In the past, W. Edwards Deming, a leading force providing a methodology to introduce quality driven processes into organizations, used to do an exercise called the Red Bead Exercise to demonstrate the stability of predictive systems in organizations and how they can sometimes limit innovation. Recently, Jay Rollins, authored an article in TechRepublic’s IT Leadership newsletter, that pointed out that too much emphasis on standards can become a non-suportive environment within innovation driven companies. While maintaining a stable process driven company can assist a company’s efforts to comply with business continuity standards, information security standards and IT service delivery standards, Mr. Rollins does a nice job in this article to bring our attention to stay focused on that important balance between delivering a stable computing environment and the levels of innovations that so many companies need today to compete in global markets.

The lesson that Mr. Rollins claims that he gets from the “Red Bead Exercise” is not to be too strict with “foreign” software tools or hardware.  Do you agree with his position?

Click here to read this article.

The Conference Board looks into use of business continuity, disaster recovery and related standards by US organizations

The majority of US companies have a formal, written plan for emergency preparedness, according to a report released by The Conference Board. But a widely adopted certification standard for such plans does not exist yet.

Three-quarters of the 302 senior corporate executives surveyed in mid-2007 said that an emergency preparedness plan exists in their companies. The analysis was sponsored by the US Department of Homeland Security as part of an ongoing research project to assess the effectiveness of security in American companies.

The survey sample was intended to reflect the characteristics of American businesses as defined by size and industry. The sample was divided into three strata: small business (companies with $5 million to $50 million in annual sales); mid-market ($50 million to $1 billion in sales); and enterprise ($1 billion or more in sales). Within these groups of companies, the survey polled executives with responsibility for security, business continuity, crisis management, and emergency response efforts.

A ‘voluntary’ certification process for preparedness was adopted as part of the 2007 homeland security legislation (Public Law 110-53). The choice of standards that would permit certification under the law is currently under review.

"Currently, the most significant finding is that none of the many standards proposed for certification has attained widespread usage in the private sector," says Thomas Cavanagh, senior research associate, Global Corporate Citizenship, The Conference Board.

The most common standard is the ISO 27001/17799 information security standard, which has been implemented by 23 percent of the surveyed companies. Following close behind, used by 20 percent of companies, is NFPA 1600, which was endorsed as the National Preparedness Standard in 2004 by DHS, the U.S. Congress, the 9/11 Commission, and the American National Standards Institute (ANSI). Three other kinds of standards have all been implemented by 12 percent of companies.

View article…