cle

About Charlotte Ley

This author has not yet filled in any details.
So far Charlotte Ley has created 44 blog entries.

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

High availability and disaster recovery: What lies ahead for IT in 2022

By |2021-12-13T08:11:53+01:00 13 December, 2021|News|

In 2021, IT teams had to cope with enormous changes and protect their critical operations against unprecedented threats from Covid, natural disasters, supply chain disruptions and staff shortages. Many moved mission-critical systems to the cloud and hybrid cloud and implemented advanced, application-specific high-availability clustering and disaster recovery solutions. The impact of global change and looming threats continues. What do these changes mean for IT in the coming year? Here are some predictions to consider. Multi-cloud infrastructures will become mainstream With the widespread adoption of cloud computing as a core component of today's IT infrastructures, organizations will no longer consider a single cloud for their cloud needs. Despite the added complexity of running different workloads on different clouds, a multi-cloud model will allow enterprises to select cloud offerings that are best suited for their unique application environments, availability requirements and business needs. However, enterprises should note that cloud SLAs [...]

Critical Infrastructures

By |2021-10-06T08:33:52+02:00 6 October, 2021|Interest|

Definition of critical infrastructures and their sectors Critical infrastructures (CRITIS) are, according to the German Federal Ministry of the Interior, for Construction and Homeland, "organizations and facilities of major importance to the state community, the failure or impairment of which would cause lasting supply bottlenecks, significant disruptions to public safety or other dramatic consequences." [1] This means that a failure of these infrastructures can have a major impact on the population and the state and must therefore be avoided at all costs. In the face of increasing IT dangers, the German parliament published the BSI Act on the Tasks of the Federal Office for Information Security in 2009, according to which CRITIS must meet increased requirements in the area of IT. However, this law does not define which companies, organizations and institutions are CRITIS. For this purpose, the Ordinance on the Determination of Critical Infrastructures under the BSI [...]

Leading – differences between bcm and administrative crisis management

By |2021-09-29T11:18:07+02:00 29 September, 2021|Interest|

Business continuity management can also mean "emergency and crisis management". We also find this term in the administrative sector, as in the work of civil protection. But is leadership in the event of crises really the same? This short article is intended to highlight individual differences and similarities between these two emergency and crisis management approaches so that a distinction can be made and differentiation simplified. Causes of crises The causes of crises or disasters in the field of civil protection are almost exclusively external. This means, for example, natural disasters, terrorist attacks or a technical/human failure, which leads to high risks. In the case of companies, there are two additional causes: inadequate attention to operational fluctuations up to the point of escalation and the occurrence of latent problems, which lead to high reputational damage. The crisis is therefore not only brought in from the outside, but may [...]

Comments Off on Leading – differences between bcm and administrative crisis management

The crises team

By |2021-09-27T10:52:18+02:00 27 September, 2021|crisis management, Interest|

A crisis team is a group of people with decision-making authority who plan and implement the management of a crisis. Other names are a staff for extraordinary events or a task force. No matter what such a group is called, it must have decision-making capability and be responsible for managing the crisis. Fire Service Regulation 100 on Leadership and Command in Emergency Operations (German: Feuerwehr-Dienstvorschrift 100, FwDV 100 or DV 100) describes the crisis management team as it is used in emergency response (fire department, rescue service, disaster control/civil protection). Here, it is referred to as incident command staff. For more information on the distinction between the crisis management team and the command staff, you can read our blog article on the topic of "Leading - differences between BCM and official crisis management". The FwDV 100 was created after the Lüneburg Heath fire, as leadership faced great challenges [...]

