Askthefm’s Weblog

The news broke to day that over in London England hackers succeeded in cloning or duplicating the cards that most Londoner’s use to ride on mass transit.  These so called Oyster Cards are a version of smart card that is used in a great many other places for access control to secured areas.  The Dutch government has issued a country wide security alert due to the fact that they use the same or at least very similar technology at most of their government buildings!

Both Wired Magazine (http://blog.wired.com/cars/2008/06/hackers-crack-l.html) and the Evening Standard in London have articles on this story (http://www.thisislondon.co.uk/standard/article-23454596-details/Oyster+card+cloning+fears/article.do).

This is just the latest problem with this technology to come to the surface.  The main problems with these systems is that they are often specified incorrectly and sometimes just installed poorly.  Also they are only as good as the people who have administrative access.  I took over the management of a fairly simple system at a large corporate site and was amazed that the functionality of the software wasn’t even fully enabled and the previous administrator had made no real effort to audit the system.  I spent a very hectic 3 weeks auditing the system, inventorying the access rights of several hundred employees and getting the reporting module actually working!

There is a very good white paper on some best pratices for these systems here: (http://www.smart-id.com/documents/Access_Control_Industry_Best_Practices_wp_en.pdf).

The news is full of successful attempts to bypass these systems. Another story from Wired magazine: (http://blog.wired.com/27bstroke6/2007/08/open-sesame-acc.html)

Now I am not saying that I am dead set against using these devices, just that you need to realize that they are far from perfect or fool proof.  Just like any other similar system such as a burgler alarm they need to be designed carefully, used with their limitations firmly in mind and monitored constantly.

As always I thank you for your time and interest. Please take the time to Digg, Stumble Upon or add to the other social network of your choice to help me spread the word about these issues. Please forward any questions or suggestions to: askthefm@gmail.com

Social Bookmarks:

In my previous 2 posts on this subject I have laid out a fairly complete plan for dealing with this type of problem. There are a couple of areas where you could be tripped up in this process however.

The first is getting the areas tested by a reputable lab and the other is understanding the results and how that determines the overall scope of work.

Hiring a reputable lab is very important as it will determine the overall success of the remediation and have a direct influence on the total cost of the project. The method that I generally suggest is that you hire a firm with a certified Industrial Hygienist either as principal or on staff who will be developing and certifying the results and the scope of work for the remediation.

Here are three organizations who certify and list consultants in your area:

ABIH: http://www.abih.org/

ACGIH: http://www.acgih.org/home.htm

AIHA: http://www.aiha.org/Content

It is also helpful to ask for referrals from other facility professionals and always ask for references from the lab and make sure you call several of them. Ask about overall service, timeliness, and how comfortable they were with the explanations provided about why their particular scope of work was required. Also the testing lab should always be separate from the remediation contractor as they are the equivalent to the building inspector for this process and anything other than a separate firm would make me worry.

Lastly for today make sure that the report is explained to you and that you understand all that is being asked for in the scope of work, keep asking questions of the hygienist until you are completely clear.

As always I thank you for your time and interest. Please take the time to Digg, or add to the other social network of your choice to help me spread the word about these issues. Please forward any questions or suggestions to: askthefm@gmail.com

Social Bookmarks:

MSNBC has just posted a news story about an upcoming earthquake preparedness drill. It is going to be the largest and most extensive of it kind ever.

From:

PASADENA, Calif. - Warning residents that they need to be prepared for a major earthquake, scientists, elected officials and experts gathered at Caltech on Wednesday to urge people to take part in a major drill later this year to help them be ready for a massive temblor.

Full Story Here: http://www.msnbc.msn.com/id/24975627

This drill is set for November 13, 2008 and is a great motivator and excuse if you need one to get that disaster recovery and preparedness plan you been meaning to complete done and distributed. One of the largest and most common roadblocks is the permission and buy in of corporate management and this widely publicized event should make it much easier to get that permission. Especially in light of the recent China earthquake and the ongoing relief efforts that has raised the visibility of this issue immensely.

I have been covering this subject in an ongoing series of posts that can be accessed on the right under the topic “disaster preparedness” and there are currently 3 posts in the series. I will be posting the next installment for this coming Monday.

As always I thank you for your time and interest. Please take the time to Digg, or add to the other social network of your choice to help me spread the word about these issues. Please forward any questions or suggestions to: askthefm@gmail.com

Social Bookmarks:

Well if you have done what I suggested in my first post: (http://askthefm.wordpress.com/2008/05/18/mold-remediation-part-1/)

You have a basic understanding of the problem you face and you have some idea of the extent of the areas affected. The next step is the development of an action plan and some of these steps may be deleted depending on the severity of the situation.

