Now incorporating 112 Review, Community Safety Review & Military Review
Happy New Year 2008 to you all
Happy New Year 2008
I would like to take this opportunity to wish all our readers, friends and associates, as well as our enemies, a very happy & prosperous New Year 2008.
I would like to take this opportunity to wish all our readers, friends and associates, as well as our enemies, a very happy & prosperous New Year 2008.
New cold virus kills – rarely
Health Officials are watching the highly potent strain that killed seven Oregonians in April
A new strain of a rare cold virus has caused 10 deaths in four states, including seven in Oregon, during the past one-and-a-half years, federal health officials said.
Oregon health officials called the new viral strain cause for concern but not cause for public alarm.
"This is not the common cold turning into the plague," said Dr. Gary Oxman, health officer for Multnomah, Washington and Clackamas counties. "That's not what's going on here. (Well, is it not “the cold” or not?)
"It's a virus that's recognized as causing pneumonia, and there appears to be a new strain making some people very sick in small numbers."
The new "bug" is a variant of a rare type of adenovirus, called Ad14, which was identified in 1955 and has been detected only rarely since. More than 50 types of adenoviruses can cause or mimic diseases including the common cold and pneumonia.
Like any new viral strain, the new version of Ad14 is of interest to infectious disease trackers, said Dr. Ann Thomas, an epidemiologist in the public health division of the Oregon Department of Human Services. "But it doesn't change what we do that much. It's not something the average person should be afraid of."
To put the risk in perspective, Thomas said that Ad14 is known to have killed 10 people, but complications from influenza kill more than 30,000 Americans a year. (I didn't know that?)
"If people are really worried," she said, "they should get a flu shot."
The best to way to keep Ad14 from spreading is the same as for flu, Thomas said. "Cover your cough, wash your hands and stay home."
The new variant has sickened at least 140 people in New York, Oregon, Washington and Texas, according to the CDC report.
The Oregon outbreak turned up in April, when state health officials learned of a cluster of cases at a Portland hospital and notified the CDC. They ultimately counted 31 cases in Oregon, including seven people who died of severe pneumonia. The next month, Washington state officials reported four hospitalized patients had the same mutated virus. One patient, who also had AIDS, died.
The illness also struck in Texas, where respiratory infections dubbed "boot-camp flu" sickened hundreds at Lackland Air Force Base in San Antonio. The most serious cases were blamed on the emerging virus; one 19-year-old trainee died.
The earliest known case of the mutated virus occurred in New York City in an infant girl who died last year when she was 12 days old.
CDC investigators reviewed the medical charts of 30 Oregon patients infected with the new variant of adenovirus. Of those, 22 required hospitalization and seven -- five of whom were men -- died, all from pneumonia. The patients included residents of seven Oregon counties and two Washington counties.
In search of clues about how the adenovirus is transmitted, health investigators studied the Oregon cases for characteristics they had in common. Nothing conclusive turned up.
With cold-and-flu season beginning, health officials expect to see more cases. The CDC warned state and local public health agencies to "be alert to the possibility of outbreaks caused by Ad14."
It really has put my mind at rest – NOT – to know that this virus only rarely kills.
We seem, however, to have a mutation of some virus here, if I am not mistaken, and no one, yet again, is willing to tell the world the truth.
Can we truth the governments and agencies tasked with protecting us?
Now, if Pirbright and the Food & Mouth Disease (Hoof & Mouth to our American cousins) is anything to go by then the governments cannot be trusted with viruses not the protection of the public from them, and I think we all should just make sure to have our own precautions and protections in place. If that means to wear a face mask, when there is a possibility of any such “bugs” being about, then so be it. Rather looking silly than being seriously ill or dead.
M Smith (Veshengro)
A new strain of a rare cold virus has caused 10 deaths in four states, including seven in Oregon, during the past one-and-a-half years, federal health officials said.
Oregon health officials called the new viral strain cause for concern but not cause for public alarm.
"This is not the common cold turning into the plague," said Dr. Gary Oxman, health officer for Multnomah, Washington and Clackamas counties. "That's not what's going on here. (Well, is it not “the cold” or not?)
"It's a virus that's recognized as causing pneumonia, and there appears to be a new strain making some people very sick in small numbers."
The new "bug" is a variant of a rare type of adenovirus, called Ad14, which was identified in 1955 and has been detected only rarely since. More than 50 types of adenoviruses can cause or mimic diseases including the common cold and pneumonia.
Like any new viral strain, the new version of Ad14 is of interest to infectious disease trackers, said Dr. Ann Thomas, an epidemiologist in the public health division of the Oregon Department of Human Services. "But it doesn't change what we do that much. It's not something the average person should be afraid of."
To put the risk in perspective, Thomas said that Ad14 is known to have killed 10 people, but complications from influenza kill more than 30,000 Americans a year. (I didn't know that?)
"If people are really worried," she said, "they should get a flu shot."
The best to way to keep Ad14 from spreading is the same as for flu, Thomas said. "Cover your cough, wash your hands and stay home."
The new variant has sickened at least 140 people in New York, Oregon, Washington and Texas, according to the CDC report.
The Oregon outbreak turned up in April, when state health officials learned of a cluster of cases at a Portland hospital and notified the CDC. They ultimately counted 31 cases in Oregon, including seven people who died of severe pneumonia. The next month, Washington state officials reported four hospitalized patients had the same mutated virus. One patient, who also had AIDS, died.
The illness also struck in Texas, where respiratory infections dubbed "boot-camp flu" sickened hundreds at Lackland Air Force Base in San Antonio. The most serious cases were blamed on the emerging virus; one 19-year-old trainee died.
The earliest known case of the mutated virus occurred in New York City in an infant girl who died last year when she was 12 days old.
CDC investigators reviewed the medical charts of 30 Oregon patients infected with the new variant of adenovirus. Of those, 22 required hospitalization and seven -- five of whom were men -- died, all from pneumonia. The patients included residents of seven Oregon counties and two Washington counties.
In search of clues about how the adenovirus is transmitted, health investigators studied the Oregon cases for characteristics they had in common. Nothing conclusive turned up.
With cold-and-flu season beginning, health officials expect to see more cases. The CDC warned state and local public health agencies to "be alert to the possibility of outbreaks caused by Ad14."
It really has put my mind at rest – NOT – to know that this virus only rarely kills.
We seem, however, to have a mutation of some virus here, if I am not mistaken, and no one, yet again, is willing to tell the world the truth.
Can we truth the governments and agencies tasked with protecting us?
Now, if Pirbright and the Food & Mouth Disease (Hoof & Mouth to our American cousins) is anything to go by then the governments cannot be trusted with viruses not the protection of the public from them, and I think we all should just make sure to have our own precautions and protections in place. If that means to wear a face mask, when there is a possibility of any such “bugs” being about, then so be it. Rather looking silly than being seriously ill or dead.
M Smith (Veshengro)
UK BUSINESS BETTER PREPARED FOR DISASTER
UK businesses are increasingly prepared for disruption or disaster according to BSI British Standards’ annual Business Barometer, published in November 2007.
The research found:
•81% of FTSE companies would expect to last up to one week before feeling serious detrimental effects following disruption or disaster
•Almost two thirds (63%) are very well prepared for serious IT failure
•Half of businesses surveyed are fully prepared for a forced office relocation
•Almost half (47%) are fully prepared for comprehensive supply chain failure
BSI’s annual survey of FTSE 250 companies shows that 71% recognise the importance of Business Continuity Management (BCM) in staying competitive and winning new business in the future. This is a 10% increase on 2006’s Business Barometer.
Mike Low, Director of BSI British Standards, said: “The scale of risk and opportunity in the FTSE 250 are enormous and these organizations are recognizing that BCM has to be at the heart of their operations. It’s also crucial for smaller organizations and those in other sectors to look seriously at how they would cope in the event of a disaster.
“This year’s Business Barometer shows improvement in the preparedness of organizations for serious failure of their infrastructure which is really positive but there is still room for improvement. That’s why BSI has today published BS 25999-2, Specification for Business Continuity Management, which enables organizations to verify their BCM plans through independent certification. The standard can be used in an organization of any size or sector and provides a mechanism to ensure that their partners and suppliers also have appropriate BCM procedures in place.
“In September, BSI also launched an Online BCM Assessment Tool, particularly useful for SMEs wishing to assess their BCM capabilities.”
Terror threats and natural disruption prompt review
Events of the last year have prompted many businesses to reconsider their approach to BCM:
•42% reviewed their approach to BCM following the London and Glasgow terror alerts in June 2007
•34% reviewed their approach to BCM following the widespread flooding throughout summer 2007
Despite an increase in overall preparedness on last year, the Business Barometer shows that more businesses would be affected by disruption or disaster more quickly than in 2006. 58% said that their business would be seriously affected in under a day, compared with 46% in 2006.
Chris Green, Chairman, Business Continuity Institute, and Chairman of the BSI business continuity committee, said: “The need for robust BCM standards such as BS 25999-2 is clear. By following the requirements of the standard, organizations can improve enterprise stability, increase job security and ensure the flow of money into communities. Without BCM standards in place, infrastructure and supply chains may be less secure and employment and economic growth placed at risk.”
Standards save Businesses
•Those companies already implementing British or international standards as a matter of course were found to be better prepared, with 56% saying that their business would be very well prepared for failure in the supply chain, compared with 47% overall.
•62% of businesses, compared with 46% in 2006, are required by customers to show that they have effective business continuity measure in place. 72% now ask all or some of their own suppliers to do the same.
Continual Improvement
BSI’s research shows that businesses are increasingly recognising the value of BCM. More companies are ‘very well prepared’ for;
•failure in the supply chain: 47% (45% in 2006; 18% in 2005)
•catastrophic IT failure: 63% (51% in 2006; 27% in 2005)
•forced business relocation: 50% in 2007 (41% in 2006; 15% in 2005)
BS 25999-2, Specification for Business Continuity Management, complements BS 25999-1, Guide to Business Continuity, published in November 2006. Part 2 has been developed by a broad based group of world class experts and specifies requirements for establishing, implementing, operating and improving a documented Business Continuity Management System. The requirements of BS 25999-2 are generic and intended to be applicable to all organizations, regardless of type, size and nature of business.
The certification industry is already committed to meeting business needs for certification to this standard in light of unprecedented demand.
The research found:
•81% of FTSE companies would expect to last up to one week before feeling serious detrimental effects following disruption or disaster
•Almost two thirds (63%) are very well prepared for serious IT failure
•Half of businesses surveyed are fully prepared for a forced office relocation
•Almost half (47%) are fully prepared for comprehensive supply chain failure
BSI’s annual survey of FTSE 250 companies shows that 71% recognise the importance of Business Continuity Management (BCM) in staying competitive and winning new business in the future. This is a 10% increase on 2006’s Business Barometer.
Mike Low, Director of BSI British Standards, said: “The scale of risk and opportunity in the FTSE 250 are enormous and these organizations are recognizing that BCM has to be at the heart of their operations. It’s also crucial for smaller organizations and those in other sectors to look seriously at how they would cope in the event of a disaster.
“This year’s Business Barometer shows improvement in the preparedness of organizations for serious failure of their infrastructure which is really positive but there is still room for improvement. That’s why BSI has today published BS 25999-2, Specification for Business Continuity Management, which enables organizations to verify their BCM plans through independent certification. The standard can be used in an organization of any size or sector and provides a mechanism to ensure that their partners and suppliers also have appropriate BCM procedures in place.
“In September, BSI also launched an Online BCM Assessment Tool, particularly useful for SMEs wishing to assess their BCM capabilities.”
