bk.up.co.uk Ltd

3. Business Continuity

Disasters come in all shapes and forms, from Acts of God to human error. Each can be devastating if you lose critical business data.

The business continuity management process is geared to ensuring that your organisation has an appropriate level of resilience to potential disruption. Ranging from establishing a mechanism to establish the appropriate scope to a plan for briefing the press, an effective business continuity project will ensure that when the unthinkable does come, your team know what to do, where to find the right information and assistance and how to get your business back on its feet as quickly as possible.

3.1 Project Management

Done effectively, business continuity projects require a high level of time and resource. We can provide you with high quality lead management, from experienced business continuity professionals. We can save you from wasting time and resources in reinventing the wheel!

3.2 Assistance

Here at , we have access to the leading experts in Business Continuity Planning. We can provide assistance and advice to help you protect your valuable business processes.

4. Information Security

Information Security is more than just locking up data, it's about managing the total information flow on which your business relies, about ensuring the integrity of your business lifeblood.

Information Security Management has become a vital part of your business managment; more than anything else it can make, or break your business.

4.1 Training

In addition, to our core consultancy, we undertake a great deal of training, our seminars and courses are custom designed to fit client needs and take from a morning to several days, depending on the requirements. Training is a critical part of the implementation of an information security management system and will target a number of different individuals within the organisation:

 

• senior and executive management - awareness and overview briefings
• induction seminars
• training the trainers - training internal information security trainers to run internal courses
• Information Security Toolkit - an overview of information security designed to give managers with Informatin Security as a secondary responsiblility a toolkit to help them initiate and run an information security project within their own organisations.
• awareness raising seminars - raise the important issues - what is involved with information security and why it is important.

  Contact us and see what we can do for you!

  4.2 Consultancy

  have a team of expert consultants who can help you with any of your information security worries; just some of the core information security services we provide include:

   

   

  • information security audit and benchmarking surveys
  • information security project management
  • security policy creation
  • policy implementation
  • risk analysis
  • threat analysis
  • business impact analysis

  

  ---

  5. Millennium Consultancy

  As the clock ticks away, the millennium approaches and with it potential problems for many organisations with date sensitive information systems. is treating the millennium issue as another threat to information security - we don't hype it - we look at it logically and treat it calmly.

  The millennium will impact different businesses in different ways - and whilst the core problem is relatively simple, it is clear that only a very brave organisation will offer a 100% guarantee that they will not be affected. What we can, however, do is achieve sustainablility of our critical business functions by a combination of radical prioritisation of our year 2000 activity based on business priorities and effective contingency planning to address any areas which have been missed.

  have two principle areas where we help clients with this problem; project management and project validation.

  5.1 Project Management

  A millennium conformity project is a time consuming issue. It is vital, therefore, that the time and resources are focused for maximum benefit. have a tested methodology which enables organisations to focus on what is important and to accept risk in areas which are not so critical. The overall result is that organisations can gain maximum value for their Y2K effort.

  5.2 Project Validation

  Are you being inundated by questionnaires from 3rd party organisations regarding your level of year 2000 compliance?

  Having looked at a number of the questionnaires which are being circulated, the majority have fairly major implications in terms of implied warranty. It is clear that very few organisations are going to be in a position to give this warranty. In addition,questionnaires, whilst giving a useful steer to organisations who have not addressed their year 2000 projects, are of relatively limited value in terms of assessing a realistic level of risk that the organisation in question represents to your business function.

  have developed the Millennium Validation Report . This is an independent audit of your millennium process. It focuses on process rather than content and therefore allows you to give a clear indication of the steps you have taken regarding your exposure to millennium based problems.

  When faced with a questionnaire, you need merely return a copy of the Millennium Validation Report . This will allow the third party to gain a clear indication of the progress of your project without divulging any trade secrets.

  Advantages of this approach are as follows:

   

   

  • It saves the time that you would have spent filling out forms and questionnaires
  • It gives a clear indication that you fully understand the issue
  • It does not imply warranty
  • It is completely objective
  • The validation process is a useful external check that your project has, infact covered the relevant issues.

