This is a short tutorial covering the basics of time zones, ISO Time Format and daylight saving. As can be appreciated it is a very complex subject and there are further reading links at the end of the document.

Time Zones

A time zone is a region of the Earth. The Earth is divided into 24 zones –12 through 0 to +12. Each one is 15 degrees of latitude as measured East and West from the Prime Meridian line, which is 0 degrees latitude. Each time zone is also an hour apart as the earth rotates at 15 degrees per hour.

This line runs through the Royal Observatory in Greenwich, England. The Royal Observatory was established in 1675 amongst other things to perfect the art of navigation.

The measurement of time is fundamental to the functioning of modern society and in particular navigation and technology.

Variations in time zone do exist to take into account geographical boundaries as can be seen from the time zone map below.

There are both civilian and military designations for time zones.

The civilian ones typically use three letter abbreviations, for example EST. Military/Aviation designations use letters of the alphabet (except J, J is not found in all languages) and are known by their phonetic name. A to M are for zones East of Greenwich and N to Y are for zones West of Greenwich. Z is GMT.

These designations follow the numeric time

GMT = Greenwich Mean Time (civilian)

Z = Zulu (military)

The most commonly known means of defining time is GMT or Greenwich Mean Time, which is the mean solar time at 0 degrees latitude. GMT is also known as Universal Time

Because of variations in the Earths rotation when hyper accuracy is needed GMT cannot be used.

Coordinated Universal Time or UTC is a highly precise time scale based on atomic clocks and has uniform seconds. UTC is a compromise between the French and English variations of the term and does not stand for universal time code as is sometimes thought.

So in summary GMT is based on the Earths Rotation and UTC is based on uniform seconds as measured on highly accurate atomic clocks maintained by a number of organisations.

Whilst the difference for all but the most technically demanding applications is minor, the odd leap second, UTC should be used as the standard for time.

Network Time Protocol or NTP which is used to synchronise clocks over the internet uses UTC. NTP is a protocol designed to synchronize the clocks of computers over a network. NTP version 3 is an internet draft standard, formalized in RFC 1305. NTP version 4 is a significant revision of the NTP standard, and is the current development version, but has not been formalized in an RFC. Simple NTP (SNTP) version 4 is described in RFC 2030.

Daylight Saving Time

Daylight Saving or Summer Time is a system of advancing or retreating clocks so that a day has more daylight. Details vary by location. There are many reasons given for the reason for daylight saving from energy efficiency to people’s desire for longer summer evenings and even better voter turnout but there seems to be as many reasons for as there are against.

There also exists a great deal of variation in the implementation of daylight saving. The rules of DST also change which can cause problems for electronic or automated systems, evidenced in the recent months by the USA decision in the Energy Policy Act 2005 to move the point at which DST applies roughly 3 weeks earlier than previously.

ISO Time Format

The International Organization for Standardization is a worldwide federation of national standards bodies from some 130 countries, one from each country.

Date and Time format is defined by: ISO 8601:2000 Data elements and interchange formats — Information interchange — Representation of dates and times

The standard defines formats for numerical representation of dates, times and date/time combinations. Local time and Coordinated Universal Time (UTC) are supported.

Dates are for the Gregorian calendar (introduced in 1582), and can be given in year-month-day, year-week-day or year-day formats.

Times are given in 24hr format. All date and time formats are represented with the largest units given first, i.e., from left to right the ranking is year, month, week, day, hour, minute, second.

For example 6.36pm would be written at 18.36

Having a standardised notation system is essential for software and scientific applications.

Viewed most often as a pain, necessary evil, or at best a burden on the business, Compliance has become a word most often associated with a sigh of despair. But should this really be the case? The very reason many senior managers have to be dragged kicking and screaming into the Compliance arena is often the complexity of the subject and fear of the unknown.

At the end of the day most senior managers are focused on making money for the business, controlling costs and generating value for the shareholders so they view compliance issues as a distraction.

Now that is interesting in itself, particularly the latter two points.

Surely controlling costs and generating value for the shareholders should be really good drivers to understand what Compliance can mean to the business? Part of the problem, and the perception, is the plethora of different compliance issues that appear when the surface of the topic is scratched, e.g. Human Rights, Privacy, Data Protection, Freedom of Information, Taxation, Corporate Governance, Intellectual Property/Copyright, Health & Safety, Fraud & Corruption, Competitive Practice, Anti-trust, Money Laundering, Standards (e.g. ISO/IEC27001, COBIT, SAS70) and much more.

Is it any wonder why senior management would rather avoid getting embroiled in this as much as possible? The problem is — it is their responsibility, and they are accountable for Compliance so, in time, many will become to realise that they have no choice and even that Compliance can provide real benefits to the business.

How can this ever happen?

Surely the whole Compliance effort costs a fortune and bogs the business down in unnecessary procedure?

All many managers see is increasing red-tape, extra costs for controls, new or increasing compliance teams, personal liability and spiraling overheads.

But, is this a fair view? Sure there are additional costs to be carried for the compliance efforts, but it could be argued that these are more than balanced by factors such as:

* Increased Customer/Shareholder/Partner confidence and trust
* Improved analysis, documentation and efficiency of business processes
* Better business resilience
* Greater buy-in from management and staff
* The de-duplication of control efforts
* Faster audits with less hold points
* Reduced audit costs Reduced crisis/incident management and remedial action costs
* Avoidance of legal or regulatory sanctions or fines and more …

It is surprising how the very attempt to ensure Compliance can often become a catalyst for change. As a business grows often the development and documentation of sound business processes falls by the wayside and greater reliance is placed upon staff knowledge and expertise.