Terror threats and natural disruption prompt review
Events of the last year have prompted many businesses to reconsider their approach to BCM:
•42% reviewed their approach to BCM following the London and Glasgow terror alerts in June 2007
•34% reviewed their approach to BCM following the widespread flooding throughout summer 2007
Despite an increase in overall preparedness on last year, the Business Barometer shows that more businesses would be affected by disruption or disaster more quickly than in 2006. 58% said that their business would be seriously affected in under a day, compared with 46% in 2006.
Chris Green, Chairman, Business Continuity Institute, and Chairman of the BSI business continuity committee, said: “The need for robust BCM standards such as BS 25999-2 is clear. By following the requirements of the standard, organizations can improve enterprise stability, increase job security and ensure the flow of money into communities. Without BCM standards in place, infrastructure and supply chains may be less secure and employment and economic growth placed at risk.”
Standards save Businesses
•Those companies already implementing British or international standards as a matter of course were found to be better prepared, with 56% saying that their business would be very well prepared for failure in the supply chain, compared with 47% overall.
•62% of businesses, compared with 46% in 2006, are required by customers to show that they have effective business continuity measure in place. 72% now ask all or some of their own suppliers to do the same.
Continual Improvement
BSI’s research shows that businesses are increasingly recognising the value of BCM. More companies are ‘very well prepared’ for;
•failure in the supply chain: 47% (45% in 2006; 18% in 2005)
•catastrophic IT failure: 63% (51% in 2006; 27% in 2005)
•forced business relocation: 50% in 2007 (41% in 2006; 15% in 2005)
BS 25999-2, Specification for Business Continuity Management, complements BS 25999-1, Guide to Business Continuity, published in November 2006. Part 2 has been developed by a broad based group of world class experts and specifies requirements for establishing, implementing, operating and improving a documented Business Continuity Management System. The requirements of BS 25999-2 are generic and intended to be applicable to all organizations, regardless of type, size and nature of business.
The certification industry is already committed to meeting business needs for certification to this standard in light of unprecedented demand.
Walking the Office Party Tightrope – A Risk-Assessment Checklist
The Christmas office party is a traditional element of many businesses but what potential risks do these annual events present and what guidelines should be in place to ensure that revelry doesn’t turn into regret?
David Honour - a risk expert and editor of continuitycentral.com together with Business Continuity Expo 2008 have put together a useful risk assessment checklist for risk aware managers wanting to keep their jobs in 2008!
Strange as it may seem, the office Christmas party is probably one of the biggest avoidable risks that many companies take. Many of the most risk-aware and best protected companies in the world seem prepared to throw an office party without conducting the sort of risk assessment that they would for any other aspect of their business.
WHAT ARE THE RISKS?
Litigation
Even if an organised office party takes place outside of working hours and away from company premises, the normal laws that protect workers and their rights still apply. If an employee is injured or abused in any way during an office party the company may well be legally liable. High risk areas include injuries, abuse and even death, due to alcohol and substance abuse. Additionally, the risks associated with date rape drugs, where a victim’s drinks are unknowingly spiked with tranquilising and memory impairing drugs such as Rohypnol, are an increasing concern.
There are various sensible mitigation measures that companies can take:
- Ensure that the company human resource policies and handbooks address these areas. Documents should state when and under what circumstances staff remain under employment conditions when away from company premises and out of office hours. It may prove useful to develop a specific HR policy that relates to office parties. Policies need to spell out the disciplinary measures that will be taken against staff who abuse alcohol or drugs during the event and who carry out other activities deemed as unacceptable.
- Send a friendly memo around staff prior to the party reminding them of their responsibilities and of what is acceptable and unacceptable behaviour.
- Remind managers that they have responsibilities for implementing the company's alcohol and substance abuse policy and that they should be ready to have a friendly word with any person who is becoming intoxicated.
- Consider making arrangements to get employees home after the event. A taxi-fare is a much cheaper option than a law-suit alleging that your company failed in its duty-of-care because a drunken employee had an accident making his/her own way home.
- Companies should conduct a formal risk assessment of the office party and document the mitigation measures that have been taken. If the company should face litigation following a party-related incident this will offer evidence that the company has acted responsibly and taken all reasonable measures to prevent the incident occurring.
- Ensure that your company insurance policies cover your Christmas party activities, including the legal liability pitfalls.
Premises damage
Parties that are held on office premises are prone to office equipment damage. Simple accidents can be very costly. For example, a glass of wine dropped onto computer equipment could result in expensive damage to the equipment but could also result in lost data and significant downtime.
In general, it is to be recommended that parties are held off-site. This avoids any additional work place risks associated with the event and may result in reduced, or joint, liability should a premises-related accident occur. It also often results in a better atmosphere, enhancing the positive effects that the party aims to engender. However, parties held off-site also bring the risk of damage and subsequent compensation payments. The risk is highest where an overnight hotel stay is offered to staff who have travelled from further afield. Emptied mini-bars and trashed hotel rooms are an expensive luxury.
Employee relations
This is perhaps the highest risk area and one of the most important for the smooth-running of the company. The better that employee-to-employee relationships and employer-to-employee relationships are, the stronger a company tends to be. Activities which damage these relationships need to be avoided and the office party is a minefield when it comes to this area. Potential long-term conflicts can arise from common office party behaviour such as one-night stands; sexual harassment; verbal abuse and staff fights.
Such issues are difficult to mitigate against, but again, a clear human resource policy outlining what is unacceptable behaviour and the sanctions that will be brought into force against offenders will help in some of these areas. Good human resource management after any incident will also help reduce the personal and corporate impact.
Issues can also arise if an office party is planned insensitively. For example, a party which follows a period of cost-cutting and redundancies may be seen by the remaining staff as in bad taste.
Religion can cause problems and sensitivity needs to be shown, especially when a party is linked to a religious event such as Christmas and Easter. It may be better to rename the Christmas Party as simply the ‘Office Party’ or the ‘Holiday Party’, and it is best to avoid any use of decorations with religious themes or messages. Making the party optional is a sensible policy, allowing staff who may feel uncomfortable celebrating a festival based-upon another religion to avoid the situation.
Reputational damage
This is another minefield, especially where clients and prospects are invited to office parties. Such guests will get to see the company’s employees without their professional ‘hats on’ and the resultant informality, when mixed with the lack of inhibition that alcohol consumption brings, can result in insulted clients and lost contracts.
Once again a well-crafted human resource policy will help in this area and a reminder memo beforehand can help place staff on-guard. Better still, consider making the party staff-only, keeping customers well away from the ‘danger zone’.
The most obvious, and bluntest form of risk reduction is simply not to have an office Christmas party, but despite the risks, there are also positive benefits to the festive event. It shows staff that they are important and that the company does not have a ‘Scrooge’ mentality. They can also be strong networking events. This coupled with the simple the fact that staff are enjoying themselves together and socialising outside their normal working environment can have positive benefits on morale and employee relations. The trick is to be able to manage the liabilities and the reputational risks without negating any positive morale benefits.
For more pearls of wisdom visit www.continuitycentral.com and be sure to visit Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident. For further information visit www.businesscontinuityexpo.co.uk
David Honour - a risk expert and editor of continuitycentral.com together with Business Continuity Expo 2008 have put together a useful risk assessment checklist for risk aware managers wanting to keep their jobs in 2008!
Strange as it may seem, the office Christmas party is probably one of the biggest avoidable risks that many companies take. Many of the most risk-aware and best protected companies in the world seem prepared to throw an office party without conducting the sort of risk assessment that they would for any other aspect of their business.
WHAT ARE THE RISKS?
Litigation
Even if an organised office party takes place outside of working hours and away from company premises, the normal laws that protect workers and their rights still apply. If an employee is injured or abused in any way during an office party the company may well be legally liable. High risk areas include injuries, abuse and even death, due to alcohol and substance abuse. Additionally, the risks associated with date rape drugs, where a victim’s drinks are unknowingly spiked with tranquilising and memory impairing drugs such as Rohypnol, are an increasing concern.
There are various sensible mitigation measures that companies can take:
- Ensure that the company human resource policies and handbooks address these areas. Documents should state when and under what circumstances staff remain under employment conditions when away from company premises and out of office hours. It may prove useful to develop a specific HR policy that relates to office parties. Policies need to spell out the disciplinary measures that will be taken against staff who abuse alcohol or drugs during the event and who carry out other activities deemed as unacceptable.
- Send a friendly memo around staff prior to the party reminding them of their responsibilities and of what is acceptable and unacceptable behaviour.
- Remind managers that they have responsibilities for implementing the company's alcohol and substance abuse policy and that they should be ready to have a friendly word with any person who is becoming intoxicated.
- Consider making arrangements to get employees home after the event. A taxi-fare is a much cheaper option than a law-suit alleging that your company failed in its duty-of-care because a drunken employee had an accident making his/her own way home.
- Companies should conduct a formal risk assessment of the office party and document the mitigation measures that have been taken. If the company should face litigation following a party-related incident this will offer evidence that the company has acted responsibly and taken all reasonable measures to prevent the incident occurring.
- Ensure that your company insurance policies cover your Christmas party activities, including the legal liability pitfalls.
Premises damage
Parties that are held on office premises are prone to office equipment damage. Simple accidents can be very costly. For example, a glass of wine dropped onto computer equipment could result in expensive damage to the equipment but could also result in lost data and significant downtime.
In general, it is to be recommended that parties are held off-site. This avoids any additional work place risks associated with the event and may result in reduced, or joint, liability should a premises-related accident occur. It also often results in a better atmosphere, enhancing the positive effects that the party aims to engender. However, parties held off-site also bring the risk of damage and subsequent compensation payments. The risk is highest where an overnight hotel stay is offered to staff who have travelled from further afield. Emptied mini-bars and trashed hotel rooms are an expensive luxury.
Employee relations
This is perhaps the highest risk area and one of the most important for the smooth-running of the company. The better that employee-to-employee relationships and employer-to-employee relationships are, the stronger a company tends to be. Activities which damage these relationships need to be avoided and the office party is a minefield when it comes to this area. Potential long-term conflicts can arise from common office party behaviour such as one-night stands; sexual harassment; verbal abuse and staff fights.
Such issues are difficult to mitigate against, but again, a clear human resource policy outlining what is unacceptable behaviour and the sanctions that will be brought into force against offenders will help in some of these areas. Good human resource management after any incident will also help reduce the personal and corporate impact.
Issues can also arise if an office party is planned insensitively. For example, a party which follows a period of cost-cutting and redundancies may be seen by the remaining staff as in bad taste.
Religion can cause problems and sensitivity needs to be shown, especially when a party is linked to a religious event such as Christmas and Easter. It may be better to rename the Christmas Party as simply the ‘Office Party’ or the ‘Holiday Party’, and it is best to avoid any use of decorations with religious themes or messages. Making the party optional is a sensible policy, allowing staff who may feel uncomfortable celebrating a festival based-upon another religion to avoid the situation.
Reputational damage
This is another minefield, especially where clients and prospects are invited to office parties. Such guests will get to see the company’s employees without their professional ‘hats on’ and the resultant informality, when mixed with the lack of inhibition that alcohol consumption brings, can result in insulted clients and lost contracts.
Once again a well-crafted human resource policy will help in this area and a reminder memo beforehand can help place staff on-guard. Better still, consider making the party staff-only, keeping customers well away from the ‘danger zone’.
The most obvious, and bluntest form of risk reduction is simply not to have an office Christmas party, but despite the risks, there are also positive benefits to the festive event. It shows staff that they are important and that the company does not have a ‘Scrooge’ mentality. They can also be strong networking events. This coupled with the simple the fact that staff are enjoying themselves together and socialising outside their normal working environment can have positive benefits on morale and employee relations. The trick is to be able to manage the liabilities and the reputational risks without negating any positive morale benefits.
