Entries tagged with “government regulation”.


Back in 2007, the 9/11 commission established a number of recommendations for the public and private sector that would help both the government and private businesses be prepared for a disaster.   Title IX of the Implementing Recommendations of the 9/11 Commission Act of 2007 (the Act.) directed the Department of Homeland Security (DHS) to develop and implement a voluntary program that would accredit and certificate private businesses have established a program using a set of standard processes that will “enhance nationwide resilience in an all hazards environment”.  This program officially known as “The Voluntary Private Sector Preparedness Accreditation and Certification Program”.  Known as PS-Prep in the business world (which I think is a heck of a lot better than VOPSPAC that sounds more like a drug to reduce upper lip sweat caused by a government initiative), it is similar to the ISO standards many companies embrace to demonstrate to their customers and potential customers an adherence to process and procedure standards designed to maintain and improve quality products and services.

Similar to ISO9000, this program is not mandatory, and does not direct the specific processes and procedures that prepare a business for a disaster.  The program does provide three different standards to be used in establishing the program and measuring the successful implementation for accrediting and certifying the program is in place and in order.  The three standards selected were determined by DHS in June of 2009 after public input to meet the comprehensive needs in the event of a disaster and can be applied to the majority of businesses. 

They are:

  • ASIS International SPC.1-2009 Organizational Resilience: Security Preparedness, and Continuity Management System – Requirements with Guidance for use (2009 Edition). Available at no cost.
  • British Standards Institution 25999 (2007 Edition) – Business Continuity Management.(BS 25999:2006-1 Code of practice for business continuity management and BS 25999: 2007-2 Specification for business continuity management) The British Standards Institution is making both parts available for a reduced fee of $19.99 each.
  • National Fire Protection Association 1600-Standard on Disaster / Emergency Management and Business Continuity Programs, 2007 and 2010 editions. Available at no cost.

Embracing PS-Prep early may be a very good thing for several reasons.

  1. Utilizing the evaluation standards can identify any holes in your business continuity program and help to plug them.
  2. It differentiates you from your competition who are not participating.
  3. The focus on risk management from the board level due to SOX and other factors will be supported.
  4. While not mandatory, it can be a contributing factor in the securing business from government and other businesses during the bid process.
  5. If you do not have a continuity or disaster recovery program, it provides frame work for developing one.

For more information on PS-Prep, visit the FEMA site, or click here.

Every business thinks of the major risks that they face during the course of the year, but there are some risks that are not given the proper attention that is deserved.  Here’s a listing of 10 “Rodney Dangerfield” risks that don’t get the respect they deserve.

  1. Reputation – Got a plan in place if your company or brand reputation is soiled? 
  2. Succession Planning – Is there a plan in place if key people in your organization are no longer there?  Who takes their place, who is the knowledge expert to keep that part of your business going?
  3. Identity theft – It doesn’t just happen on credit card transactions.  What’s the plan if your HR system gets hacked and social security numbers of your employees along with other sensitive information is taken?3. 
  4. Economic instability – Lots of people didn’t see the economic downturn coming, did you plan for the changes in revenue? 
  5. Pandemic fever – Real or imagined, have you thought about how a pandemic (Swine, Avian, Spanish, blue flu or other global, national, regional, or local illnesses) will affect your day to day operations?
  6. Fraud – You have probably put great controls in place at many of the financial touch points.  What about some of the less obvious ones?
  7. Sales and usage tax – State and local governments are looking to collect all the   to them, are you collecting or paying your fair share on things you buy and sell?
  8. Technology - Keeping up on the latest trends in your industry to see if you are ahead, even, acceptable or behind the technology wave.   Are you providing your customers with acceptable technology for the product or service you are providing?
  9. Government regulations – This doesn’t have to be just the local government, but also in the countries you are sourcing products or services from.  Are you in tune with legislation that may affect how you conduct business? 
  10. Supply chain disruption – How do you react to product lost in transit, a port shut down because of a longshoreman’s strike, and other threats to getting your product to market.  Remember, supply chain is not just about products, it can also be about services, such as the IT contractor for the new project not being available to begin on the expected start date, or your project manager taking a bit longer to complete their previous project than anticipated.

So there’s 10 risks that fly under the radar, and I am sure that you have run across many more.  Let me know your thoughts, and other items which should be added to the list.