  Make sure that you are not making another rod for your back with every questionnaire you fill out.

  

  ---

  6. Links

  This page contains a number of links to sites of interest.

  6.1 Information Security

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

  Information Security Management Sites	http://wacn.org.uk/
  Index to information security companies	http://www.securityserver.com/
  Netstore	http://www.netstore.com/
  Bk.up.co.uk Ltd	http://www.bk-up.co.uk/
  SMH	http://www.smhnet.demon.co.uk/
  Security Policies	http://www.is.monash.edu.au/
  Institute of management	http://www.inst.mgt.org.uk/
  DISA	http://www.disa.mil/infosec.html
  ISM Training	http://www.misti.com/
  British Standards Institute	http://www.bsi.org.uk/pd0007.html
  ITSEC	http://www.itsec.gov.uk/
  Ewen Associates Limited (EAL)	http://www.ewen/

  6.2 Millennium

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

  Millennium Sites
  Computer Software and Services Association (CSSA)	http://www.cssa.co.uk/
  Peter de Jager	http://www.year2000.com/
  Durham University Centre for systems management	http://www.year2000.co.uk/
  CCTA - Intended for public sector bodies	http://www.open.gov/ccta/mill/mbhome.htm
  A Legal perspective - including questionnaires	http://www.weblaw.co.uk/
  Open Group - UNIX compliance	http://www.xopen.org/public/tech/base/year2000.html
  Open Group - a notice board for interest groups	http://www.opensoftware.com/Y2k

  6.3 News

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

   

  6.4 Disaster Management

   

   

   

   

   

   

   

   

   

   

   

   

   

  News Sites:
  ABC Radio (Sound)	http://www.abcradio.ccabc.com/
  AP News	http://www.trib.com/
  CNN News	http://www.cnn.com/
  NBC News	http://www.nbc.com/
  NY Times	http://www.nytimes.com/
  Reuters News	http://www.reuters.com/
  USA Today	http://www.usatoday.com/
  Disaster Management
  General Interest
  Information Security Management
  Millennium
  News
  US Government
  Weather

   

   

  Disaster Management Sites:

   

   

   

   

   

   

   

   

   

   

   

  American Radio Relay League

   

   

  http://www.oakland.edu/barc/arrl

   

   

  American Red Cross

   

   

  http://www.crossnet.org/

   

   

  BC Provincial Emergency Program

   

   

  http://www.hoshi.cic.sfu.ca/~pep

   

   

  Canadian Council for Emergency Procedures

   

   

  http://www.alpha.netaccess-on.ca/ccep

   

   

  Canadian Red Cross

   

   

  http://web.idirect.com/

   

   

  David Baldwin's Trauma Info Pages

   

   

  http://gladstone.uoregon.edu/~dvb

   

   

  Disaster Information Network

   

   

  http://www.disaster.org/

   

   

  Disaster Information Resources Program

   

   

  http://www.vita.org/

   

   

  Disaster Recovery Journal

   

   

  http://www.drj.com/

   

   

  Disaster Resources

   

   

  http://www.ag.uiuc.edu/~disaster

   

   

  Disaster Response & Resource

   

   

  http://www.interaction.org/ia

   

   

  Emotional Trauma Page

   

   

  http://gladstone.uoregon.edu/~dvb

   

   

  EPIC

   

   

  http://hoshi.cic.sfu.ca/~anderson

   

   

  GriefNet

   

   

  http://rivendell.org/

   

   

  HazardNet

   

   

  http://hoshi.cic.sfu.ca/~hazard

   

   

  LifeLinks

   

   

  http://www.clickit.com/touch

   

   

  Natural Hazards Research

   

   

  http://www.disaster.net/

   

   

  North American Center for Emergency Communications

   

   

  http://www.winternet.com/

   

   

  Recovery Times

   

   

  http://hoshi.cic.sfu.ca/~peg

   

   

  
  

   

   

  
  

  

  ---

  Tom Fairfax, 08 July 1998