For more pearls of wisdom visit www.continuitycentral.com and be sure to visit Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident. For further information visit www.businesscontinuityexpo.co.uk
Business Continuity – or is it? Are we missing the point??
By Dominic Hill, Consultant, Siemens Enterprise Communications Limited
There have been a number of papers and presentations recently looking at the nature of Business Continuity (BC) and tools used to deliver it – from the future of the BIA to the importance of building evacuations. With the imminent arrival of Part 2 of the British Standard for Business Continuity Management (BS 25999-2), there will be a defined management system – the BCMS - and a means of measuring performance of Business Continuity capabilities, should organisations choose to do so. But are we missing something? Have we created our own definition of continuity?
The Oxford English Dictionary (1999 edition) defines continuity as “the unbroken and consistent existence or operation of something over a period of time”.
In BS 25999-1:2006, business continuity is defined as “strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level”.
In this definition, the “unbroken and consistent existence” has been replaced with “plan for and respond to” and “continue”, words which imply reaction and recovery. If we look at the services offered within the BC/DR arena today, it is easy to see the focus on responding to incidents and recovering capabilities in:
This is laudable, nay essential, as the BC manager’s maxim should be “Expect the unexpected”! But do these services really provide continuity for the business? It could be argued that this is really business recovery, although for some that term has its own distinct meaning. Are we missing something? Would it not be even better to avoid the incident or business interruption in the first place, leaving the recovery for when there is no other option?
Why have a disaster if you can avoid it?
Many organisations spend a significant amount of money and effort on recovery capabilities and the associated plans, but neglect to address the issues that would make the operation more resilient and less in need of recovery in the first place. Could that money be better spent on disaster avoidance in the first place? To a degree the answer is going to be dependent upon the state of the organisation, its ability to change and the willingness, of those in charge, to accept risk.
A key tenet of BS 25999 is “embedding the BCM culture within the organisation” and this is probably the single most important thing when it comes to being pro-active about disasters. When a system, regardless of whether it is business or IT, is designed and operated with continuity in mind, the subsequent need to mitigate risks with recovery capabilities can be reduced.
Resilience: The unbroken operation
In order for a system to have unbroken operation, the threats to that operation must be reduced or removed. When BCM is a recognised part of the daily processes, and not something that gets retrofitted in the later stages of the system lifecycle, it is easy to consider these potential threats at the start of that lifecycle. Typically the causes of threats include:
Location of the system – This has a wide scope and should consider location at all levels – both physically (geographically and within the campus and building) and logically (within the organisation). Taking as an example a new IT system, are there opportunities to implement it in a location discrete from main user population as well as from physical risks arising from location and environmental factors.
From the business viewpoint, the who and how should be considered. Does the system require input from certain members of staff whose roles make them unlikely to be available at the same time? Is specialist knowledge vested in a single individual, thus creating a potential single point of failure?
Access to the system – Again this works at both physical and logical levels. Again considering an IT example, there is little point in implementing a new system and a corresponding recovery capability if the system is situated in a location that does not afford it appropriate protection – environmentally or from a physical security point of view. A classic technology example is siting critical equipment in an IT suite that is used by members of IT staff as a shortcut to other parts of the building. A large number of incidents arise from human error in some shape or form, accidents do happen.
Similarly from a business viewpoint – especially in these days of increased concerns over the safety of data – who has access to what, by what means and for what purpose must be considered. For example, are personnel records only available as paper copies – if so where are they held, is it secure?
Design of the system – A single IT system can look cheaper than a design that addresses potential single points of failure with some sort of redundancy of functionality. On paper that is. When the cost of the corresponding recovery capability is included the picture may be very different. Similar arguments exist for non-IT tasks, where the ability for multiple teams (possibly on different sites) to carry out the same activity can address not only loss of site scenarios but also loss of staff – whether through pandemic or other cause.
Systems documentation - or the lack of it - In today’s fast moving world it is not uncommon for less than ideal documentation to be produced during the development phases, as the pressure to deploy the system increases. Limited documentation leads to a potential lack of understanding of how things work, which increases the threat of mistakes. Furthermore it is very hard to maintain and protect the system if it is not clearly understood where the interdependencies lie and the possible impacts when changes occur around it.
Understanding the business is one of the four stages in B2 25999 and is as essential to the resilience aspects of BC as to the recovery aspects. Good systems documentation has a major part to play in this.
Control of changes to the system – most systems will, after an initial period, operate in a steady state, until something changes! This is especially true in IT, which due to the ever developing nature of the technology is probably subject to more change than most business processes – the changes occurring in the form of software patches, upgrades, hardware enhancements for capacity improvements etc. The same can also be seen in the non-IT space, where changes to business process manifest as the results of mergers and acquisitions or the outsourcing of parts of the operation. By controlling the way change occurs – especially considering the impacts from all aspects – the threat from change can be minimised.
When these areas are considered throughout the whole lifecycle of a system and appropriate decisions made, the result will be a more resilient system that is fit for the purpose for which it was intended. As with anything in the BC space, this is not rocket science, just common sense, but it appears to be something that is often ignored in favour of cheaper or short-term solutions or because the challenges are too great.
Challenges associated with implementing resilience
Implementing resilience can have significant challenges associated with it, including:
Total Cost of Continuity
This is a variant of the well known “Total cost of ownership” concept and is proposed here as a means to understand exactly what costs are incurred in providing true continuity for an organisation.
Typically organisations look at their recovery contracts, sum the costs and label the result as the cost of BC. This is misleading as it takes no account of the cost involved in setting up and maintaining BC within the organisation. In particular it ignores the cost of resources required for the exercising (testing) of recovery plans, both IT and non-IT. These costs can be quite considerable when the effort required for preparation and carrying out exercises across the different departments is considered, but they are often lost within the operational costs of the departments involved. Also. the more specialist the recovery processes the more resource is required, in addition to a potential for greater frequency of exercising (to ensure that all appropriate staff gain the necessary experience).
If a more realistic approach is taken and the resource and exercising costs (in particular) are included, the total cost of continuity may well look very different. This may provide sufficient justification for implementing a more robust design that negates the need for much recovery.
Outsourcing
More and more the outsourcing of discrete parts of operation is seen as a cost saving exercise. While this may be true, there may also be benefits in the form of decoupling those parts of the operation physically as well as logically. Resilience may be improved, but out of sight is out of mind as the saying goes – so the emphasis shifts to one of supplier management, which must be supported by carefully prepared and suitably detailed legal contracts. This is an area of BC that is experiencing rapid growth as organisations mature in their own continuity capabilities and start to look more closely at those suppliers (outsourcers included) on which they depend.
Change as a mechanism for delivering resilience (and hence continuity)
Applying changes to an existing system in order to improve resilience is rarely easy – especially if it involves withdrawing previous access. It is easy to argue that things “have always been done that way” and that disasters had not occurred so change is unnecessary. The point can be illustrated with statistics, but not conclusively, for either side! The governing factor must be what is best for the unbroken operation of the business in a fit for purpose solution.
Fortunately, change can work in favour of these attempts to achieve resilience. In the area of technology (not exclusive to IT) the need to refresh equipment every three or four years provides an opportunity to implement measures to improve resilience. Similarly in the business space, changes in process, whether brought about by technology or changes in business practice, can be used to improve resilience here too.
Summary
While the typical focus of BC today is arguably on recovery activities, there is much to be gained from the pro-active side of continuity – providing the unbroken operation in a way that is fit for purpose. Maybe the time has now come for attention to be paid to this much neglected area of BC; maybe it will be the next to mature? After all, why have a disaster if you don’t need to?
Siemens Enterprise Communications Limited will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
There have been a number of papers and presentations recently looking at the nature of Business Continuity (BC) and tools used to deliver it – from the future of the BIA to the importance of building evacuations. With the imminent arrival of Part 2 of the British Standard for Business Continuity Management (BS 25999-2), there will be a defined management system – the BCMS - and a means of measuring performance of Business Continuity capabilities, should organisations choose to do so. But are we missing something? Have we created our own definition of continuity?
The Oxford English Dictionary (1999 edition) defines continuity as “the unbroken and consistent existence or operation of something over a period of time”.
In BS 25999-1:2006, business continuity is defined as “strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level”.
In this definition, the “unbroken and consistent existence” has been replaced with “plan for and respond to” and “continue”, words which imply reaction and recovery. If we look at the services offered within the BC/DR arena today, it is easy to see the focus on responding to incidents and recovering capabilities in:
- The provision of disaster recovery services;
- The provision of work area recovery services;
- The variety of software to generate, maintain and disseminate plans;
- A plethora of communications tools allowing call cascades and other abilities.
This is laudable, nay essential, as the BC manager’s maxim should be “Expect the unexpected”! But do these services really provide continuity for the business? It could be argued that this is really business recovery, although for some that term has its own distinct meaning. Are we missing something? Would it not be even better to avoid the incident or business interruption in the first place, leaving the recovery for when there is no other option?
Why have a disaster if you can avoid it?
Many organisations spend a significant amount of money and effort on recovery capabilities and the associated plans, but neglect to address the issues that would make the operation more resilient and less in need of recovery in the first place. Could that money be better spent on disaster avoidance in the first place? To a degree the answer is going to be dependent upon the state of the organisation, its ability to change and the willingness, of those in charge, to accept risk.
A key tenet of BS 25999 is “embedding the BCM culture within the organisation” and this is probably the single most important thing when it comes to being pro-active about disasters. When a system, regardless of whether it is business or IT, is designed and operated with continuity in mind, the subsequent need to mitigate risks with recovery capabilities can be reduced.
Resilience: The unbroken operation
In order for a system to have unbroken operation, the threats to that operation must be reduced or removed. When BCM is a recognised part of the daily processes, and not something that gets retrofitted in the later stages of the system lifecycle, it is easy to consider these potential threats at the start of that lifecycle. Typically the causes of threats include:
Location of the system – This has a wide scope and should consider location at all levels – both physically (geographically and within the campus and building) and logically (within the organisation). Taking as an example a new IT system, are there opportunities to implement it in a location discrete from main user population as well as from physical risks arising from location and environmental factors.
From the business viewpoint, the who and how should be considered. Does the system require input from certain members of staff whose roles make them unlikely to be available at the same time? Is specialist knowledge vested in a single individual, thus creating a potential single point of failure?
Access to the system – Again this works at both physical and logical levels. Again considering an IT example, there is little point in implementing a new system and a corresponding recovery capability if the system is situated in a location that does not afford it appropriate protection – environmentally or from a physical security point of view. A classic technology example is siting critical equipment in an IT suite that is used by members of IT staff as a shortcut to other parts of the building. A large number of incidents arise from human error in some shape or form, accidents do happen.
Similarly from a business viewpoint – especially in these days of increased concerns over the safety of data – who has access to what, by what means and for what purpose must be considered. For example, are personnel records only available as paper copies – if so where are they held, is it secure?
Design of the system – A single IT system can look cheaper than a design that addresses potential single points of failure with some sort of redundancy of functionality. On paper that is. When the cost of the corresponding recovery capability is included the picture may be very different. Similar arguments exist for non-IT tasks, where the ability for multiple teams (possibly on different sites) to carry out the same activity can address not only loss of site scenarios but also loss of staff – whether through pandemic or other cause.
Systems documentation - or the lack of it - In today’s fast moving world it is not uncommon for less than ideal documentation to be produced during the development phases, as the pressure to deploy the system increases. Limited documentation leads to a potential lack of understanding of how things work, which increases the threat of mistakes. Furthermore it is very hard to maintain and protect the system if it is not clearly understood where the interdependencies lie and the possible impacts when changes occur around it.
Understanding the business is one of the four stages in B2 25999 and is as essential to the resilience aspects of BC as to the recovery aspects. Good systems documentation has a major part to play in this.
