I have upbraided SPRING Singapore and the Singapore Business Federation for failing to promote effectively Singapore’s erstwhile business continuity management (BCM) standard TR 19 between its birth in 2005 and its demise in 2008. But for stealth and invisibility, it’s hard to beat the clandestine work of Malaysia’s national standards company, SIRIM Berhad, on behalf of MS1970, Malaysia’s national BCM standard.

Yes, there is one. Surprised? Me, too. I discovered it in January. The chairman of the committee that developed it wrote me that it was released in May 2007, but I couldn’t find it anywhere in the SIRIM catalog of standards published since 2007 (searching for “1970″). If you search for “Malaysia BCM standard” in your browser, the committee chairman’s presentation slides about MS1970 comes up with a link to the Malaysian government’s Computer Emergency Response Team web site. It takes some effort to discover that you can buy MS1970 at the Malaysian Standards Online site.

Note the warning at the bottom of that screen that the standard can only be downloaded in Malaysia, which may explain why its existence has been unknown to the outside world.  Read more... (1844 words, 0 images, estimated 7:23 mins reading time)

Bank Negara Malaysia (BNM) has new BCM guidelines that became effective in January.Banks in Malaysia have until 30 June 2008 to comply with the guidelines.

Download the guidelines here (Adobe® Acrobat® PDF file, 42 pages). The document number is BNM/RH/GL 013-3, but I cannot find it on the BNM web site.

There are 17 principles in 5 categories that banks must follow: BCM framework (4 principles) and methodology (10 principles), communication with internal and external constituencies, internal audit review of a bank’s plan and responsibility for outsourced functions. There is also a glossary of terms and several appendices.

In that glossary, BNM introduces yet another abbreviation – Maximum Tolerable Downtime (MTD) – that means the same thing as the Business Continuity Institute’s obscure Maximum Tolerable Period of Disruption (MTPD). Neither term should be confused with the commonly-used “Recovery Time Objective” (RTO), which is shorter than MTD, as shown in this BNM diagram.

Do you see the “DRP” and “System Recovered” in that diagram? Even in 2008, after a decade of lexicographic struggle between I.T. and business professionals, BCM principles are still illustrated by examples of system recovery instead of business processes recovery. Will BCP ever breathe free of its technical past?  Read more... (425 words, 1 image, estimated 1:42 mins reading time)

Bank Negara Malaysia proposed guidelines “to enforce minimum BCM (business continuity management) requirements on banking institutions.” These are NOT about IT disaster recovery: if adopted, all banks would have to allocate money to BCM, submit their plans to BNM, and have their directors attest that the plans were adequate. Note: the guidelines are not on the BNM web site; at least I can’t find them there. Here is the link to BNM’s Contact Us page. And here’s visitor information about Malaysia.

Our colleagues at Juken Consultancy in Kuala Lumpur (Malaysia) spent last month trying to find any BCP regulations in Malaysia. The conclusion? Tidak apa. There are no BCP requirements in Malaysia – not from Bank Negara (the Central Bank), not from the Securities Commission, not for banks in Malaysia. There are “guidelines” (and suggestions, advice and encouragement) but no rules. Please, tell us we’re wrong.

Malaysia Medical Association‘s Society of Occupational and Environmental Medicine released guidelines for companies to prepare for an influenza outbreak. Malaysia Ministry of Health has ordered only 60,000 courses of anti-virals. Message: heal thyself; you cannot rely only on the government. Blog by docs: Malaysia Medical Resources