1. Document the suspected areas, with pictures, diagrams and a written report.

2. Discuss the options with your superiors and human resources. Remember that this situation has potential liability on the part of your company and that if employees are involved then it also becomes a workman’s compensation issue.

3. The next step I recommend is for a reputable testing lab to conduct tests for airborne levels of what is in the local environment. This testing will allow the industrial hygienist to develop a scope of work for your site.

4. Depending upon the severity of the findings you may need to activate your relocation part of your disaster plan. You do have a disaster plan don’t you?

5. Hire a remediation firm to complete the demolition of the affected areas. They will also clean and encapsulate the same areas as part of the remediation process.

6. Retest the space to make sure the remediation was completed properly. (VERY IMPORTANT!)

7. Hire a general contractor to put the space back the way it was and to repair any water leaks, bad roof areas etc. This part can also be potentially handled by the remediation contractor however I generally like to separate the tasks as I have found the fit and finish of the remediation firms is sometimes a little poor.

In my next post on this subject I will include a few pointers about testing labs, remediation firms and the importance of that second test.

As always thank you for your time and I hope you come back again tomorrow. I appreciate your comments and suggestions. Please direct and suggestion for future posts or questions to: askthfm@gmail.com

Social Bookmarks:

If you have been following along in this series you should have an idea of where you are vulnerable at your site, know where your basic infrastructure is and have both of these items documented.

Congratulations, you are well on your way to having a basic plan in place!

What is would recommend next is setting up the organization for the command and control pieces of your plan for the an emergency. This breaks down into several parts. First you will need to determine who is in immediate control at each site and determine what authority that person will have for the duration of an emergency. this is important because you don’t want this person to hesitate in these types of situations. Hesitation will often cost you a great deal of time and money later.

Next determine who in your organization is responsible for giving out information to the media, vendors, clients and customers. You will want a unified voice giving out information at a time of an emergency so that no false impressions are given, and most importantly no mixed or incorrect messages get out.

Lastly you want to detail a basic reporting structure for the first responders to the public information spokesperson and to upper management.

The reporting structure should consist of check lists itemizing those items that are considered important to restoring function to the site, damage estimates, estimated downtime etc. I would also suggest at this point that you do a little web searching for “disaster recovery plans” and look over the many that are resident on the web for the many public agencies, schools and other public buildings and then adapt one of the plans that is closest to fitting your situation.

For the organization that I work for we adapted a plan put together by the Mass. Institute of Technology.
I am not including any links for these plans as I don’ want to circumscribe your search.

Good luck and I would appreciate any thoughts, questions or feedback on this topic you might have. Please forward any concerns, questions or suggestions for future posts to: askthefm@gmail.com

Social Bookmarks:

The subject of mold in buildings has been a major concern for some time now and I am not sure that it deserves all of the press that it has gotten. Now, granted that a serious mold contamination of a building is a serious problem that must be addressed, it is not the light your hair on fire emergency that is often portrayed in news reports and the like.

Now let’s discuss some basic facts about mold. First mold is everywhere and there are thousands of types and varieties. At this point in time there are only a relative few that cause problems for people. So let’s get some basic points straight.

• Molds are forms of fungi found all year round both indoors and outdoors.

• Outdoors, mold live in the soil, on plants and on dead or decaying matter.

• Mold is often commonly called Mildew

• There are thousands of species and they can be of any color.

• Most fungi, including molds produce microscopic cells called spores instead of seeds.

• We are all exposed to these spores daily in the air we breathe.

The problem with a severe contamination like these pictured is that over time most people will develop an allergic reaction to the spores that molds use to propagate. This is an immediate problem if you already have an allergy, but this sensitivity does take some time to develop in those not already sensitive.

So how do determine if you have a problem if it isn’t as visible as those above? First I would recommend doing a detailed inspection of the site, concentrating on any areas where there is evidence of water intrusion or old water damage. The main things that are required for mold to cause a problem is, cellulose (the paper in drywall and the lumber in your walls), darkness and moisture. If any of these three items are missing then the mold won’t be able to replicate and cause problems. This means that in your preventive maintenance plan responding to water intrusion and attending to the integrity of the building envelope( windows, doors, walls and roof) should be of the highest importance.

If the users of the site are experiencing problems are your inspection has found no visible causes then your next step is an expensive one, testing. In my next post on this topic I will cover the type of testing and some suggestions on finding a reliable and professional testing company.

As always I appreciate your interest in my blog. Please direct any questions of comments to askthfm@gmail.com.

Social Bookmarks: