3-day BCI Professional Certification Training
Last session in 2012
Tuesday – Thursday, 2 -4 October 2012
20% discount for first ten (10) registrations

This is Nathaniel Forbes’ highly-rated version of the Business Continuity Institute (BCI) prep course, intended to help BCM professionals pass the 125-question BCI certification exam. The course covers all six (6) practices of the BCM Lifecycle outlined in the BCI’s Good Practice Guidelines (GPG) 2010.

What are the six (6) BCM practices you must know to pass the exam?  Download Nathaniel’s free course brochure here, or email to Chris Tan at chris.tan@calamity.com.sg for your copy.

Click here for a copy of the BCI GPG 2010.

Because of his long experience teaching this course, Nathaniel covers all the material – plus his proprietary, real-world case studies – in just three (3) days instead of the usual five (5) days.

Why take BCI’s certification preparation course from Nathaniel Forbes in Singapore?
• Save time:  take just three (3) days instead of the usual five (5) days
• The highest-rated BCM instructor in Asia, year after year for 16 years
• More than BCM theory, Nathaniel shows you real-world examples
• 80%+ of the students who’ve taken this course from Nathaniel passed the exam
• Save money: Nathaniel’s course fee includes the USD 500 exam fee
• Watch Nathaniel Forbes’ introduction to our 3-day BCI training course
• Our No Fail Guarantee: if you don’t pass, you don’t pay again to retake
• Read the testimonials from our participants have to say about the course.  Read more... (416 words, 1 image, estimated 1:40 mins reading time)

Everybody’s favourite pastime: comparing themselves with others! Complete the KPMG-Continuity Insights BCM Program Benchmarking survey and maybe win this Amazon Kindle Fire.

They say it takes twenty (20) minutes to complete; the deadline is 15 January 2012. To hear how your BCM program compares to everyone else’s, register for the Continuity Insights conference in Scottsdale, Arizona (USA) in April 2012. Or just read the May 2012 issue of Continuity Insights magazine. Here are the 2007 KPMG-CI Benchmarking Survey results, for comparison.

The British Business Continuity Institute‘s Technical Director Lyndon Bird wrote in the July/August issue of BCI’s Continuity magazine that the new AS/NZ 5050 standard “does not follow…a generally accepted international view of business continuity management” and that 5050′s underlying principles were “not in line with progressive BCM thinking.”

Perhaps he can be forgiven for staging an unexpected  suicide attack on the Unbelievers from Down Under, as he was severely provoked. The SAI Global web site says AS/NZ 5050 “goes beyond many of the concepts that in the past may be been described as ‘Business Continuity Management’ or ‘BCM’”, and the Standards New Zealand web site said 5050 “[builds] on earlier concepts (often called ‘business continuity management’).”

Clearly intolerable provocation. So can we all agree that the Aussies and Kiwis started it by declaring a professional intifada? Those troublemakers.

I teach the BCI’s five-day entry-level training course, and I believe the BCI-prepared slides for that course reflect the BCI catechism on risk management (RM) and business continuity management. The orthodox BCI worldview is that RM is part of BCM, not the other way around (course module 2). On the right is the BCI’s “umbrella” slide from an earlier version of the course; note RM over there on the far left under the BCM umbrella. BCI acolytes also learn in the course that “formal risk management has limitations in dealing with unlikely but feasible catastrophic risks.” Lyndon Bird’s comment just reiterates the BCI’s long-held belief that BCM’s “progressive” priesthood focuses on consequences, not causes.
 Read more... (558 words, 1 image, estimated 2:14 mins reading time)

What do Playboy and Hustler magazines and British Standards publications have in common? You’re not allowed to see inside until you buy them.

British Standards Group released BSI Published Document (PD) 25666:2010 Business continuity management: Guidance on exercising and testing for continuity and contingency programs in July. Like a shrink-wrapped nudie magazine in a shop, you have to buy it before you can read it. Except here in Sin City, where it’s illegal. Playboy, I mean, not guidance.

