1 ISO & Business Continuity Management System Standards and Application for Incident Communication Plans
2 ISO & 22313: Business Continuity Management System Standards and Application for Incident Communication Plans In today s world, there is an ever increasing array of risks facing all businesses, including natural (meteorological, geological, or biological), human (accidental or intentional), and technological (power, telecommunications, hardware, software, and cyber security). The impact of these hazards can be catastrophic - whether directly affecting the organization, or indirectly interrupting their supply chain, vendors, or business partners. Even small interruptions cause damage to a company s financials and reputation, which means that organizations need a way to prevent potential downtime before it occurs. To ensure resiliency, or business continuity, organizations need ongoing practices to manage risk and to be prepared for quick and effective response, recovery, and resumption of normal operations. As such, all organizations must incorporate business continuity disciplines into their core management practices. In addition to safeguarding business interests, organizations have a responsibility to protect the life and safety of their people. In part, this can be accomplished by managing communications when responding to a threat or crisis. Effective, timely communications can also help protect a company s brand and reputation during an event. As a result, development of an Incident Notification and Crisis Communication plan is an important component of business continuity planning. While developing a business continuity plan can be challenging, efforts to guide organizations by defining standards and best practices have made great progress. In May 2012, the International Standards Organization (ISO) published the first international standard for Business Continuity Management Systems (BCMS), known as ISO ISO, the world s largest developer and publisher of standards, builds standards by consensus, using subject matter experts and professionals from a network of 164 national standards bodies around the world. These experts have been organized into a technical committee (TC 223) to negotiate all aspects of the Societal Security standards, including scope, key definitions and content.
3 ISO 22301, like many well-known ISO standards, is a management system standard. A management system is the framework of processes and procedures used to ensure that an organization can fulfill all tasks required to achieve its objectives. 1 An effective management system has many benefits, including more efficient resource use, improved risk management, and increased customer satisfaction as services and products consistently deliver what they promise. ISO 22301: Societal Security Business Continuity Management Systems - Requirements ISO specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise. Because ISO is a requirements document, accredited professionals can audit to the standard and issue certifications of compliance for organizations that meet the requirements. Like many ISO standards, compliance with and certification for ISO is voluntary. ISO 22313: Societal Security Business Continuity Management Systems - Guidance In reality, many companies are unprepared for certification of their BCMS. Even if a company has a continuity plan in place, it may not address continuity risks across the entire organization, follow recognized best practices or standards, or be sufficiently tested and maintained. Responding to this need, ISO published a new companion standard for BCMS in December 2012, known as ISO ISO expands upon and aligns with ISO requirements and offers guidance to organizations that are developing or improving their BCMS capabilities. This resource helps by clarifying the intent of the requirements in ISO 22301, and by providing explanations and examples. 1 Anderson, Chris. How to Build Effective Management Systems, Bizmanualz, January 26, 2005.