Control of changes to the system – most systems will, after an initial period, operate in a steady state, until something changes! This is especially true in IT, which due to the ever developing nature of the technology is probably subject to more change than most business processes – the changes occurring in the form of software patches, upgrades, hardware enhancements for capacity improvements etc. The same can also be seen in the non-IT space, where changes to business process manifest as the results of mergers and acquisitions or the outsourcing of parts of the operation. By controlling the way change occurs – especially considering the impacts from all aspects – the threat from change can be minimised.
When these areas are considered throughout the whole lifecycle of a system and appropriate decisions made, the result will be a more resilient system that is fit for the purpose for which it was intended. As with anything in the BC space, this is not rocket science, just common sense, but it appears to be something that is often ignored in favour of cheaper or short-term solutions or because the challenges are too great.
Challenges associated with implementing resilience
Implementing resilience can have significant challenges associated with it, including:
- Cost;
- Outsourcing/Supply chain management;
- How to get there from here
Total Cost of Continuity
This is a variant of the well known “Total cost of ownership” concept and is proposed here as a means to understand exactly what costs are incurred in providing true continuity for an organisation.
Typically organisations look at their recovery contracts, sum the costs and label the result as the cost of BC. This is misleading as it takes no account of the cost involved in setting up and maintaining BC within the organisation. In particular it ignores the cost of resources required for the exercising (testing) of recovery plans, both IT and non-IT. These costs can be quite considerable when the effort required for preparation and carrying out exercises across the different departments is considered, but they are often lost within the operational costs of the departments involved. Also. the more specialist the recovery processes the more resource is required, in addition to a potential for greater frequency of exercising (to ensure that all appropriate staff gain the necessary experience).
If a more realistic approach is taken and the resource and exercising costs (in particular) are included, the total cost of continuity may well look very different. This may provide sufficient justification for implementing a more robust design that negates the need for much recovery.
Outsourcing
More and more the outsourcing of discrete parts of operation is seen as a cost saving exercise. While this may be true, there may also be benefits in the form of decoupling those parts of the operation physically as well as logically. Resilience may be improved, but out of sight is out of mind as the saying goes – so the emphasis shifts to one of supplier management, which must be supported by carefully prepared and suitably detailed legal contracts. This is an area of BC that is experiencing rapid growth as organisations mature in their own continuity capabilities and start to look more closely at those suppliers (outsourcers included) on which they depend.
Change as a mechanism for delivering resilience (and hence continuity)
Applying changes to an existing system in order to improve resilience is rarely easy – especially if it involves withdrawing previous access. It is easy to argue that things “have always been done that way” and that disasters had not occurred so change is unnecessary. The point can be illustrated with statistics, but not conclusively, for either side! The governing factor must be what is best for the unbroken operation of the business in a fit for purpose solution.
Fortunately, change can work in favour of these attempts to achieve resilience. In the area of technology (not exclusive to IT) the need to refresh equipment every three or four years provides an opportunity to implement measures to improve resilience. Similarly in the business space, changes in process, whether brought about by technology or changes in business practice, can be used to improve resilience here too.
Summary
While the typical focus of BC today is arguably on recovery activities, there is much to be gained from the pro-active side of continuity – providing the unbroken operation in a way that is fit for purpose. Maybe the time has now come for attention to be paid to this much neglected area of BC; maybe it will be the next to mature? After all, why have a disaster if you don’t need to?
Siemens Enterprise Communications Limited will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
Don’t leave your keys on display
TWO thieves were caught stealing a car in Kent, England, after fishing its keys out of a hallway through a letterbox.
The bungled attempt has led police to warn people to keep their keys safe – and not display them to thieves through doors and windows.
A resident of a town in Kent was woken in the early hours of a morning and looked out of the window to see two men rolling his car down the driveway.
The car keys had, according to police, been fished out of the hallway using an “implement” through the letterbox of the property.
The advice therefore is and must be to take a few seconds to put keys in an out of sight place, perhaps a drawer or cupboard that isn’t near to an entrance door or to a window. A proper key cabinet, one that can be locked, maybe even, might be a good idea too. In that instance, if used diligently, one also always knows, theoretically, where the keys are when one wants them.
© Michael Smith (Veshengro), December 2007
The bungled attempt has led police to warn people to keep their keys safe – and not display them to thieves through doors and windows.
A resident of a town in Kent was woken in the early hours of a morning and looked out of the window to see two men rolling his car down the driveway.
The car keys had, according to police, been fished out of the hallway using an “implement” through the letterbox of the property.
The advice therefore is and must be to take a few seconds to put keys in an out of sight place, perhaps a drawer or cupboard that isn’t near to an entrance door or to a window. A proper key cabinet, one that can be locked, maybe even, might be a good idea too. In that instance, if used diligently, one also always knows, theoretically, where the keys are when one wants them.
© Michael Smith (Veshengro), December 2007
CDP – Buzz Vs Benefit
Ian Masters, UK sales and marketing director at Double-Take Software, discusses Continuous Data Protection (CDP) to separate the buzz from the benefits. For organisations focused on solving real-world problems, understanding the distinction will help them make the best choice to safeguard their electronic assets.
There is some uncertainty in the market over what defines CDP. The Storage Networking Industry Association (SNIA) defines CDP as “a methodology that continuously captures or tracks data modifications and stores changes independent of the primary data, enabling recovery from any point in the past. CDP systems can provide fine granularity of restorable objects to infinitely variable recovery points”.
The capabilities described by the SNIA definition of CDP are not trivial. They require a technology solution that stores all data changes as they happen and can arbitrarily return to infinite points in time to recover previous versions of data. This makes true CDP a very expensive proposition for customers. This expense may be difficult to justify when an organisation’s data isn’t perceived as sufficiently valuable and even where the value is recognised, most can’t afford these types of CDP solutions. In this sense, true true-CDP products are a solution to a problem that customers cannot afford to solve.
Companies are instead opting for near-CDP solutions or backup and recovery solutions that integrate CDP-like capabilities. While solutions based on the strictest definitions of CDP may eventually gain momentum in the market as the enabling technology comes down in price, the majority of businesses don't have a Recovery Point Objective (RPO) that requires, and justifies, this type of CDP. There is clearly a need for something that provides better recoverability than tape but is simple and affordable enough to deploy across the enterprise, not just on a few systems.
Another issue affecting take up of CDP is that it has traditionally taken a very narrow approach to business continuity. Solutions have mainly focused on file-level recovery and not application data like that created by Microsoft Exchange Server or Microsoft SQL Server. If the first line of defense in a disaster recovery solution is protecting the data, the second is undoubtedly protecting the application. Providing a real-time copy of the data and availability of the application associated with it, enables a Recovery Time Objective (RTO) significantly better than that provided by solutions like tape backup or CDP. CDP provides no provision for RTO and focuses solely on RPO, which is only half of the customer challenge.
While true-CDP solutions have not gained widespread traction, the promise of CDP, despite its problems, thrives. It does so in the form known as near-CDP. Many traditional backup vendors have differentiated themselves from their competitors by integrating CDP capabilities into existing solutions rather than attacking the concept head-on. These solutions provide many, but not infinite, points of recovery. This satisfies most customers’ RPO goals far more readily than relying on retrieval from tape-based solutions by providing snapshot copies of important data for recovery purposes.
Though near-CDP promises to be an easy way to augment the backup solutions that customers use today, it still doesn’t account for the complete recovery of a company’s business critical systems. To the end-user, recovery isn’t complete until they are able to resume their work where they left off. This means not only restoring a previous version of the data but also the operating systems and applications and all the other aspects that are required to give users access to that information. Double-Take Software believes the future of CDP lies in hybrid solutions that incorporate an overall recovery management strategy combining data replication and protection, application availability and point-in-time recovery.
Alternatives exist today that provide this unified approach to recovery. In these solutions, asynchronous file-based replication is combined with application availability and snapshot technologies to fulfill at least the spirit, if not the definition, of CDP. In terms of data protection, real-time replication provides for the continuous capture of changes to protected data and the storage of those changes separate from the production data. If needed, a company can recover to this real-time copy of the data in the event of a major disaster. Because these solutions are typically based on byte-level replication, including features such as compression and bandwidth throttling, they are more efficient at moving data across long distances when compared to the data movement technologies employed by purebred CDP solutions.
For recovery from unwanted changes such as those caused by human error, viruses, or corruption, disk-based snapshot capabilities allow rollback to multiple (albeit not infinite) copies of the protected data. Disk-based snapshots are usually difference-based (copy on write technology) and consume less storage space. Their periodic nature also further reduces storage requirements when compared to keeping infinitely accessible copies of data changes. A combination of data replication and disk-based snapshots ensure that the RPO goals for a company’s data can be met.
Where these solutions truly exceed the promise of CDP is their ability to ensure RTO goals as well as RPO goals. By continuously monitoring the availability of the production systems and failing over to a secondary system in the event of an outage, they provide an RTO of minutes rather than hours or days. Most true-CDP solutions today do not provide any high availability for the applications creating the data and instead leave recovery to the IT administrator who is most likely using a complex, manual, time consuming process.
Evaluating the Options
No solution is ‘one size fits all’. Each company’s business is unique so each business continuity recovery plan will be different. However, the high-level approach to business continuity planning is generally the same. The key to business continuity and recovery planning is to first understand the impact an outage, loss or major disaster would have on your ability to provide a product or service and then pick the right procedures and tools to minimise that impact.
The first recommendation we make is to assess and rank each of the business systems within your organisation and assign the appropriate level of protection to them. Not all systems require the same levels of protection; in fact, some may not need protection at all. Successful plans account for this and are able to restore systems defined as business-critical as rapidly as possible while making the most of limited resources. The challenge for most companies in prioritizing these systems and choosing the right solution is simply a matter of quantifying the value of the data the solutions protect and calculating the Return on Investment (ROI).
Summary
The reality of CDP is that it has not lived up to the buzz it generated. This is not because the promise of CDP isn’t appealing to customers but because CDP, as narrowly defined by industry organisations, was not permitted the opportunity to integrate with other data protection and recovery capabilities. A hybrid solution combines the best of CDP with the best of continuous data replication and application availability while keeping costs down. Successful vendors will continue to build CDP into their products where it is appropriate and successful IT organisations will learn to use the technology in a way that best addresses all of its recovery goals while staying within budget and without sacrificing capabilities.
Double-Take Software will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
There is some uncertainty in the market over what defines CDP. The Storage Networking Industry Association (SNIA) defines CDP as “a methodology that continuously captures or tracks data modifications and stores changes independent of the primary data, enabling recovery from any point in the past. CDP systems can provide fine granularity of restorable objects to infinitely variable recovery points”.
The capabilities described by the SNIA definition of CDP are not trivial. They require a technology solution that stores all data changes as they happen and can arbitrarily return to infinite points in time to recover previous versions of data. This makes true CDP a very expensive proposition for customers. This expense may be difficult to justify when an organisation’s data isn’t perceived as sufficiently valuable and even where the value is recognised, most can’t afford these types of CDP solutions. In this sense, true true-CDP products are a solution to a problem that customers cannot afford to solve.
Companies are instead opting for near-CDP solutions or backup and recovery solutions that integrate CDP-like capabilities. While solutions based on the strictest definitions of CDP may eventually gain momentum in the market as the enabling technology comes down in price, the majority of businesses don't have a Recovery Point Objective (RPO) that requires, and justifies, this type of CDP. There is clearly a need for something that provides better recoverability than tape but is simple and affordable enough to deploy across the enterprise, not just on a few systems.