A Published Document means it’s not a standard recognized by BSI (see definition 4 at this link), and that its content originated outside BSI. So this PD 25666 better have some very Prurient Details to get me to spend ninety-five (95) Great British Pounds (USD $150, SGD $200) on it sight unseen. Do these titillating blurbs from the PD 25666:2010 web page cause a bulge in your wallet?

PD 25666 “provides a framework for, or signposts to, good practice for any organization that wishes to engage in exercising activities” (‘nudge, nudge; wink, wink‘, as Monty Python‘s Eric Idle used to say); “describes the various methods of delivering exercises”; “details the parameters that need [sic] to be considered” (parameters cannot ‘need’ anything); “establishes the principles and terminology of exercising”; “describes the processes for defining the aim and objectives of exercises.”  Read more... (567 words, 1 image, estimated 2:16 mins reading time)

You have to love a risk management standard called “fifty-fifty”. All three (3) parts of Australia & New Zealand’s proposed AS/NZ 5050 standard for risk management and BCM are available for free: Part 1 is the Specification (what to do, “shall” do this, “may” do that); Part 2 is the Practice (how to do, why you “should”); Part 3 is called Assurance (controls & verification, and the first audit guidance for a BCM standard). The comment period ended last year; keep  New Zealand or Australia on your watch list for a final release.

The Sphere Handbook lists minimum standards for disaster response by NGO’s, governments and relief agencies. 400 organizations in 80 countries contributed in many languages to 8 common standards (participation of the affected individuals in response planning, for example) and specific standards in water & sanitation, food, shelter and health services. The Sphere Project also published a Humanitarian Charter in 2004 that expresses the commitment of relief agencies to the Sphere minimum standards.

Not enough standards for you? The ISO 31000:2009 standard was released in November “to harmonize risk management processes in existing and future standards.” A standard for standards? That sounds like a tough sell. The Institute of Risk Management warned that ISO 31000 “is not intended as a standard against which an organisation can be certified.” So, maybe just wait until your hear ISO 31000 mentioned about 10 times, then you’ll know it’s important enough to buy it for USD 110.  Read more... (2077 words, 0 images, estimated 8:18 mins reading time)

What does it really mean for an individual to be “certified” in business continuity?

Like the euphemism “sub-prime”, the word “certified” is losing its meaning in Asia as the number and variety of BCM certifications and their purveyors grow like vines in the jungle. Attend a course, get the certificate and poof! You’re certified!

In Asia, for example, you can become certified by the BCM Institute as a Business Continuity Certified Professional (BCCP) with no prior BCM experience if you fork out US 840, spend one day in a class and another half day answering fifty questions on a test. You do not have to answer all of them correctly. That’s a fast-track bargain by any standard. The BCMI offers plenty more certifications, too.

Or you can become certified by The International Consortium for Organizational Resilience (ICOR) in Asia as a Certified Crisis Team Leader in three days for US 2,200. Or you can become a Certified Media Spokesperson for 800 bucks – in just nine hours (no examination required). I say, bring on the Exxon Valdez disaster: your spokesman is ready.

Long on ambition but short of time? You can be certified as both a Crisis Management AND Communications Professional (CMCP) in as few as four days. It costs US$3,700, but, hey, you only have to get a ‘C’ grade (75 percent) on the exam. You must also list two years of experience, but doing what?  Read more... (2623 words, 0 images, estimated 10:30 mins reading time)

In July 2008, I wrote that Technical Reference 19 (TR 19:2005), Singapore’s proposed international standard for business continuity management (BCM), appeared to be dying a slow death and suggested that the prognosis for it might be terminal. I was wrong.

It turns out that the patient just needed cosmetic surgery. Singapore’s standards body SPRING revealed in October a new Asian face for BCM, Singapore Standard 540 (SS540). Like TR19, SS540 is a BCM standard for certification of organizations, not practitioners, but unlike TR 19, which was to be an international standard, SS540 is specifically aimed at Singapore companies and organizations.