4 Plan-Do-Check-Act Like all ISO management system standards, ISO and are based on the principle of continual improvement. An organization or company assesses its current situation, establishes objectives and develops policy, implements actions to meet these objectives and then measures the results. With this information the effectiveness of the policy, and the actions taken to achieve it, can be continually reviewed and improved. ISO and apply the widely adopted Plan-Do-Check-Act (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organization s BCMS 2. The PDCA model provides concepts and language that help organizations define the maturity of their management system capabilities, identify gaps, and develop actions that improve key practices to achieve the desired or justifiable level of maturity. A wide variety of capability maturity models (CMM) has been developed with this intent, although no CMM has been developed or widely adopted for ISO at this point. The Plan-Do-Check-Act Model 2 ISO. (2013). Management system standards. Retrieved from
5 ISO Adoption Progress ISO has already been adopted as the standard in many nations that have led the way in Business Continuity Management. As of November 2012, the previous standard in the UK, and the first standard that led to accredited certification, BS from the British Standards Institute (BSI), has been withdrawn and replaced by ISO A two year transition plan for organizations that have already certified to BS is in progress. In the US, the voluntary Private Sector Preparedness program (PS-Prep) sponsored by the Department of Homeland Security and FEMA, has initiated a process to approve and adopt ISO PS-Prep was an outcome of recommendations from the 9/11 Commission and already recognizes other BCMS standards, including BS , NFPA 1600, and ASIS SPC.1. Structure and Content of ISO and ISO and are intended to be applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors 3. Both documents are broken into 10 clauses, which will be reviewed briefly on the following pages. Clauses 1 Through 3 Clauses 1 through 3 provide background information for the document: Scope, Normative References, and Terms and Definitions. Clauses 4 Through 10 Clauses 4 through 10 provide the core content to describe the Management System in question, and can be directly related to the PDCA model provided above: Clause 4: Context of the organization (Establish / PLAN) Clause 5: Leadership (Establish / PLAN) Clause 6: Planning (Establish / PLAN) Clause 7: Support (Establish / PLAN) Clause 8: Operation (Implement and Operate / DO) Clause 9: Performance evaluation (Monitor and Review / CHECK) Clause 10: Improvement (Maintain and Improve / ACT) 3 ISO. (2013). ISO 22313:2012. Retrieved from
6 Clause 4: Context of the organization (Establish / PLAN) Evaluate and understand the internal and external factors relevant to the purpose and operations of the organization. This establishes foundational information for developing, implementing and improving a BCMS. The ISO standard provides examples of both internal and external factors to consider. Special focus is given to understanding the needs and expectations of interested parties, and determining the scope of the BC management system. Clause 5: Leadership (Establish / PLAN) Demonstrate management commitment and leadership in establishing objectives for and implementing a business continuity management system. The standards provide excellent examples and guidance for how this can be demonstrated and accomplished, such as; ensuring BCMS policy and objectives align with strategic objectives of the organization, ensuring BCM roles and responsibilities are clear, communicating the importance of fulfilling the BCMS policy and objectives, actively engaging in exercising and testing, and others. Clause 6: Planning (Establish / PLAN) Develop strategies and specific plans for addressing the issues and requirements identified in clause 4. The ISO standards present the importance of addressing risks and opportunities, and establishing objectives with plans for achieving them. Examples and guidance include: identifying responsibilities and setting appropriate targets for completion, ensuring that stakeholders are kept informed, and making certain that progress is monitored and documented. Clause 7: Support (Establish / PLAN) Ensure that the organization provides the resources needed for success. This section provides requirements and guidance for identifying key elements that are needed to support BCMS and the organization s ability to respond to incidents, such as; resources, competence, awareness, communication and documented information. Experience has shown that the level of support within the organization is a critical success factor.
7 Clause 8: Operation (Implement and Operate / DO) Provide the elements of BCMS operations needed to achieve business continuity. This section defines; operational planning and methods of control; business impact analysis (BIA) to understand how the business is affected by disruption and how this changes over time; ongoing risk assessment to identify, analyze, and evaluate the risks of business disruptions in a structured way. Additional requirements and guidance is provided for establishing the incident response structure, provide warning and communication (more detail provided below), documenting and using continuity plans and procedures for recovery, the crucial need to test and exercise the plans. Clause 9: Performance evaluation (Monitor and Review / CHECK) Determine what needs to be monitored and measured, and how and when it will be done and evaluated. This section provides requirements and guidance for evaluating the organization s performance against the plan. For example, the use of internal audits is described, as well as methods for management review of the overall BCMS. Clause 10: Improvement (Maintain and Improve / ACT) Act upon findings from performance evaluation. Define defines the need to take corrective actions from non-conformities, provides examples of actions organizations can take to improve the BCMS over time and ensure corrective actions from audits, reviews and exercises are addressed. Mature organizations recognize the need for ongoing, continuous improvement. Application of BCMS standards to Incident Notification and Crisis Communications Although ISO and provide requirements and guidance for the overall Business Continuity Management System, they can also be applied to any of the individual components of an overall plan. An example of one of these components, and an important aspect of business continuity preparation, is an Incident Notification and Crisis Communications plan.
