EIAN Management Consulting

We are happy to share this Adaptive SME Guidebook for Small to Medium Enterprises.

EIAN's co-founder and Principal Consultant, Richard Regalado is one of the authors of this guidebook which describes a pragmatic, five-phased approach for Small to Medium-sized Enterprises to manage their information risk and security arrangements.

www.iso27001security.com

Let’s provide guidance, and clarity in a highly complex world. Let us not forget why we chose to be Consultants.

Happy new year from EIAN MANAGEMENT CONSULTING SERVICES.

I always tell my clients to put premium on internal audits over 3rd-party audits. Sure, 3rd-party audits can give you a piece of paper you can hang on the wall, but the view of the 3rd-party auditors is often times, myopic.

The internal auditors are exposed to the organizational changes and challenges, personalities, attuned to the culture, and concerns such as dissatisfied customers, compliance issues, information security incidents, resource constraints, and other business realities.

As such, the internal auditors can be deployed quickly to aid in root cause analysis, corrective action planning, and the overall improvement of the organization.

The 3rd-party auditors' view is like looking, and observing at a photo, or a 5-second GIF, and generating their findings from what they see during the limited interaction time with the organization.

The internal auditors are watching a 4K video, with excellent sounds, and subtitles.

Now, who can offer a better review?

Richard Regalado
Co-founder and Principal Consultant
EIAN Management Consulting

images.unsplash.com

I was asked during the conduct of a business continuity management system (BCMS) risk management course why do companies need to perform risk treatment when business continuity plans (BCPs) are already available.

I retorted by asking "Do you have insurance for your car? Do you have healthcare? Yes? Yet you still strap on your seatbelt every time you drive your car."

The insurance policies are your BCPs. It sits there. (You have to pay for the annual premium though. Just like exercising your BCPs).

The seatbelts are your risk treatment plans. It keeps risk, the consequences thereof to be more precise, to a manageable level when the stuff decides to hit the fan.

Richard Regalado
Having coffee in my neck of the woods
Happy Friday

The Medusa ransomware group has released compressed files in zip format from PhilHealth, the Philippine Health Insurance Corporation. The release comes about two days after PhilHealth refused to pay a ransom of US$300,000. The compressed files are in 160 parts, each being 3,891MB in size. This means the total file size is approximately 622GB, with an additional 3.5GB file. While the files are now available online, John Patrick Lita, CEO and co-founder of SOROS Securities Inc., said it is dangerous to download the files as the initial link from the website of the group on the dark web contains a remote access trojan (RAT) that can compromise the privacy and security of those who will download the files.

mb.com.ph

I was asked in a public course some time ago, the difference between an ISO 22301 business continuity management system (BCMS), and the other ISO-based management system standards.

* A quality management system (QMS) is something you use every day to delight your customers.
* An environmental management system (EMS) is something you use all the time e.g., turning off the taps, putting out the lights, using the appropriate bins, etc.
* An information security management system (ISMS) is used every time you want to access or share a resource e.g., use of passwords, secure transmission of data, handle information the right way, etc.

Whereas, the main output of a business continuity management system (BCMS), the business continuity plan (BCP), is something you hope you never get the chance to use.

You want it available and updated and ready for use, and just sitting there.
Just like your trusty spare tire.

Richard Regalado
EIAN Management Consulting
Principal Consultant
Saturday morning, in my neck of the woods

Strengthening Public Service Resilience

In times of crisis, the government assumes a pivotal role as the proverbial “last man standing”, representing the foundation of stability and resilience within a society. This concept encapsulates the notion that governments must endure, and remain functional even amidst the most challenging circumstances. It is based on this premises that we are inviting you to attend a 1-day awareness of public service continuity management system or PSCMS.

We have face-to-face and remote training sessions. (October 2023)

Seats are still available:
Email: [email protected] for details and invites.

4 months ago CIS Bayad Center Inc. (CBCI) contracted us to develop and implement an Enterprise Risk Management (ERM) system and a Business Continuity Management System (BCMS). Both should be aligned to international standards - ISO 31000 and ISO 22301, and should comply with the applicable regulatory requirements of the Bangko Sentral ng Pilipinas.

Signed. Sealed. Delivered.

Earlier, we had an exit meeting with CBCI President Lawrence Ferrer to discuss our recommendations moving forward. The project would not have been that successful without the efforts of Federico B. Pepillo, Jr. MSc, CSSWB, CRA, CSRMS, CAMS, VP for Risk, Jasel Javier, Allen Candelaria, and the members of the Bayad Working Group.