Another issue affecting take up of CDP is that it has traditionally taken a very narrow approach to business continuity. Solutions have mainly focused on file-level recovery and not application data like that created by Microsoft Exchange Server or Microsoft SQL Server. If the first line of defense in a disaster recovery solution is protecting the data, the second is undoubtedly protecting the application. Providing a real-time copy of the data and availability of the application associated with it, enables a Recovery Time Objective (RTO) significantly better than that provided by solutions like tape backup or CDP. CDP provides no provision for RTO and focuses solely on RPO, which is only half of the customer challenge.
While true-CDP solutions have not gained widespread traction, the promise of CDP, despite its problems, thrives. It does so in the form known as near-CDP. Many traditional backup vendors have differentiated themselves from their competitors by integrating CDP capabilities into existing solutions rather than attacking the concept head-on. These solutions provide many, but not infinite, points of recovery. This satisfies most customers’ RPO goals far more readily than relying on retrieval from tape-based solutions by providing snapshot copies of important data for recovery purposes.
Though near-CDP promises to be an easy way to augment the backup solutions that customers use today, it still doesn’t account for the complete recovery of a company’s business critical systems. To the end-user, recovery isn’t complete until they are able to resume their work where they left off. This means not only restoring a previous version of the data but also the operating systems and applications and all the other aspects that are required to give users access to that information. Double-Take Software believes the future of CDP lies in hybrid solutions that incorporate an overall recovery management strategy combining data replication and protection, application availability and point-in-time recovery.
Alternatives exist today that provide this unified approach to recovery. In these solutions, asynchronous file-based replication is combined with application availability and snapshot technologies to fulfill at least the spirit, if not the definition, of CDP. In terms of data protection, real-time replication provides for the continuous capture of changes to protected data and the storage of those changes separate from the production data. If needed, a company can recover to this real-time copy of the data in the event of a major disaster. Because these solutions are typically based on byte-level replication, including features such as compression and bandwidth throttling, they are more efficient at moving data across long distances when compared to the data movement technologies employed by purebred CDP solutions.
For recovery from unwanted changes such as those caused by human error, viruses, or corruption, disk-based snapshot capabilities allow rollback to multiple (albeit not infinite) copies of the protected data. Disk-based snapshots are usually difference-based (copy on write technology) and consume less storage space. Their periodic nature also further reduces storage requirements when compared to keeping infinitely accessible copies of data changes. A combination of data replication and disk-based snapshots ensure that the RPO goals for a company’s data can be met.
Where these solutions truly exceed the promise of CDP is their ability to ensure RTO goals as well as RPO goals. By continuously monitoring the availability of the production systems and failing over to a secondary system in the event of an outage, they provide an RTO of minutes rather than hours or days. Most true-CDP solutions today do not provide any high availability for the applications creating the data and instead leave recovery to the IT administrator who is most likely using a complex, manual, time consuming process.
Evaluating the Options
No solution is ‘one size fits all’. Each company’s business is unique so each business continuity recovery plan will be different. However, the high-level approach to business continuity planning is generally the same. The key to business continuity and recovery planning is to first understand the impact an outage, loss or major disaster would have on your ability to provide a product or service and then pick the right procedures and tools to minimise that impact.
The first recommendation we make is to assess and rank each of the business systems within your organisation and assign the appropriate level of protection to them. Not all systems require the same levels of protection; in fact, some may not need protection at all. Successful plans account for this and are able to restore systems defined as business-critical as rapidly as possible while making the most of limited resources. The challenge for most companies in prioritizing these systems and choosing the right solution is simply a matter of quantifying the value of the data the solutions protect and calculating the Return on Investment (ROI).
Summary
The reality of CDP is that it has not lived up to the buzz it generated. This is not because the promise of CDP isn’t appealing to customers but because CDP, as narrowly defined by industry organisations, was not permitted the opportunity to integrate with other data protection and recovery capabilities. A hybrid solution combines the best of CDP with the best of continuous data replication and application availability while keeping costs down. Successful vendors will continue to build CDP into their products where it is appropriate and successful IT organisations will learn to use the technology in a way that best addresses all of its recovery goals while staying within budget and without sacrificing capabilities.
Double-Take Software will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
Fact Sheet: Creating a Culture of Preparedness Among Schools
The U.S. Department of Homeland Security (DHS) offers a wide-range of emergency preparedness resources to help schools create safe and secure environments for their students. Emergency preparedness is an important responsibility shared by all individuals as well as communities, including schools. In order to advance school preparedness nationwide, DHS offers several planning and training resources to help local schools prepare comprehensive all-hazard emergency preparedness plans that are exercised regularly and developed in partnership with their community leaders and first responders.
- Safe School Initiative: Established in collaboration by the U.S. Secret Service and the U.S. Department of Education’s Safe and Drug Free Schools Program, the Safe School Initiative (SSI) focuses on prevention and provides useful information about the thinking and behavior of students who commit acts of targeted violence in our nation’s schools. One of the key recommendations of the SSI was that schools form multidisciplinary threat assessment teams to assist with identifying, assessing and managing students who may pose a threat of targeted violence. An interactive CD-ROM, titled A Safe School and Threat Assessment Experience: Scenarios Exploring the Findings of the Safe School Initiative, complements the published documents of the Safe School Initiative. The CD is available to law enforcement and school safety personnel across the country and can be ordered via the Department of Education website at http://www.edpubs.org/.
- Protecting Our School’s Infrastructure: DHS’ Office of Infrastructure Protection (OIP) has developed and issued Characteristics and Common Vulnerabilities, Potential Indicators of Terrorist Activity, and Protective Measures reports for public and private schools (K-12) and higher education institutions. With dual benefits in addressing both terrorism and criminal-related security issues, these resources are available to local law enforcement and school officials to help identify site-specific vulnerabilities, anomalies or incidents that may precede a terrorist attack or other kind of harmful incident, and certain measures that can be taken to better protect and create a safer environment. DHS has conducted over 40 Site Assistance Visits at schools to help officials identify potential vulnerabilities as well as Soft Target Awareness Courses that address the security of schools and higher education institutions.
- Protecting Against Man-Made or Terrorist Incidents: The DHS Federal Emergency Management Agency (FEMA) offers a series of manuals and publications to help schools address their physical design and layout as part of a mitigation process to protect against terrorist attacks and natural disasters. These materials include: Design Guide for Improving School Safety in Earthquakes, Floods and High Winds; Primer to Design Safe School Projects in Case of Terrorist Attacks; Incremental Seismic Rehabilitation of School Buildings (K-12): Providing Protection to People and Buildings; and FEMA Mitigation Case Studies Protecting School Children from Tornadoes: State of Kansas School Shelter Initiative.
- School Preparedness Training Courses: FEMA also offers several courses – both online and in-person, through the Emergency Management Institute to help schools and district personnel develop emergency plans for all-hazards. Through “train-the-trainer” courses, FEMA links school personnel with first responders, law enforcement, public health officials and others to discuss different needs and decisions that may arise during an emergency such as transportation, food and health, medical assistance, facility management, and communication. More information on available courses may be found at http://training.fema.gov/emiweb.
- Lessons Learned Information Sharing (LLIS): Established to help first responders, emergency planners and managers, and homeland security partners prevent, prepare for, and respond to terrorism, this web portal includes valuable best practices and lessons learned information, including a section on school emergency planning. Additional information may be found at https://www.llis.gov.
- DHS “READY” Campaign: A national public service advertising campaign produced by The Advertising Council in partnership with the Department of Homeland Security, the Ready Campaign is designed to educate and empower Americans to prepare for and respond to emergencies, including natural disasters and potential terrorist attacks. Ready Kids is the newest addition the campaign and provides a family-friendly tool to help parents and teachers educate children, ages 8-12, about emergencies and how they can help their families better prepare. Individuals interested in more information about family, business and community preparedness can visit www.ready.gov or call 1-800-BE-READY to receive free materials.
- Citizen Corps: Created by President Bush in 2002, Citizen Corps provides Americans of all abilities with opportunities to gain information, training, and hands-on volunteer opportunities that increase community preparedness and resilience to all types of hazards. Headquartered at FEMA, there are more than 2,220 Citizen Corps Councils nationwide. These councils operate at the community level bringing public and private sectors together with local government, emergency managers, voluntary organizations, and first responders to coordinate disaster preparedness planning and response efforts in our communities. Schools are encouraged to partner with local Councils to integrate school emergency plans with community plans; coordinate alert systems; and educate, train and exercise the school community. Visit www.citizencorps.gov for more information.
- Funding and Additional Resources: DHS offers several grant programs to State and local governments with potential applicability to school-related violence or terrorism. States and local governments make the decision as to whether this program may be applied to educational facilities. Information on DHS grants is available at www.grants.gov.
Are You Getting Value from Your BIA?
James R. Mitchell, CBCP
Director, eBRP Solutions, Inc.
Cost vs. Benefit
The standard practice of conducting a Business Impact Analysis (BIA) to determine the basic recovery requirements (Mission Critical Processes, RTO’s, RPO’s, Critical Applications, Suppliers, and other Resources) is a vital phase of every Business Continuity Management program.
The BIA process can be long and difficult – no matter what data collection method is used. Is the return on your BIA investment (time, manpower and resources) offset by the value of the results?
If a BIA is a fundamental part of BCM, the underlying cost may simply be a necessary evil. But, when a BIA is a one-time ‘project’ – as in many organizations – is the cost realistically proportional to the value?
Some organizations conduct a BIA expecting to repeat the process at regular intervals. However, once the initial BIA is completed and the true cost known, such expectations are often abandoned.
Focus on change
Failure to update a BIA is a leading cause of Recovery Plan failure. Change is the only constant in business. A BCM program lacking up-to-date BIA data yields Plans that don’t reflect the organization’s true requirements.
Intending to update a BIA is easy; yet the update process often fails.
Consider the effort required to complete the original BIA: questionnaire preparation, distribution and collection; interviews to “normalize” the results, plus the cost of analysis and report generation.
Often, the original BIA process “project”, may take three to eight months. Significant business changes make the prospect of repeating that lengthy process daunting. Postponing the update may be rationalized. Like most things in life, postponing difficult tasks allows them to grow more unwieldy
To streamline the process, the updated BIA must focus on the changes – rather than repeat the entire process. It is likely that much of the information from the earlier BIA is still valid. The update process simply entails drilling down to which business processes have changed, and how those changes affect the original BIA results. Of course, the method used to conduct the earlier BIA will determine just how easy – or how difficult – the update process becomes.
In Information Technology, an updating process is generally ongoing (Change Management) because IT changes have a direct impact on daily operations. In business operations, changes occur regularly, but are seldom, if ever, documented. (To be fair, no matter how robust the IT program, not every organization consistently correlates its Change Management information with its DR Plan.)
The Whole is Greater than the sum of its Parts
Is it sufficient for individual business process “Owners” or function leaders to update their own critical resource requirements? Yes, if the update method allows for the capture of changes in enterprise-wide dependencies (on other processes, applications, etc.). But no effective update can be conducted in a vacuum; any change to critical dependencies or resources is likely to have a corresponding affect upon those dependent processes.
While it may be efficient for a process team to update its own BIA, only by collecting and integrating changes across the enterprise can the true impact of business changes emerge.
The Path of Least Resistance
Frequently, the cost of updating a BIA (in manpower and time) is perceived as unjustifiably high. Not updating a BIA may become an accepted risk. BCM management may opt to focus on BC/DR Plan updating (assuming most process owners understand the impacts of change and will modify their Plans appropriately) without revising the BIA. The more burdensome the BIA process, the higher the propensity not to repeat it.
Once made, such a decision often becomes institutionalized. Later, the failure to reflect fundamental changes in the organization’s structure may result in flawed Plans and a failed recovery. With luck, flaws show up in a test or exercise – not a real life incident.
What’s in your Toolbox?
Does your existing BIA format lend itself to manipulation? Or do you have to start from scratch? Do you use software that integrates BIA and Plan development?