8 Establishing an effective Incident Notification and Crisis Communications plan The ISO standards provide requirements and guidance to establish an effective Business Continuity Management System, including Incident Notification and Crisis Communications. The ability to communicate throughout the life cycle of an incident or crisis is crucial; beginning with the initial warning of an impending incident, if anticipated, or immediately after an incident occurs, if unexpected. During this early stage of a response, communication is crucial to protect life and safety, and the business reputation and brand. As the response continues, effective communication is necessary to assess damage and mitigate the risk of further damage, manage the ongoing response, develop resolutions to the incident, and quickly initiate recovery and resumption of normal business operations. Source: Robert C. Chandler, PhD - Director, Nicholson School of Communication Development and deployment of an effective Incident Notification and Crisis Communications Plan require the same management system practices detailed in the ISO standards. The plan needs to be based on the Plan-Do-Check-Act model, requiring a clear understanding of the overall organization, strong leadership, good planning, full support for success, well controlled operations, careful evaluation of performance, and methods for continuous improvement.
9 ISO and both specifically highlight the importance of incident communication; including the examples of requirements and guidance presented below: Support Checklist (derived from Clause 7 of ISO and 22313) Make adequate provision for communication technology and communication with interested parties Establish incident response teams, such as communications, and provide team members with the necessary competence, authority and responsibility to successfully manage an incident Provide communication procedures to provide effective exchange of information with interested parties Determine what, when and with whom the organization will communicate, both internally and externally Implement and maintain procedures for internal and external communications (such as; employees, customers, suppliers, local community, media, and other interested parties) Implement and maintain procedures to receive, document and respond to communications from all interested parties Integrate with national or regional threat advisory systems, if appropriate Ensure that the means of communication remains available during an incident Provide for the operation and testing of communications capabilities
10 Operational Checklist (derived from Clause 8 of ISO and 22313) Establish appropriate communication procedures and protocols for activation, operation and coordination Using life safety as first priority, consult with interested parties to decide whether to communicate externally about an organization s significant risks Implement and maintain procedures for Warning and Communication detecting and monitoring an impending incident receiving, documenting, and responding to communication from interested parties receiving, documenting, and responding to any national or regional risk advisory systems or equivalent alerting interested parties that might be impacted operating a communications facility assuring that the means of communication remains available during an incident supporting structured communications with emergency responders record vital information about the incident, including actions taken and decisions made ensure interoperability of multiple responding organizations and personnel regular exercising of warning and communication procedures Alignment to Related ISO Standards In addition to ISO and 22313, a number of related ISO standards have been developed that may be beneficial to, or already adopted by your organization. Because the ISO BCMS standards are so recent, ISO was the first standard to be fully compliant with new ISO guidelines for management system structure and terminology, called ISO Guide 83. ISO follows the same guidelines, as will all ISO management systems standards. This benefits all organizations by making it easier to align and integrate with other ISO standards that might apply, providing consistent structure and language.
11 For example, some standards have been developed as part of the overall Societal Security standard by technical committee TC 223. Others address requirements or guidance for management systems that are closely related to BCMS. Organizations implementing the ISO standards may want to consider the following list of related ISO standards as well (not intended to be an all-inclusive list): ISO Societal Security Terminology: Contains terms and definitions applicable to societal security to establish a common understanding so that consistent terms are used. ISO Societal Security Emergency Management Requirements for Incident Response: Specifies minimum requirements for effective incident response and provides basics for command and control, operational information, coordination and cooperation within an incident response organization. ISO Risk Management Principles and Guidelines: Provides principles and generic guidelines on risk management that can be applied throughout the life of an organization, and to a wide range of activities and any type of risk. ISO Information Security Management: A series of standards specifically reserved for information security matters. The series includes a range of individual standards and documents, addressing topics such as; information security management systems (ISMS), measurement and metrics, information security risk management, and guidelines for accreditation of organizations offering ISMS certification. ISO Specification for Security Management Systems for the Supply Chain: Specifies the requirements for a security management system, including those aspects critical to security assurance of the supply chain. ISO 9004 Managing for the Sustained Success of an Organization: Provides guidance to organizations to support the achievement of sustained success using a quality management approach.
