio of his fellow astronauts (Duke, Schweickart, Cernan)
who were interviewed today along with Lovell, it has been a fact that for over 40 years the ownership or disposition of personal memorabilia in the astronauts possession
has never been questioned.
Read the rest as they say, and view
the interview at the second link for a rare glimpse of four of America's greatest heroes together in one setting.
More to follow...
musings on specific topics. The central themes will be ITIL V.3, Information Security, and other sundry ITSM topics.
That said, there are many more things in this world on which to opine, so don't be surprised if I do now and then.
About me...Braun Tacon, Portland Oregon. Husband,
father, aviator and former Air Traffic Controller with over 20 years experience in the Information Technology and IT Service
Management field, the last thirteen years of which having been spent at a Fortune 500 in the Pacific Northwest.
Professional background and certifications include Aviation Management, Education, Systems Management, Information
Security and Process, Standards and Quality Management. Always delivered with a strong focus on ITIL and similar
Process Improvement Frameworks such as LEAN, SixSigma and TQM (Thank you Mr. Deming!).
Hobbies include reading, writing, and even the occasional Karaoke contest!
All opinions expressed here are mine and mine alone.
BraunsBlog - 99 and 44 one hundredth percent pure ITIL...66 one hundredth percent