You can buy a printed or digital copy of SS540 for SGD $47 (USD 31.00) at the SPRING Standards Shop. Here is a preview of the first five pages.

The content of SS540 is very similar to that of TR 19. The foundation matrix of policy, process, people and infrastructure considerations for each component of BCM – risk and business impact assessments, strategies, plans, testing and program management – remains the same in SS540. There are some grammatical corrections and word replacements, too.  Read more... (2603 words, 0 images, estimated 10:25 mins reading time)

This month, U.S. credit rating agency Standard & Poor’s (S&P) started evaluating the enterprise risk management (ERM) capabilities of non-financial companies that it covers. This is S&P’s announcement, and here are their answers to common questions about it.

Extrapolating a risk evaluation to a logical, eventual conclusion, if a company doesn’t have a business continuity management (BCM) program, its credit rating could be lowered. The consequence? Borrowing money would cost more, and for the large companies that S&P reviews, that could be a material consequence.

S&P already evaluates risk management at the banks, insurance, energy and agribusiness companies that it rates, and now wants to do so at companies in other sectors. These are the Asian corporates that S&P rates and these are the U.S. corporates. You’ve probably heard of their S&P 500 index of American companies. S&P also rates companies, governments and debt instruments all over the world.

Suppose one of those companies wanted to issue a bond for $200 million to build a new plant in, say, India. Suppose also that, in part to its assessment of the company’s risk management, S&P lowered its credit rating from, say, A- (upper medium grade) to BBB+ (lower medium grade). As a result, the company was forced to pay a 4.1% coupon instead of 3.9% to make the bond attractive to investors or underwriters. On $200 million, two-tenths of one percent (the difference between 4.1% and 3.9%) is $400,000.  Read more... (885 words, 0 images, estimated 3:32 mins reading time)

The authors of the Alfred P. Sloan Foundation’s Framework for Voluntary Preparedness report of January 2008 refer to Singapore’s Technical Reference for Business Continuity Management (TR19 ) as an “authoritative source” for “best practices” (page 4).

That’s pretty ironic, because here in Singapore, TR 19 has been mostly a source of derision since its release in 2005.

The marketing of TR 19 has been catastrophically bad. The target market was apparently local, small- and medium-sized enterprises (SME’s) and manufacturing companies, none of whom have paid much attention to BCP in Singapore or anywhere else world. TR 19’s promoters, local standards body SPRING Singapore and industry group Singapore Business Federation (SBF), bickered for years over the responsibility to promote the standard – so neither of them did. Outreach to individuals certain to be interested, if not supportive – local consultants and practitioners, other than those who wrote it – was, in my personal experience, half-hearted tending toward hostile. When consultants were contacted, it was to get us to work for free to draft audit guidelines for TR 19 – without support, facilities or coordination of any kind. I was in that group. We failed miserably.  Read more... (1272 words, 0 images, estimated 5:05 mins reading time)

Singapore Exchange Ltd (SGX) has issued proposed business rules on business continuity for public comment. The rules are likely to take effect for member firms in 3Q 2008, and firms would have twelve (12) months to comply. Member firms were briefed on the new rules in April.

SGX operates and regulates integrated securities and derivatives exchanges. Like many Asian exchanges, SGX is a publicly-traded (demutualized) entity; the shareholders, not the member firms, own it. These are SGX’ derivatives market members (32 trading or clearing firms) and these are the securities market members (27 firms).

If the guidelines are adopted, member firms would be required to:

1. assess their risks, complete a business impact analysis (BIA), and have “appropriate BCM measures to mitigate the risks”

2. make a senior officer responsible for BCM

3. review and test their plans regularly, and participate in financial sector exercises

4. designate and submit emergency contacts

These are not onerous requirements, and many of the member firms already have BCM programs in place. But it’s taken some time and effort to promulgate appropriate guidelines because SGX is both a market operator and a regulator. That means it must consider, in its rule-making, its commercial interests (and those of its members) alongside its fiduciary responsibilities (and those of its members).  Read more... (331 words, 0 images, estimated 1:19 mins reading time)