12 Recommendations Improve your existing BCMS adopt the ISO and standards Depending on the maturity of their overall BCMS, organizations should consider acquiring either ISO (requirements) or ISO (guidance) or both. ISO is the standard that will be used to audit organizations for certification, or can be used to self-assess compliance. The guidance document (ISO 22313) is an excellent resource for organizations that are looking to improve their overall BCMS program capabilities. The standards can be purchased for a small publishing fee. In the US, purchase from the American National Standards Institute (ANSI) at Internationally and in the UK, purchase from British Standards Institute (BSI) at ISO standards can also be purchased directly from ISO at Protect your business and people establish an Incident Notification and Crisis Communications plan Following the requirements and guidance outlined in the ISO standards, create an Incident Notification and Crisis Communications plan as part of your overall Business Continuity Management System. This plan should account for communications throughout the life cycle of an incident or crisis; beginning with either the initial warning of an anticipated incident or immediately after an unanticipated incident occurs, and continuing through recovery and resumption of normal business operations. Certification certify your BCMS A number of auditing organizations have been accredited to provide certification for ISO internationally. ISO has not yet been fully adopted in the US, but this is considered to be imminent. Currently, in the US, certification is provided for PS-Prep (described in Section I) using the standards BS , NFPS 1600, ASIS SPC.1. In the UK and internationally ISO certification bodies are fully active.
13 Benefits of certification include: Increased and improved awareness, understanding and management of continuity risks Reduced impact and improved management of disruptive incidents, including reduced recovery times Increased capabilities for protecting human life and safety, reputation and brand, all assets and business commitments Demonstrates to employees, customers, clients, partners, suppliers, and other stakeholders that the organization is committed to resilience, which can provide a competitive edge. Conclusion Regardless of your current capabilities, these ISO standards offer a path for continuous improvement of your Business Continuity Management System. They represent many years of lessons learned and proven best practices. All organizations have responsibility to their stakeholders to deliver on commitments regardless of disruptions that can and will occur. Whether these are used as a reference, a framework for improvement, or requirements for certification, they provide value to all organizations.
14 About Everbridge Everbridge provides industry-leading interactive communication and mass notification solutions to organizations in all major industries and government sectors. Communication failures have historically plagued organizations in their ability to respond to and minimize the human, operational and financial impact of critical events and emergency incidents. Everbridge began with a shared vision: empowering a single person to communicate with any number of people as easily as communicating with one person to save lives, protect assets, minimize loss, and ensure continuity of operations. Everbridge brings technology and expertise together at every level for a complete solution. Everbridge solutions match your unique needs, from safety and survival during a crisis to cutting costs and achieving efficiencies in your everyday operations. Our understanding of mass notification and interactive communication challenges is leveraged in everything we do, from how we build our technology from the ground up to the expertise of the people we hire and best practices we share with the community. We design the Everbridge system according to several key tenets: Target the individual not the device. Everbridge has the most comprehensive notification system available, offering more than 30 contact paths that can be designated by incident type or by escalation steps. Ease-of-use during any situation emergency or daily use so even a non-technical person can communicate effortlessly and without anxiety. Speed and reliability of communications. Every second counts in an emergency. With global datacenters and an infrastructure unparalleled in security and reliability, the Everbridge mass notification system is designed for rapid and efficient communications worldwide so your message will always go through. Universal accessibility with a fully managed system requiring no hardware, no software, no maintenance, and a flexible pay-asyou-grow model, organizations large and small have access to the same powerful communication capabilities. Scalability the Everbridge mass notification system provides the ultimate flexibility in communication capabilities to meet changing needs in today s dynamic environment. The Everbridge system is inherently scalable to grow with and adjust to the requirements of any organization quickly and without disruption to internal processes, infrastructure, or resources. Visit to learn more.
ISO 22301- The Route Map to Business Continuity Management John A. DiMaria; CSSBB, HISP, MHISP, AMBCI ISO Product Manager; BSI Group Americas Inc. Agenda A basic understanding of ISO 22301:2012 How identifying
Incident Management & Communications Top 8 Focus Areas to Mitigate Risk Incident Management & Communications Top 8 Focus Areas to Mitigate Risk Delays and errors in operational communications happen every
INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.
