http://www.tradearabia.com/tanews/newsdetails_snECO_article117330.html TradeArabia News Service January 09, 2007 Dubai A survey released by the advisory practice of KPMG in the UAE shows that 73 per cent of UAE companies are either operating or implementing a business continuity plan, driven by factors such as customer service, compliance and safety issues, with 57 per cent naming regulatory issues as a key concern. However, the survey also shows that only 20 to 24 per cent of companies have an enterprise-wide security or continuity plan in place, with up to 50 per cent of companies confining continuity plans to the IT department and limited critical systems. Too many companies are still assigning responsibility for continuity and availability to the IT department, rather than taking a strategic and enterprise wide approach to leveraging their investments in these programmes. Only 12 per cent of UAE companies currently have these functions reporting directly to the board, which is a common practice in leading global companies with robust security and continuity strategies. "Companies in the UAE need to take a holistic approach when investing in their business continuity and information security programmes to ensure that all areas of the business are covered, rather than addressing issues on a case to case basis," said head of IT advisory practice for KPMG in the UAE and Oman Rajeev Lalwani. Results show that companies in the UAE need to rethink their security and continuity policies to keep up with the growing international trend to integrate security and continuity functions as part of a company's overall risk management policy and strategic framework, through implementing standards such as ISO 27001. At present, 86 per cnet of the companies surveyed had not implemented a global standard. Of those that did follow the standards, 21 per cent did not cover the whole organisation. Management has a responsibility to protect information assets and preserve brand and shareholder value by ensuring the security of their information and the continuity of their business, it said. "Leading organisations leverage the strength of their information security and business continuity programmes as one of the sources of strategic and competitive advantage," said principal in the business continuity practice of KPMG in the UK Will Brown. Other noteworthy findings from the survey show a greater understanding is required on the need for geographic dispersion of disaster recovery sites. Most companies surveyed have, or plan to have, secondary recovery sites within the same city or location in which their business operates. This leaves businesses vulnerable in the event of a major disaster in that city or location. The survey also reveals that organisations recognise people as one of their weakest links, it said. "Processes are left vulnerable due to human error, negligence, lack of awareness or even the lack of staff availability during a disruption. Investment in business continuity appears to be constrained, with a majority of firms spending in the lower end of the investment spectrum," it said. _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Tue Jan 09 2007 - 22:28:25 PST