The U.S. Federal Emergency Management Agency (FEMA) and the joint DHS-HUD Long-Term Disaster Recovery Working Group invite comments on their proposed National Disaster Recovery Framework Draft (59 pages, 834K). But you have to hurry: the deadline is February 26, 2010. Download the NDRF draft here, and submit your comments here.

The NDRF provides a model for governments to coordinate recovery and rebuilding after disasters. It is based on eight “core principles” (page 12), two of which are new to me in a government standard.

The first, “individual & family empowerment” means giving victims of disasters opportunities and tools to participate in their own recovery, and treating them with compassion. In other words, ‘Give a man a fish and you feed him for a day. Teach a man to fish and you feed him for a lifetime.’ So a U.S. government document explicitly explicitly states that community recovery can only be successful if families and individuals also recover from their personal losses. You see that kind of verbiage in NGO Mission Statements, but never before in a government disaster policy document. We are making progress.

The other novel principle is “unity of effort,” which states that “shared priorities are built upon community consensus,” and that “stakeholders coordinate and direct recovery resources to achieve recovery priorities.” Wait, is that Kumbaya I hear in the background?  Read more... (2167 words, 1 image, estimated 8:40 mins reading time)

Singapore Exchange Ltd (SGX) has issued proposed business rules on business continuity for public comment. The rules are likely to take effect for member firms in 3Q 2008, and firms would have twelve (12) months to comply. Member firms were briefed on the new rules in April.

SGX operates and regulates integrated securities and derivatives exchanges. Like many Asian exchanges, SGX is a publicly-traded (demutualized) entity; the shareholders, not the member firms, own it. These are SGX’ derivatives market members (32 trading or clearing firms) and these are the securities market members (27 firms).

If the guidelines are adopted, member firms would be required to:

1. assess their risks, complete a business impact analysis (BIA), and have “appropriate BCM measures to mitigate the risks”

2. make a senior officer responsible for BCM

3. review and test their plans regularly, and participate in financial sector exercises

4. designate and submit emergency contacts

These are not onerous requirements, and many of the member firms already have BCM programs in place. But it’s taken some time and effort to promulgate appropriate guidelines because SGX is both a market operator and a regulator. That means it must consider, in its rule-making, its commercial interests (and those of its members) alongside its fiduciary responsibilities (and those of its members).  Read more... (331 words, 0 images, estimated 1:19 mins reading time)

Bank Negara Malaysia proposed guidelines “to enforce minimum BCM (business continuity management) requirements on banking institutions.” These are NOT about IT disaster recovery: if adopted, all banks would have to allocate money to BCM, submit their plans to BNM, and have their directors attest that the plans were adequate. Note: the guidelines are not on the BNM web site; at least I can’t find them there. Here is the link to BNM’s Contact Us page. And here’s visitor information about Malaysia.