Business continuity draft Standard issued for public comment
A three part draft joint Australian and New Zealand Standard on 'Business continuity' (Management of disruption-related risk) was issued for public comment on 30 July 2009.
Every day, local, national, and world events remind organisations that things do not always go as expected. Sometimes this occurs with little or no warning. Even so, it's no longer acceptable for organisations – including governments – to have failed to recognise their exposure to the risks related to disruption and to have managed such risks effectively.
Draft Standard AS/NZS 5050:2009 Parts 1 to 3 explain how an organisation's management and governance systems can be adapted and, where necessary, strengthened, to achieve the goal of continuity (despite exposure to disruptive events or unanticipated change). It does so by applying the concepts and processes of the forthcoming international Standard on Risk management – to be known in Australia and New Zealand as AS/NZS/ISO 31000:2009.
Protecting electronic data – new international Standard
Summarised from an article by Maria Lazarte, Assistant Editor, ISO Focus, in ISO Focus magazine, June 2009.
To protect the confidentiality and integrity of new data being transferred or stored, the International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) have developed a new Standard.
Information technology – Security techniques – Authenticated encryption, ISO/IEC 19772:2009, defines authenticated encryption mechanisms. The mechanisms have been designed to maximise the level of security and provide efficient processing of data for optimum results. It specifies six encryption methods (based on a block cipher algorithm) that can be used to ensure data confidentiality, data integrity, and data origin authentication.
'ISO/IEC 19772 will give confidence to users that their data is safe,' says Professor Mitchell, Project Editor of the new Standard. 'Not only will it be useful for protecting information, but also for furthering the development of online transactions, e-businesses, and other applications involving sensitive data.'
DRAFT STANDARDS FOR COMMENT
Free to download from our website: www.standards.co.nz
DR 09053 CP Business continuity management – Part 1: Specification
Provides a structure for a business continuity management system (BCMS). The BCMS specifies requirements for developing and implementing policy, frameworks and programs to assist an organisation manage its risk to business disruption as well as build continuity and organisational resilience. Public comment on this draft closes on 10 September 2009.
DR 09054 CP Business continuity management – Part 2: Practice
May be applied to a wide range of activities, decisions or operations of any public, private, not-for profit sector, or community entity. For convenience the term 'organisation' is used throughout the Standard to denote any or all of these entities. Public comment on this draft closes on 10 September 2009.
DR 09055 CP Business continuity management – Part 3: Assurance
Provides a structure and requirements for the development and implementation of a Business Continuity Management (BCM) audit and assurance programme. The described audit and assurance methodology will assist an organisation in measuring and validating the suitability of plans and procedures to identify, assess and manage disruption risks and incidents. Where such plans and procedures aim to achieve preparedness, stabilisation, continuity and recovery and contribute to organisational resilience. Public comment on this draft closes on 10 September 2009.