Does the BIA format lend itself to the use of collaborative tools? Can business process owners gain access to the original BIA survey? Network- or Web-based collaborative tools reduce the pain of updating a BIA, while enabling monitoring and auditing of the process by the BCM leaders or planners.
Assess your options, and pick a BIA updating method that works best for your situation. It may not be free, it may be time-consuming, and it may not be painless. But it will pay dividends if you have a disruptive event.
An out-of-date BIA exponentially increases the chances of Plan failure. The BIA provides the core upon which an organization’s Plans depend. Without up-to-date BIA information, the validity of Plans should be questioned, and their successful execution must be suspect.
eBRP Solutions, Inc will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
Director, eBRP Solutions, Inc.
Cost vs. Benefit
The standard practice of conducting a Business Impact Analysis (BIA) to determine the basic recovery requirements (Mission Critical Processes, RTO’s, RPO’s, Critical Applications, Suppliers, and other Resources) is a vital phase of every Business Continuity Management program.
The BIA process can be long and difficult – no matter what data collection method is used. Is the return on your BIA investment (time, manpower and resources) offset by the value of the results?
If a BIA is a fundamental part of BCM, the underlying cost may simply be a necessary evil. But, when a BIA is a one-time ‘project’ – as in many organizations – is the cost realistically proportional to the value?
Some organizations conduct a BIA expecting to repeat the process at regular intervals. However, once the initial BIA is completed and the true cost known, such expectations are often abandoned.
Focus on change
Failure to update a BIA is a leading cause of Recovery Plan failure. Change is the only constant in business. A BCM program lacking up-to-date BIA data yields Plans that don’t reflect the organization’s true requirements.
Intending to update a BIA is easy; yet the update process often fails.
Consider the effort required to complete the original BIA: questionnaire preparation, distribution and collection; interviews to “normalize” the results, plus the cost of analysis and report generation.
Often, the original BIA process “project”, may take three to eight months. Significant business changes make the prospect of repeating that lengthy process daunting. Postponing the update may be rationalized. Like most things in life, postponing difficult tasks allows them to grow more unwieldy
To streamline the process, the updated BIA must focus on the changes – rather than repeat the entire process. It is likely that much of the information from the earlier BIA is still valid. The update process simply entails drilling down to which business processes have changed, and how those changes affect the original BIA results. Of course, the method used to conduct the earlier BIA will determine just how easy – or how difficult – the update process becomes.
In Information Technology, an updating process is generally ongoing (Change Management) because IT changes have a direct impact on daily operations. In business operations, changes occur regularly, but are seldom, if ever, documented. (To be fair, no matter how robust the IT program, not every organization consistently correlates its Change Management information with its DR Plan.)
The Whole is Greater than the sum of its Parts
Is it sufficient for individual business process “Owners” or function leaders to update their own critical resource requirements? Yes, if the update method allows for the capture of changes in enterprise-wide dependencies (on other processes, applications, etc.). But no effective update can be conducted in a vacuum; any change to critical dependencies or resources is likely to have a corresponding affect upon those dependent processes.
While it may be efficient for a process team to update its own BIA, only by collecting and integrating changes across the enterprise can the true impact of business changes emerge.
The Path of Least Resistance
Frequently, the cost of updating a BIA (in manpower and time) is perceived as unjustifiably high. Not updating a BIA may become an accepted risk. BCM management may opt to focus on BC/DR Plan updating (assuming most process owners understand the impacts of change and will modify their Plans appropriately) without revising the BIA. The more burdensome the BIA process, the higher the propensity not to repeat it.
Once made, such a decision often becomes institutionalized. Later, the failure to reflect fundamental changes in the organization’s structure may result in flawed Plans and a failed recovery. With luck, flaws show up in a test or exercise – not a real life incident.
What’s in your Toolbox?
Does your existing BIA format lend itself to manipulation? Or do you have to start from scratch? Do you use software that integrates BIA and Plan development?
Does the BIA format lend itself to the use of collaborative tools? Can business process owners gain access to the original BIA survey? Network- or Web-based collaborative tools reduce the pain of updating a BIA, while enabling monitoring and auditing of the process by the BCM leaders or planners.
Assess your options, and pick a BIA updating method that works best for your situation. It may not be free, it may be time-consuming, and it may not be painless. But it will pay dividends if you have a disruptive event.
An out-of-date BIA exponentially increases the chances of Plan failure. The BIA provides the core upon which an organization’s Plans depend. Without up-to-date BIA information, the validity of Plans should be questioned, and their successful execution must be suspect.
eBRP Solutions, Inc will be exhibiting at the Business Continuity Expo and Conference held at EXCEL Docklands from 2- 3rd April 2008 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident.
For further information visit www.businesscontinuityexpo.co.uk
NATIONAL AND INTERNATIONAL SECURITY – THE THREATS, THE RESPONSES, THE OPPORTUNITIES
Insights into US homeland security science and technology priorities, expert analysis of a range of threats from terrorism to pandemics, and examination of major security programmes in the UK and overseas are all features of the International Security & National Resilience (ISNR London) conference, which will be held at London’s Olympia from 3-5 December 2007. ISNR London incorporates the former APTS show.
DAY 1
Top US Department of Homeland Security official to give insights
Day One of ISNR London is designated the US Department of Homeland Security 2007 Science & Technology Stakeholders International Conference – the first ever initiative of its type to be staged in the UK. The S&T Directorate is the gateway to the US Department of Homeland Security for private sector and academic solutions providers and this event will provide a unique opportunity for conference delegates from the UK and other European countries to meet with senior DHS leaders.
The Honourable Jay M Cohen, the Department’s Under Secretary, Science & Technology, will lead the plenary level insights into how the DHS S&T Directorate is employing science and technology to enhance security and safety. Participants will include the S&T Directors of Transition, Research and Innovation.
DAYS 2 AND 3
Highlights include:
Matching capability with threats
The plenary session will be led by Admiral Sir Alan West, Parliamentary Under-Secretary of State for Security and Counter-terrorism; Dr Paul Weissenberg, Director, Aerospace, GMES, Security and Defence, Enterprise and Industry Directorate General, EU Commission and the Honourable Jay Cohen. Three of the world’s most senior government representatives will discuss how new strategies and technologies are being adopted to enhance security on a national and international level.
Terrorist attack scenarios
The key issues concerning critical infrastructure protection will be put under the microscope by leading experts. Global and generic threats, including terrorism and pandemics, will be examined, and insights provided into UK and wider European CIP policy. A significant new feature for a conference of this type is two table-top exercise scenarios on defeating the terrorist threat to CIP. The subjects are an attack on a major event and a city centre.
Illegal migration threat
E-borders is a key component of UK Government’s border transformation programme and central to its strategy for immigration and asylum. The conference stream on integrated border management will feature a session examining the major milestones of this multi-billion pound programme. There will also be analysis of the security consequences of illegal migration, a factor which is changing the social, economic and political landscapes of communities on a global basis.
The challenge of Al Qaeda
Internal security, policing and intelligence are high on virtually every government’s agenda. The challenges addressed in this stream include changing Al Qaeda operational patterns in Europe, the recruitment of terrorists via the web and the impact of global insecurity on the UK. Also examined is the role that the media can play in the event of a major crisis and how it can be used more effectively to disrupt a threat.
NATO – an opportunity
The role of the NATO Technology Development Programme is to identify national capability gaps and achieve common approaches to technology requirements. A dedicated session will highlight the requirement gaps in the NATO programme and how they can be exploited by potential suppliers.
For further information please contact Victoria Bailey or Nick Johnstone at CMS Strategic on Tel: +44 (0)20 8748 9797 or email: info@cmsstrategic.com
For more information about ISNR London please visit: www.isnrlondon.com or contact Richard Clarke, Event Director, Tel: +44 (0) 208 910 7142 or email: richard.clarke@reedexpo.co.uk
DAY 1
Top US Department of Homeland Security official to give insights
Day One of ISNR London is designated the US Department of Homeland Security 2007 Science & Technology Stakeholders International Conference – the first ever initiative of its type to be staged in the UK. The S&T Directorate is the gateway to the US Department of Homeland Security for private sector and academic solutions providers and this event will provide a unique opportunity for conference delegates from the UK and other European countries to meet with senior DHS leaders.
The Honourable Jay M Cohen, the Department’s Under Secretary, Science & Technology, will lead the plenary level insights into how the DHS S&T Directorate is employing science and technology to enhance security and safety. Participants will include the S&T Directors of Transition, Research and Innovation.
DAYS 2 AND 3
Highlights include:
Matching capability with threats
The plenary session will be led by Admiral Sir Alan West, Parliamentary Under-Secretary of State for Security and Counter-terrorism; Dr Paul Weissenberg, Director, Aerospace, GMES, Security and Defence, Enterprise and Industry Directorate General, EU Commission and the Honourable Jay Cohen. Three of the world’s most senior government representatives will discuss how new strategies and technologies are being adopted to enhance security on a national and international level.
Terrorist attack scenarios
The key issues concerning critical infrastructure protection will be put under the microscope by leading experts. Global and generic threats, including terrorism and pandemics, will be examined, and insights provided into UK and wider European CIP policy. A significant new feature for a conference of this type is two table-top exercise scenarios on defeating the terrorist threat to CIP. The subjects are an attack on a major event and a city centre.
Illegal migration threat
E-borders is a key component of UK Government’s border transformation programme and central to its strategy for immigration and asylum. The conference stream on integrated border management will feature a session examining the major milestones of this multi-billion pound programme. There will also be analysis of the security consequences of illegal migration, a factor which is changing the social, economic and political landscapes of communities on a global basis.
The challenge of Al Qaeda
Internal security, policing and intelligence are high on virtually every government’s agenda. The challenges addressed in this stream include changing Al Qaeda operational patterns in Europe, the recruitment of terrorists via the web and the impact of global insecurity on the UK. Also examined is the role that the media can play in the event of a major crisis and how it can be used more effectively to disrupt a threat.
NATO – an opportunity
The role of the NATO Technology Development Programme is to identify national capability gaps and achieve common approaches to technology requirements. A dedicated session will highlight the requirement gaps in the NATO programme and how they can be exploited by potential suppliers.
For further information please contact Victoria Bailey or Nick Johnstone at CMS Strategic on Tel: +44 (0)20 8748 9797 or email: info@cmsstrategic.com
For more information about ISNR London please visit: www.isnrlondon.com or contact Richard Clarke, Event Director, Tel: +44 (0) 208 910 7142 or email: richard.clarke@reedexpo.co.uk
Airport security is 'little better' after 9/11
27 Jun 07
By Steven Vickers
A top security analyst is expected to launch a damning attack on airport security when he chairs the TranSec World Expo Aviation Security Conference in Amsterdam today.
Chris Yates, the Principal of Yates Consulting, believes that the current regulatory framework is stifling important advances in the global aviation security regime.
Speaking before the event, he said: “Six years on from the September 11 attacks on New York and Washington DC security is little better. The cosmetic changes, including the nonsensical ban on sharps which has now thankfully been lifted, the equally ridiculous present restriction on cabin baggage which should be lifted and the vaguely ludicrous limitation on the quantity of liquid, gel or paste products which gives rise to much confusion and ire amongst the travelling public, has and continues to cost this industry dear.”
He continued, “These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats”.
“These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats.”
Chris Yates, Principal of Yates Consulting
According to statistics from the International Air Transport Association, worldwide expenditure on airport security has risen by US$5.6 billion annually since September 11th 2001.
The IATA and Airports Council International have raised concerns that despite investment, national regulators have continued to thwart appropriate responses to the threats the industry faces. Instead they believe that the regulators are favouring a one size fits all policy which hurts passengers, airlines and airports.