This can work for a while but we live in an ever changing world where the pace of life is increasing daily and a lack of sound business practice will mean trouble in the future. It only takes a key member of staff to leave, or say a disgruntled member of staff to ‘throw a spanner in the works’ and serious repercussions can ripple throughout the business.

Yes — we all know we should write procedures so that someone can take over if the worst should happen; but the ‘instant’ nature of the working environment today (e.g. the Internet, email, instant messaging, mobile connectivity) makes that very unlikely — we just do what we do!

This is where Compliance brings back some sanity to the workplace. An auditor is not satisfied by ‘hearsay’ evidence that a key business process is operating in line with legal or regulatory requirements — they want cold, hard documentary evidence!

The Compliance drive has a tendency therefore to underline the need for key controls, procedures and evidence, and to ensure that adequate funding is committed to their maintenance. What is often missed is the opportunity to develop one management system to control all aspects of compliance, regardless of law, regulation or standard.

Many organisation still approach Compliance from a piecemeal angle — HR do their bit, IT do their bit, Legal do their bit, etc. It is also common to see organisations creating separate teams, tasked with compliance to a particular piece of legislation. This is, at best, unwieldy, inefficient and expensive; a practice to be avoided. This can be due to the ‘siloed’ nature of many organisations, internal politics, expertise issues, or just plain stubbornness to get involved.

The problem is Compliance issues usually cut right across the business and a very strong lead is needed for any team that is going to co-ordinate all issues company wide. A competent Compliance team can build one management system that will provide co-ordination of the compliance effort, one repository and source of information for audit trails and associated evidence.

This avoids the ‘empire building’ that often happens when say a new piece of legislation comes along, containing and potentially reducing costs.

So, ‘Overhead or Business Benefit’?

Much depends on your viewpoint and the type of organisation you work for. Finance, Banking and Insurance are heavily regulated, and accept Compliance as just part of daily business, whereas for, say a manufacturing business, this is all just a cost they would prefer not to have.

Hopefully this will change in time, legislation may become simpler and easier to understand (eh .. possibly..), business practices and management systems will improve, and many will see how the Compliance effort can bring real dividends.Business

Clifford May, Consultancy Practice, Integralis Ltd UK

The BIA process can be long and difficult — no matter what data collection method is used. Is the return on your BIA investment (time, manpower and resources) offset by the value of the results?

If a BIA is a fundamental part of BCM, the underlying cost may simply be a necessary evil. But, when a BIA is a one-time ‘project’ — as in many organizations — is the cost realistically proportional to the value?

Some organizations conduct a BIA expecting to repeat the process at regular intervals. However, once the initial BIA is completed and the true cost known, such expectations are often abandoned.

Focus on change

Failure to update a BIA is a leading cause of Recovery Plan failure. Change is the only constant in business. A BCM program lacking up-to-date BIA data yields Plans that don’t reflect the organization’s true requirements.

Intending to update a BIA is easy; yet the update process often fails.

Consider the effort required to complete the original BIA: questionnaire preparation, distribution and collection; interviews to “normalize” the results, plus the cost of analysis and report generation.

Often, the original BIA process “project”, may take three to eight months. Significant business changes make the prospect of repeating that lengthy process daunting. Postponing the update may be rationalized. Like most things in life, postponing difficult tasks allows them to grow more unwieldy.

To streamline the process, the updated BIA must focus on the changes — rather than repeat the entire process. It is likely that much of the information from the earlier BIA is still valid. The update process simply entails drilling down to which business processes have changed, and how those changes affect the original BIA results. Of course, the method used to conduct the earlier BIA will determine just how easy — or how difficult — the update process becomes.

In Information Technology, an updating process is generally ongoing (Change Management) because IT changes have a direct impact on daily operations. In business operations, changes occur regularly, but are seldom, if ever, documented. (To be fair, no matter how robust the IT program, not every organization consistently correlates its Change Management information with its DR Plan.)

The Whole is Greater than the sum of its Parts

Is it sufficient for individual business process “Owners” or function leaders to update their own critical resource requirements? Yes, if the update method allows for the capture of changes in enterprise-wide dependencies (on other processes, applications, etc.). But no effective update can be conducted in a vacuum; any change to critical dependencies or resources is likely to have a corresponding affect upon those dependent processes.

While it may be efficient for a process team to update its own BIA, only by collecting and integrating changes across the enterprise can the true impact of business changes emerge.

The Path of Least Resistance

Frequently, the cost of updating a BIA (in manpower and time) is perceived as unjustifiably high. Not updating a BIA may become an accepted risk. BCM management may opt to focus on BC/DR Plan updating (assuming most process owners understand the impacts of change and will modify their Plans appropriately) without revising the BIA. The more burdensome the BIA process, the higher the propensity not to repeat it.

Once made, such a decision often becomes institutionalized. Later, the failure to reflect fundamental changes in the organization’s structure may result in flawed Plans and a failed recovery. With luck, flaws show up in a test or exercise — not a real life incident.

What’s in your Toolbox?

Does your existing BIA format lend itself to manipulation? Or do you have to start from scratch? Do you use software that integrates BIA and Plan development?

Does the BIA format lend itself to the use of collaborative tools? Can business process owners gain access to the original BIA survey? Network– or Web-based collaborative tools reduce the pain of updating a BIA, while enabling monitoring and auditing of the process by the BCM leaders or planners.

Assess your options, and pick a BIA updating method that works best for your situation. It may not be free, it may be time-consuming, and it may not be painless. But it will pay dividends if you have a disruptive event.

An out-of-date BIA exponentially increases the chances of Plan failure. The BIA provides the core upon which an organization’s Plans depend. Without up-to-date BIA information, the validity of Plans should be questioned, and their successful execution must be suspect.

eBRP Solutions, Inc