Societal Security System Standards ISO/TC 223: Societal Security Dr. Marc Siegel Security System Consultant ASIS International Ever since the term Societal Security was first used by Barry Buzan in the
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM
Appendix B Business Continuity Management Systems Requirements 347 B.3 Format and Structure ISO 22301 is the second published standard to adopt ISO s new high-level structure for management systems standards
BS 25999 a framework for resilience and success Robert Whitcher BCI Webinar June, 2009 2 Scope of Presentation The Standards process Drivers for BCM and BS 25999 BS 25999 development Overview of BS 25999
Business Continuity and Disaster Recovery Planning 3/16/2011 Lee Goldstein CPCP, MBCI President Business Contingency Group Business Continuity/Disaster Recovery Planning to ensure the continuation/recovery
The New Corporate ISO 22301 BC Standard: What It Takes To Comply Robert C. Chandler, Ph.D. Director, Nicholson School of Communication About Everbridge The Global Leader in incident notification systems
The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
Loss Control Webcast Disaster Recovery Planning we re not in Kansas anymore May 15, 2013 1 The information presented in this material has been developed from sources believed to be reliable. It is presented
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
ABA Homeland Security Law Institute Panel Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability March 23, 2012 Remarks of Stephen Amitay, Counsel to ASIS International
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental
The ABA s Path to Business Continuity Certification George Huff & Diana Gilbert A Business Case American Bar Association 2 / 9 /2013 This Business Case is authored by George Huff, a Member of the Special
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. email@example.com Actively involved in the Information
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
Solving the Business Continuity Puzzle Chris Copeland Assoc. Business Continuity Professional (ABCP) January 11, 2011 Session Overview Topics we will cover today: 1. Defining Business Continuity (BC) &
Appendix 3 Disaster Recovery Plan December 13, 2006 Revision XXQwest Government Services, Inc. 4250 North Fairfax DriveArlington, VA 22203(Delete this page)revision history Revision Number Revision Date
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
Emergency Management & Business Continuity Program Self-Assessment Checklist Self-assessment tool for evaluating preparedness based on NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
Re-Emphasizing Risk Management by George Huff November 9, 2011 2 Risk Management and Supply Chain Security ISO 28000 s Risk-Based Approach to Management Systems ISO Format adopted from ISO 14001:2004 Environmental
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
Public Policy & Regulatory Trends in Business Continuity Management Title IX - A Primer Angie M. Santiago President, CPAC Triangle Chapter 1 Agenda PL 110 53 History Governance structure Major Stakeholders
BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers
How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning The world has experienced a great deal of natural and man-made upheaval and destruction in the past few years, including tornadoes,
Auditing Business Continuity Management DHIRAJ LAL Executive Director +971 52 9263933 firstname.lastname@example.org Agenda About us Relevance of Business Continuity in the UAE The UAE BCM Standard
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.
Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version BUSINESS CONTINUITY MANAGEMENT POLICY DOCUMENT CONTROL Type of Document Document Title
Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
Intel Business Continuity Practices As a global corporation with locations and suppliers all over the world, Intel requires every designated Intel organization to embed business continuity as a core business
ISO/IEC 27001:2013 Your implementation guide What is ISO/IEC 27001? Successful businesses understand the value of timely, accurate information, good communications and confidentiality. Information security
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
Evaluating and Improving Your Business Continuity Plan As presented to the Northeast Florida IIA Chapter January 23, 2015 Contact Information Karen Weir, MAC, CISA, CBCP Manager email@example.com
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
ORG 5 Andrew Wood, Organisational Resilience Consultant 1 Introduction We define organisational resilience as the ability and capability to anticipate, avoid, deter, protect, respond and adapt to threats
16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster
BS OHSAS 18001 Occupational Health and Safety Management It s your duty Your implementation guide BS OHSAS 18001 - Occupational Health and Safety Management Background BS OHSAS 18001 is the globally recognized