Yates, who is also due to chair the expo’s workshop on biometrics and access control said, “Regulators must take onboard technological advances, harness those advances and deploy or require deployment accordingly.”
By Steven Vickers
A top security analyst is expected to launch a damning attack on airport security when he chairs the TranSec World Expo Aviation Security Conference in Amsterdam today.
Chris Yates, the Principal of Yates Consulting, believes that the current regulatory framework is stifling important advances in the global aviation security regime.
Speaking before the event, he said: “Six years on from the September 11 attacks on New York and Washington DC security is little better. The cosmetic changes, including the nonsensical ban on sharps which has now thankfully been lifted, the equally ridiculous present restriction on cabin baggage which should be lifted and the vaguely ludicrous limitation on the quantity of liquid, gel or paste products which gives rise to much confusion and ire amongst the travelling public, has and continues to cost this industry dear.”
He continued, “These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats”.
“These cosmetic measures generate no appreciable gain in security and underscore the fact that regulators are devoid of answers to modern day threats.”
Chris Yates, Principal of Yates Consulting
According to statistics from the International Air Transport Association, worldwide expenditure on airport security has risen by US$5.6 billion annually since September 11th 2001.
The IATA and Airports Council International have raised concerns that despite investment, national regulators have continued to thwart appropriate responses to the threats the industry faces. Instead they believe that the regulators are favouring a one size fits all policy which hurts passengers, airlines and airports.
Yates, who is also due to chair the expo’s workshop on biometrics and access control said, “Regulators must take onboard technological advances, harness those advances and deploy or require deployment accordingly.”
FDA: Throw away toothpaste made in China
The government warned consumers on Friday to avoid using toothpaste made in China because it may contain a poisonous chemical used in antifreeze. Out of caution, the Food and Drug Administration said, people should throw away toothpaste with labeling that says it was made in China. The FDA is concerned that these products may contain diethylene glycol.
The agency is not aware of any poisoning from toothpaste in the United States, but it did find the antifreeze ingredient in a shipment at the U.S. border and at two retail stores: a Dollar Plus store in Miami and a Todo A Peso store in Puerto Rico.
Officials said they are primarily concerned about toothpaste sold at bargain retail outlets. The ingredient in question, called DEG, is used as a lower-cost sweetener and thickening agent. The highest concentration of the chemical found in toothpaste so far was between 3 percent and 4 percent of the product's overall weight.
"It does not belong in toothpaste even in small concentrations," said the FDA's Deborah M. Autor.
The FDA increased its scrutiny of toothpaste made in China because of reports of contamination in several countries, including Panama.
The agency is particularly concerned about chronic exposure to DEG in children and in people with kidney or liver disease.
Agency officials said they had no estimate of how many tubes of tainted toothpaste might have made it into the U.S.
"Our concern today is potentially about all toothpaste that comes in from China," Autor said. "Our estimate is that China makes up about $3.3 million of the $2 billion U.S. toothpaste market."
The agency also issued an import alert Friday for all dental products containing DEG. The alert means toothpaste from China will be stopped at the border, she said.
Companies that make brands previously found with DEG will have to prove the toothpaste is free of the chemical before it's allowed into the country. Meanwhile, all other brands of Chinese-made toothpaste will be stopped for testing, something the agency has been doing since May 23.
The import alert posted by the government says DEG has been improperly used in a variety of sedatives, syrups and cough medicines worldwide. Most recently, a cough syrup containing DEG resulted in more than 40 deaths in Panama last September.
The alert says the agency found DEG in three products manufactured by Goldcredit International Trading in China. The products are Cooldent Fluoride, Cooldent Spearmint and Cooldent ICE. Analysis of the products revealed they contained between 3 percent and 4 percent DEG.
The agency also found the chemical in one product manufactured by Suzhou City Jinmao Daily Chemical Co. in China. Analysis of that product, Shir Fresh Mint Fluoride Paste, found it contained about 1 percent DEG.
China's food safety problems have in recent months become a matter of international concern, a situation reflected in trade talks between Chinese and U.S. officials in Washington last week.
Most notably, on March 15, FDA learned that certain pet foods were sickening and killing cats and dogs. FDA found contaminants in vegetable proteins imported into the United States from China and used as ingredients in pet food.
___
On the Net:
FDA Import Alert: http://www.fda.gov/ora/fiars/ora_import_ia6674.html
The agency is not aware of any poisoning from toothpaste in the United States, but it did find the antifreeze ingredient in a shipment at the U.S. border and at two retail stores: a Dollar Plus store in Miami and a Todo A Peso store in Puerto Rico.
Officials said they are primarily concerned about toothpaste sold at bargain retail outlets. The ingredient in question, called DEG, is used as a lower-cost sweetener and thickening agent. The highest concentration of the chemical found in toothpaste so far was between 3 percent and 4 percent of the product's overall weight.
"It does not belong in toothpaste even in small concentrations," said the FDA's Deborah M. Autor.
The FDA increased its scrutiny of toothpaste made in China because of reports of contamination in several countries, including Panama.
The agency is particularly concerned about chronic exposure to DEG in children and in people with kidney or liver disease.
Agency officials said they had no estimate of how many tubes of tainted toothpaste might have made it into the U.S.
"Our concern today is potentially about all toothpaste that comes in from China," Autor said. "Our estimate is that China makes up about $3.3 million of the $2 billion U.S. toothpaste market."
The agency also issued an import alert Friday for all dental products containing DEG. The alert means toothpaste from China will be stopped at the border, she said.
Companies that make brands previously found with DEG will have to prove the toothpaste is free of the chemical before it's allowed into the country. Meanwhile, all other brands of Chinese-made toothpaste will be stopped for testing, something the agency has been doing since May 23.
The import alert posted by the government says DEG has been improperly used in a variety of sedatives, syrups and cough medicines worldwide. Most recently, a cough syrup containing DEG resulted in more than 40 deaths in Panama last September.
The alert says the agency found DEG in three products manufactured by Goldcredit International Trading in China. The products are Cooldent Fluoride, Cooldent Spearmint and Cooldent ICE. Analysis of the products revealed they contained between 3 percent and 4 percent DEG.
The agency also found the chemical in one product manufactured by Suzhou City Jinmao Daily Chemical Co. in China. Analysis of that product, Shir Fresh Mint Fluoride Paste, found it contained about 1 percent DEG.
China's food safety problems have in recent months become a matter of international concern, a situation reflected in trade talks between Chinese and U.S. officials in Washington last week.
Most notably, on March 15, FDA learned that certain pet foods were sickening and killing cats and dogs. FDA found contaminants in vegetable proteins imported into the United States from China and used as ingredients in pet food.
___
On the Net:
FDA Import Alert: http://www.fda.gov/ora/fiars/ora_import_ia6674.html
China Crafts Cyberweapons
The People's Liberation Army (PLA) continues to build cyberwarfare units and develop viruses to attack enemy computer systems as part of its information-warfare strategy, the U.S. Department of Defense (DOD) warned in a report released on Friday.
"The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks," the annual DOD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years.
These capabilities are part of China's ongoing military modernization efforts, which have seen the country add dozens of high-tech fighters and ballistic missiles to its arsenal. China isn't alone in building the capability to attack an enemy's computer systems. The U.S. and other countries have developed similar abilities.
The PLA's virus-writing efforts have been underway for years, reflecting the importance that China apparently attaches to information warfare. As early as 2000, the DOD warned, "China has the capability to penetrate poorly protected U.S. computer systems and potentially could use CNA [computer network attacks] to attack specific U.S. civilian and military infrastructures."
In recent years, the PLA has begun training more seriously for computer attacks, including them as part of larger military exercises in 2005.
The main focus of China's military modernization efforts are Taiwan, an island nation that China views as a renegade province. The two separated in 1949 after a civil war between the Communist and Nationalist armies, with the Nationalist forces retreating to Taiwan. China has long threatened to attack Taiwan if the island formally declares independence, and the expansion of China's military capabilities are largely geared towards a possible attack against Taiwan.
"A limited military campaign could include computer network attacks against Taiwan’s political, military, and economic infrastructure to undermine the Taiwan population’s confidence in its leadership," the report said.
But the U.S., which would likely intervene in a Chinese attack on Taiwan, is also a potential target, it said.
"The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks," the annual DOD report on China's military warned. At the same, Chinese armed forces are developing ways to protect its own systems from an enemy attack, it said, echoing similar warnings made in previous years.
These capabilities are part of China's ongoing military modernization efforts, which have seen the country add dozens of high-tech fighters and ballistic missiles to its arsenal. China isn't alone in building the capability to attack an enemy's computer systems. The U.S. and other countries have developed similar abilities.
The PLA's virus-writing efforts have been underway for years, reflecting the importance that China apparently attaches to information warfare. As early as 2000, the DOD warned, "China has the capability to penetrate poorly protected U.S. computer systems and potentially could use CNA [computer network attacks] to attack specific U.S. civilian and military infrastructures."
In recent years, the PLA has begun training more seriously for computer attacks, including them as part of larger military exercises in 2005.
The main focus of China's military modernization efforts are Taiwan, an island nation that China views as a renegade province. The two separated in 1949 after a civil war between the Communist and Nationalist armies, with the Nationalist forces retreating to Taiwan. China has long threatened to attack Taiwan if the island formally declares independence, and the expansion of China's military capabilities are largely geared towards a possible attack against Taiwan.
"A limited military campaign could include computer network attacks against Taiwan’s political, military, and economic infrastructure to undermine the Taiwan population’s confidence in its leadership," the report said.
But the U.S., which would likely intervene in a Chinese attack on Taiwan, is also a potential target, it said.
Awareness
Being totally aware of your surroundings at all times is most important when it comes to personal safety and personal security, and this is not only so in unfamiliar ground.
The example of a home invasion robbery that happened not so long ago somewhere in the United States could save as a reminder here that we must be most vigilant on our own turf. The father of the family had stepped outside the door (it was not mentioned, as far as I can remember whether this was the front door or the back) for a smoke during the night and upon going back in failed to do any kind of safety check and he was followed in by two men with guns who then subjected the family including children to a ordeal lasting somewhat of an hour while ransacking the house.
Your home security is only as good as you. You must always remember that. The same applies to your personal security.
Even the best home alarms, unless they happen to be those with panic buttons (fine if you can get to one of them) and constant monitoring, do not help if you do not ensure that you do not have uninvited guests right behind you when you step inside of your home.
Nothing, not even the best technology, can ever substitute for your own vigilance.
The same also applies when you step out of your home, your personal fortress, into the wide open world out there. Have a way of ensuring visually, and if you can do and afford electronic measures so much the better, that the coast is clear, that no possible assailant or burglar, wishing to gain entry the easy way into your home by pushing you back inside, is lurking around.
You are more in danger, in my view, in surroundings that are familiar to you, such as your “home turf”, what the villains in England would call “manor”, than in a strange neighborhood or even town or country. Why is that? Because on your home manor, th area that you move in every day you are more relaxed, as a rule, and your personal security perimeter is closer and you let people come closer to you than that would be the case if you were moving thru an area unfamiliar to you. On our home patch we very often let our guard down and don't perceive the threats that may be lurking as quickly as we would in other instances. But this guard must not slip. Towards people you know personally and with whom you are on friendly terms even if as acquaintances only the guard can be lowered but anyone in your own area that you do not know must be perceived as a potential threat. Vigilance in your own garden, on your landing, if you live in an apartment, in your own roads, has to be as acute and sharp as in unfamiliar territory.
Always watch your six o'clock!, as they say. Make it a habit to look behind you every so often, develop good peripheral vision and learn to be totally aware of your surroundings at all times.