Integration of ISO standards and business continuity management under the umbrella of KTQ

By |2021-09-27T10:49:45+02:00 24 September, 2021|Norms & Standards|

The "Cooperation for Transparency and Quality in Healthcare", (german: Kooperation für Transparenz und Qualität im Gesundheitswesen, KTQ), offers a voluntary certification system, according to which hospitals and other companies in the healthcare sector can be certified. Here, certification according to KTQ offers multiple advantages, as it is specifically tailored to hospitals. The standard is based on a PDCA approach with the patient at its center. This is also where the great strengths of certification according to KTQ lie: employees and patients are at the center and are core areas of KTQ. Both documentation and practice audits are conducted by medical, nursing and economic assessors. This strength also acts as a serious disadvantage for partial aspects of certification, because technical aspects remain in the background. For the inspection within the scope of the certification, about 1.5 hours are planned in the sample inspection plan for the following topics: Overview [...]

Comments Off on Integration of ISO standards and business continuity management under the umbrella of KTQ

Modern Hospital Alarm and Response Planning

By |2021-09-24T16:37:49+02:00 24 September, 2021|Interest, Norms & Standards|

Hospitals are specialized healthcare enterprises that operate either for profit or as a public legal entity. Crisis management in hospitals is also known as "hospital alert and response planning" (german: Krankenhaus Alarm- und Einsatzplanung KAEP), this has its roots in the need to increase treatment capacity. Examples of this are mass casualty incidents (MCI) or sick cases, where the hospital has to care for significantly more patients than in regular operation. Also described in the KAEP are measures to deal with functional failures, such as power outages. Hospital processes require personnel as well as resources embedded in an organization. Support from resources such as electricity, water, sewage, hygiene, IT, materials, medicines, etc. is required with the highest availability. Organizational, billing and documentation processes occur in parallel. The intersection between a hospital and a company from a business continuity management perspective is therefore very large. The Criticality Ordinance of [...]

Comments Off on Modern Hospital Alarm and Response Planning

I think I´m having a crisis

By |2021-09-08T10:19:33+02:00 8 September, 2021|Interest|

The concept of crisis in everyday language use and the actual definition. Crisis is a frequently used term, but it has different meanings. Similarly, emergency and disaster are often used in different contexts. The map of terms shows the escalation of an event to a disaster. An event can be evaluated both positively and negatively. This means that the occurrence of an event does not generally cause damage, but can also be an impetus or an opportunity that moves the company forward. For example, a phone call can contain both good and bad news and is evaluated as an event in both cases. An incident, on the other hand, is the negative escalation of an event. It is a deviation from the normal state, but without causing massive damage. In a company, both an incident and a negative event can be handled with the general organizational structure (line [...]

Corruption is no issue in our company – Really?

By |2021-09-08T09:47:49+02:00 8 September, 2021|Interest|

Corruption generally describes a decline in morals that is based on the fact that an expectation is violated. This expectation is defined by a trust provider (a company, the public, etc.), which establishes a behavioral expectation. Corruption describes the visible breach of trust when these behavioral expectations are not met. In the company, these expectations are also called compliance. Corruption always attacks the social fabric, which is built on trust. In addition, corruption can begin as early as the time of signing the employment contract, when the offered position is to be used to fulfill one's own interests or the interests of third parties. Thus, a pretense of facts takes place here. The pretense of loyalty is also used to deceive the company and to abuse trust. Motives for corruption arise from the imbalance of one of the following needs: - Meaning - recognition - success - attention [...]

Totally normal? The BCM standards at a glance

By |2021-09-06T12:36:29+02:00 6 September, 2021|Interest|

What is actually normal? - Normal" is the term used to describe what is usual or what corresponds to the expectation. Something is also called "normal" if it conforms to a norm. A norm is generally seen as something very rigid, but a crisis is anything but. Above all, it is dynamic, constantly evolving, and does not seem to be manageable with a rigid solution. So how can a norm be used in a crisis? And why should a functioning business continuity management (BCM) standard be used as a foundation? A standard can help manage a crisis, especially if it is designed to be very flexible, like DIN EN ISO 22301. It provides a framework for building resilient structures that are necessary for crisis management. In addition, preparedness is also an essential contribution that DIN EN ISO 22301 provides for BCM, so that crises can even be prevented [...]

Go to Top