1948 years ago in AD 63 an earthquake in southern Italy by the gulf of Naples seriously damaged the ancient city of Pompeii causing an undetermined number of deaths and spread out destruction, but the locals went to work rebuilding in the same spot until they were buried by the eruption of the Vesuvius volcano 16 years later in AD 79.
Galveston TX Hurricanes
Average Brushed or hit every 2.94 years Average Direct hit every 8.63 years
The Great Storm of 1900 - Sep 8th 1900 - Pop: 42,000 residents Category 4 @ 135 mph -Great loss of life between 6,000 and 12,000 individuals – officially 8,000
The 1915 Storm, August 17th, Category 4 @ 135 mph 42 people dead in the Galveston area
$60 - 1915 million dollars in damage
Ike Sep 13th 2008 - The third most destructive hurricane to ever make landfall in the United States Final landfall in Galveston Texas as a strong cat 2 with cat 5 equivalent storm surge winds extended 120 miles from the center.
Blamed for at least 195 deaths – 74 in Haiti and 112 in the USA 300 still missing. - Damages estimated at 24 billion (2008) US Dollars
Resulted in the largest evacuation in the state of Texas history and the largest search and rescue operation in US history
Chernobyl, An Experiment Gone Wrong
On Saturday, April 26th, 1986 at 1:23 am, one of the reactors at the Chernobyl nuclear power plant exploded. Ironically, the experiment consisted in testing how the power plant would respond in the event of an accident. The operators at the plant wanted to bring down the power output of the reactor to 25%, but over-confidence, poor training and poor knowledge of how a reactor works caused them to overdo it, and they ended up bringing down the power output to 1%. When they then tried to bring it up to 25%, the reactor overheated and exploded causing the worst nuclear accident in history.
Business Continuity: BCP Standards
Posted on Monday, October 15 @ 14:36:39 PDT by admin
Business Continuity Standards – Are You Prepared?
By Paul F. Kirvan, FBCI, CBCP, CISSP
As telecommunications professionals, you are certainly aware of many standards that ensure
the systems and infrastructure elements you use work correctly. Can you imagine installing
cabling without checking to make sure the components comply with TIA/EIA-568? And your
new voice over IP system should probably be compatible with things like H.323, Session
Initiation Protocol (SIP) and others.
But what about business continuity and related activities you should be doing to protect the
investments you make in telecommunications? Are you aware of the many standards,
professional practices and even legislation that address this activity? This article will update
you on some of the key compliance issues happening in the world today.
Most of you are probably familiar with legislation like Sarbanes-Oxley and the Graham-Leach-
Bliley Act. These have their roots in financial issues, and specify the need for controls and
other actions that protect companies and their customers from fraudulent activities. Disaster
recovery and business continuity programs are sometimes based on these legislative standards
However, several key standards and legislation ought to be factored into your planning for the
remainder of 2007 and into 2008. Among these are the National Fire Protection Association’s
standard NFPA 1600; the Generally Accepted Principles for Business Continuity from the DRI
International and Disaster Recovery Journal; the National Institute for Standards and
Technology 800-34, 800-30, and 800-84; and the British Standards Institute’s BS 25999 Parts
1 and 2. All are important to know when building a business continuity program.
They are also valuable if you already have BC plans and want to ensure they are compliant with the key domestic and global standards. Numerous other standards and professional practices address
business continuity, but for our purposes we will concentrate on the ones listed here. Let’s
take a brief look at each.
NFPA 1600 – Originally developed in the late 1990s to focus on emergency management,
subsequent versions incorporated business continuity. The latest update was published late in
2006. NFPA 1600 is the American national standard for business continuity.
DRII/DRJ Generally Accepted Principles (GAP) – First released in 2005, the GAP is an
evolving document, and covers all aspects of business continuity in excellent detail. It also
provides useful guidance on how to implement the recommended activities.
NIST 800 Series – The National Institute for Standards and Technology has an excellent
collection of technology-focused standards called the 800 Series. While they are written
primarily for the public sector, they are easily adaptable to private sector applications.
Standard 800-30 addresses risk management; 800-34 addresses IT continuity planning; and
800-84 describes program exercising and testing activities.
BS 25999 Parts 1 and 2 – Approved as the British national business continuity standard in
2006, BS 25999, developed by the British Standards Institute (BSI), is comprised of two parts.
The first, Part 1, is called a Code of Practice, and provides a framework for the BC process.
The second, Part 2, is called the Specifications, and provides expanded detail on the framework
outlined in Part 1. Part 2 is expected to be officially approved in October of 2007.
While these standards provide an important first step toward compliance, recently approved
legislation provides an even bigger boost. Called “Implementing the 9/11 Commission
Recommendations Act of 2007" and formally known as Public Law 110-53, the new law fulfills
many of the recommendations of the 9/11 Commission in its 2004 report, and addresses
national security, as well as public and private sector preparedness issues, including business
While all activities outlined in P.L. 110-53 are voluntary, perhaps the most
important activity is a new voluntary certification program. It will be administered by
government-approved third party firms to ensure that business continuity and related
operational resilience programs are consistent with approved standards, such as NFPA 1600
It is hoped that a voluntary certification program will provides an opportunity to
develop an effective and efficient methodology to both confirm preparedness on an operational
basis and also facilitate bottom-line benefits and incentives.
Currently, the adoption and use of business continuity standards is largely voluntary.
However, the growing number of standards and professional practices, coupled with new
legislation, show that it will be increasingly important – operationally, legally and competitively
– to build and maintain plans according to the standards.
About the author
Paul F. Kirvan, FBCI, CBCP, CISSP has 20 years experience in business continuity and over 35
years experience in telecommunications.