I have personally made it to a habit to come to a semi-stop and to turn around rather sharp and abruptly frequently, though in an unpredictable manner and pattern, to ensure than I am not being followed, stalked and targeted, and that not only in unfamiliar surroundings but even in places that I know and where I live. I probably do this more so when it is getting darker or in the mornings before it is fully light but I also do do that rather as a norm during daylight hours.
Too many people who do become victims of a crime are not aware (enough) of their surroundings and especially nowadays are rather distracted, mostly by the fact that they have earphones on listening to their MP3 players, which are often turned up way too loud with the high volume making them deaf to their surroundings, or are chatting on the cell phones. Not only are those people deaf to their surroundings but they are in fact most of the time entirely oblivious to what is going on around them and move, it seems, entirely in a loittle world of their own. Anyone behaving like that might as well be wearing a sign saying “target” on their back.
© M V Smith, May 2007
The example of a home invasion robbery that happened not so long ago somewhere in the United States could save as a reminder here that we must be most vigilant on our own turf. The father of the family had stepped outside the door (it was not mentioned, as far as I can remember whether this was the front door or the back) for a smoke during the night and upon going back in failed to do any kind of safety check and he was followed in by two men with guns who then subjected the family including children to a ordeal lasting somewhat of an hour while ransacking the house.
Your home security is only as good as you. You must always remember that. The same applies to your personal security.
Even the best home alarms, unless they happen to be those with panic buttons (fine if you can get to one of them) and constant monitoring, do not help if you do not ensure that you do not have uninvited guests right behind you when you step inside of your home.
Nothing, not even the best technology, can ever substitute for your own vigilance.
The same also applies when you step out of your home, your personal fortress, into the wide open world out there. Have a way of ensuring visually, and if you can do and afford electronic measures so much the better, that the coast is clear, that no possible assailant or burglar, wishing to gain entry the easy way into your home by pushing you back inside, is lurking around.
You are more in danger, in my view, in surroundings that are familiar to you, such as your “home turf”, what the villains in England would call “manor”, than in a strange neighborhood or even town or country. Why is that? Because on your home manor, th area that you move in every day you are more relaxed, as a rule, and your personal security perimeter is closer and you let people come closer to you than that would be the case if you were moving thru an area unfamiliar to you. On our home patch we very often let our guard down and don't perceive the threats that may be lurking as quickly as we would in other instances. But this guard must not slip. Towards people you know personally and with whom you are on friendly terms even if as acquaintances only the guard can be lowered but anyone in your own area that you do not know must be perceived as a potential threat. Vigilance in your own garden, on your landing, if you live in an apartment, in your own roads, has to be as acute and sharp as in unfamiliar territory.
Always watch your six o'clock!, as they say. Make it a habit to look behind you every so often, develop good peripheral vision and learn to be totally aware of your surroundings at all times.
I have personally made it to a habit to come to a semi-stop and to turn around rather sharp and abruptly frequently, though in an unpredictable manner and pattern, to ensure than I am not being followed, stalked and targeted, and that not only in unfamiliar surroundings but even in places that I know and where I live. I probably do this more so when it is getting darker or in the mornings before it is fully light but I also do do that rather as a norm during daylight hours.
Too many people who do become victims of a crime are not aware (enough) of their surroundings and especially nowadays are rather distracted, mostly by the fact that they have earphones on listening to their MP3 players, which are often turned up way too loud with the high volume making them deaf to their surroundings, or are chatting on the cell phones. Not only are those people deaf to their surroundings but they are in fact most of the time entirely oblivious to what is going on around them and move, it seems, entirely in a loittle world of their own. Anyone behaving like that might as well be wearing a sign saying “target” on their back.
Do not make yourself a victim.
Be aware of what is going on around you at all times.
Be aware of what is going on around you at all times.
© M V Smith, May 2007
China confirms bird flu outbreak
China has confirmed a new outbreak of the deadly H5N1 strain of the bird flu virus in the central province of Hunan, state media has reported.
More than 11,000 poultry died of the virus in Shijiping village near Yiyang city, the Agriculture Ministry said.
Some 53,000 birds have since been culled and officials say that the outbreak is now under control.
China's last reported case was in March, when chickens died at a poultry market near the Tibetan capital, Lhasa.
There were no reports of human infection in the latest outbreak.
A total of 15 people have died in China from the H5N1 virus and millions of birds have been culled.
Officials are working to vaccinate billions of domestic poultry by the end of May in preparation for the northward migration of wild birds in the summer, Xinhua news agency has said.
Since the H5N1 virus emerged in South East Asia in late 2003, it has claimed more than 180 lives around the world. Indonesia has been hardest hit, with more than 70 deaths.
Scientists fear the virus could mutate to a form which could be easily passed from human to human, triggering a pandemic and potentially putting millions of lives at risk.
Recognizing Hidden Weapons - Key Knife
Recognizing Hidden Weapons – Part II
This is, as you can see, Part II of the little series of articles in which I want to show you, the reader, how many items (and I am sure I will not be able to cover them all) that could be weapons concealed in one way or other.
While a person carrying one of those may not, necessarily, be carrying it with a criminal intent and may not be a terrorist but what I would like to point out is how easy it is for them to be overlooked.
Key Knife
The picture above shows a “key knife” that was given away by a company that produces machinery for the security printing industry and general print industry. While, obviously, there is again nothing wrong such a knife per se as it is only a small pen knife the fact is that if this kind of knife (and there are a variety of different kinds and styles about) is attached to a keyring together with a bunch of keys it will, to the first and second glance, and possibly even to the trained eye appear as nothing more than yet another key on that particular bunch (the picture below shows the same knife in the open position).
As I said in the last article, we must always expect the unexpected in this field, and have our wits about us. Not everything is what it looks like at first and even second glance. If you feel suspicion, check.
© M V Smith, May 2007
This is, as you can see, Part II of the little series of articles in which I want to show you, the reader, how many items (and I am sure I will not be able to cover them all) that could be weapons concealed in one way or other.
While a person carrying one of those may not, necessarily, be carrying it with a criminal intent and may not be a terrorist but what I would like to point out is how easy it is for them to be overlooked.
Key Knife
The picture above shows a “key knife” that was given away by a company that produces machinery for the security printing industry and general print industry. While, obviously, there is again nothing wrong such a knife per se as it is only a small pen knife the fact is that if this kind of knife (and there are a variety of different kinds and styles about) is attached to a keyring together with a bunch of keys it will, to the first and second glance, and possibly even to the trained eye appear as nothing more than yet another key on that particular bunch (the picture below shows the same knife in the open position).
As I said in the last article, we must always expect the unexpected in this field, and have our wits about us. Not everything is what it looks like at first and even second glance. If you feel suspicion, check.
© M V Smith, May 2007
Talmu Pedestrian Reflectors
A major advance in pedestrian road safety
Manufacturer:
Coreplast Laitila Oy
LITILA
Finland
Distributed in the UK by:
Scanglo
Hainford
Norfolk
Talmu pedestrian reflectors are CE certified according to the CE standard EN13356. This standard states the minimum requirement for reflectivity, 400 C.I.L. Talmu reflectors meet and even exceed this minimum requirement.
Pedestrian reflectors actually only work when they are being worn. That's why Talmu (Scanglo) reflectors have long lanyards and the manufacturer and distributer recommend that the reflectors are, by means of this cord, attached to the pocket lining of your outside coat. That way there are always there when you need them. When it is daylight simply pop them back into your pocket.
Find out more by visiting www.scanglo.com
Manufacturer:
Coreplast Laitila Oy
LITILA
Finland
Distributed in the UK by:
Scanglo
Hainford
Norfolk
Talmu pedestrian reflectors are CE certified according to the CE standard EN13356. This standard states the minimum requirement for reflectivity, 400 C.I.L. Talmu reflectors meet and even exceed this minimum requirement.
Pedestrian reflectors actually only work when they are being worn. That's why Talmu (Scanglo) reflectors have long lanyards and the manufacturer and distributer recommend that the reflectors are, by means of this cord, attached to the pocket lining of your outside coat. That way there are always there when you need them. When it is daylight simply pop them back into your pocket.
Find out more by visiting www.scanglo.com
Recognizing Hidden Weapons - Key Ring Knife
Recognizing Hidden Weapons
In this little series of articles I want to show you, the reader, how many items (and I am sure I will not be able to cover them all) that could be weapons concealed in one way or other. While the person carrying one of those may not, necessarily, be carrying it with a criminal intent and may not be a terrorist what I would like to point out is how easy they can be overlooked.
Key Ring Knife
The picture above shows a “key ring knife” that was given away at a trade fair. While, obviously, there is nothing wrong with that per se this is one that even this author, who was the recipient, did not immediately recognize as being a small folding knife (the picture below shows the same knife in the open position).
When attached together with a bunch of keys it is very hard to spot and I have tried this out with many security officers and even police officers, the majority of who have failed to spot it as a knife, even without keys.
Therefore, we must always expect the unexpected in this field.
As I said already, even someone barding or wishing to board a plane with this keyring on his or her person should not be seen immediately as a threat and as a potential terrorist but we must be aware that those little items exist.
© M V Smith, April 2007
In this little series of articles I want to show you, the reader, how many items (and I am sure I will not be able to cover them all) that could be weapons concealed in one way or other. While the person carrying one of those may not, necessarily, be carrying it with a criminal intent and may not be a terrorist what I would like to point out is how easy they can be overlooked.
Key Ring Knife
The picture above shows a “key ring knife” that was given away at a trade fair. While, obviously, there is nothing wrong with that per se this is one that even this author, who was the recipient, did not immediately recognize as being a small folding knife (the picture below shows the same knife in the open position).
When attached together with a bunch of keys it is very hard to spot and I have tried this out with many security officers and even police officers, the majority of who have failed to spot it as a knife, even without keys.
Therefore, we must always expect the unexpected in this field.
As I said already, even someone barding or wishing to board a plane with this keyring on his or her person should not be seen immediately as a threat and as a potential terrorist but we must be aware that those little items exist.
© M V Smith, April 2007
Guidance issued on preventing and responding to food incidents
UK, Wednesday 18 April 2007
The Food Standards Agency has published guidance to help businesses and enforcement authorities to prevent and better respond to food incidents.
The guidance has been developed by the Food Incidents Task Force, a body set up by the FSA in the wake of the Sudan I incident, to help strengthen controls in the food chain and prevent major food incidents.
The taskforce brought together experts from the food industry, consumer groups and enforcement authorities to identify good practice from previous food incidents and develop guidance for other organisations.
The guidance gives step-by-step advice about preventing food incidents, including how to identify potential hazards. It also gives practical advice about effective incident response from notification through to post-incident actions.
The guidance is designed to help anyone who is responsible for handling incidents in the food industry as well as those in local authorities. A summary version has been developed particularly for small businesses.
Nick Tomlinson, Head of the FSA’s Chemical Safety Division said: 'The incidents task force provided a unique opportunity for a range of experts to come together and share their expertise about preventing and handling food incidents.
'The food chain is complex and food incidents are difficult to eliminate altogether but we hope that providing clear, easy-to-follow information will help food businesses to reduce the likelihood of them happening. The guidance also aims to improve the handling of incidents by providing easy-to-follow advice on the steps to follow if an incident does occur.'
The principles for preventing and responding to food incidents guidance notes are available here.
The Food Taskforce was chaired by the Food Standards Agency with members drawn from:
Association of British Insurers (ABI)
British Hospitality Association (BHA)
British Retail Consortium (BRC)
Chartered Institute of Environmental Health (CIEH)
Trading Standards Institute (TSI)
Food and Drink Federation (FDF)
Local Authorities Co-ordinators of Regulatory Services (LACORS)
Small Business Council (SBC)
National Consumer Council (NCC)
National Farmers' Union (NFU)
Which?
Plus two independent members:
Richard Ayre
Professor Frank Woods
Subscribe to:
Posts (Atom)