In the photo are EIAN Principal Consultant Richard Regalado and Project Manager Atty. Ana Liza Arciaga, CPA, MBA.

Your business continuity strategy should be aligned with your needs.

This excerpt from ISO 27005:2022 will put to rest issues with some certification body auditors.

The country’s sole agency for the metal industry, Metals Industry Research and Development Center or MIRDC values the information they have. From researches, project documents, certifications, and customer information, all of these need the commensurate level of protection. Thus, they have embarked in a journey to formalize their information security management system (ISMS). EIAN Management Consulting is helping them preserve the information assets under their care.

Recently, we facilitated the annual review of their risk management framework, and audit programs.

The country’s largest home improvement and construction supplier turns to EIAN Management Consulting to help them formalize their business continuity management system.

When catastrophes happen, WILCON Depot should be the ”last man standing” to allow distressed individuals access to building materials. It is on this premise that we are aligning their plans to ISO 22301 BCMS standard.

Soon, we will be creating test scenarios to add confidence to the supply chain and the corporate that critical processes can be restored within pre-determined time frames.

WILCON Depot and EIAN, working hand-in-hand to serve the Filipino. 🇵🇭

media.licdn.com

ePLDT Cyber Security Operations Group (eCSOG) is now certified to ISO/IEC 27001. The external audit proves that their information security management system or ISMS conforms with International Standards, and is effective in managing risks to its information assets.

It has taken EIAN Management Consulting a little over 6 months to complete the required deliverables, from the risk management framework, documentation, audits and all required training and workshops. The result is indeed impressive - 2 positive findings and ZERO nonconformities.

Thank you ePLDT for placing your trust in EIAN Management Consulting. A partnership that has spanned decades, and numerous successes from QMS, to BCMS and many things in between.

Important announcement from ePLDT Cyber Security Operations Group (eCSOG) soon. Watch this space.

There are two risk assessment requirements in ISO/IEC 27001. Message us to find our more.

EIAN Management consultants recently reviewed the information security risk registers of DOST MIRDC. Atter more 2 years of hiatus, the project is gaining traction as we anticipate certification this Q1 of 2023.

When the National Disaster Risk Reduction and Management Council or NDRRMC issued its memo for government agencies to have their own public service continuity plans (PSCPs), one of the first agencies to heed its call is the Department of Science and Technology Region V office. PSCPs allow organizations to quickly recover their most critical processes during catastrophes and other disruptions to continue serving the general public.

DOST V is well on its way as we recently completed the testing of their plans from 7 locations including the head office in Legazpi City.

An important ingredient in implementing management systems is strong commitment from the leadership, and a competent working group.

EIAN Management Consulting’s unique approach guides organizations to meet their goals.

Risk management training and workshop for ISO 9001 and ISO/IEC 27001 quality and information security management systems.

Whenever you join our training courses, you will be asked to do things in workshop sessions, either individually or in teams. Then, you will be given a chance to present your output.

Multisys is now certified to ISO/IEC 27001. Another notch in the belt of EIAN Management Consulting.

Multisys earns ISO 27001:2013, welcomes new CEO - BusinessWorld Online Following a two-stage audit conducted by international certification body TÜV Rheinland from December 2021 to June this year, Multisys Technologies Corporation was formally awarded the certification of global standards for its management system of information security.

Check for force majeure clauses and SLAs in your contracts. Your ever dependable outsourced service provider may not have the means (or the heart!) to keep up with you during a crisis.

Beyond terrestrial: space internet is here.

https://www.theverge.com/23204125/starlink-oneweb-project-kuiper-satellite-internet-service-elon-musk

How Starlink and other satellite services are changing the shape of the internet The internet goes extraterrestrial

A lot of nations contributed in making your iPhone 13.

Canada learned the hard way that business continuity is a necessity not a luxury. Two is one and one is none.

https://www.cbc.ca/news/business/rogers-outage-no-plan-b-1.6515664

Rogers outage shows need for Plan B when wireless, internet services fail, analysts say | CBC News You didn’t have to be a Rogers customer to feel the sense of dread when waking up to the news of a widespread wireless and internet outage Friday morning. The day, for millions of Canadians, was already off to a bad start.

https://9to5mac.com/2022/07/09/apple-second-most-sucessful-smartphone-vendor-q1-2022/

Apple is the second most successful smartphone vendor globally in Q1 2022, still tops premium market thanks to iPhone 13 Apple was the second most successful smartphone vendor globally in Q1 2022, according to new data. The Cupertino company falls behind Samsung, as the South Korean tech giant has 23.4% of the global market. As shown by BanklessTimes, Samsung and Apple are battling for the top manufacturer slot in the...