ISO The Route Map to Business Continuity Management
|
|
- Dustin Lamb
- 7 years ago
- Views:
Transcription
1 ISO The Route Map to Business Continuity Management John A. DiMaria; CSSBB, HISP, MHISP, AMBCI ISO Product Manager; BSI Group Americas Inc. Agenda A basic understanding of ISO 22301:2012 How identifying crucial risk factors already affecting your organization drives the overall plan Understanding your organization s needs and obligations Essential steps in program management such as awareness, training, and exercising A step-by-step discussion on making the transition to the new standard for business continuity management
2 ISO Newest international standard for business continuity management (BCM) Its official title is ISO Societal Security - Business continuity management system - Requirements All core business continuity elements in BS are present in ISO ISO 22301? Provides the requirements for a business continuity management system (BCMS) Based on global BCM best practice Created in response to strong interest in the original British Standard BS and other regional standards BS key source text in its development For those certified to or aligned with BS , the additional requirements are not onerous
3 How was ISO Formed 5 6
4 Context Source documents included BS NFPA 1600 ASIS OR standard Singapore standards ISO ISO Guide 73 ISOPAS22399 So ISO is not simply an international version of BS Societal Security and BCM? ISO now comes under a wider societal security responsibility. This acknowledges the important role that BCM has to play in protecting society and ensuring our ability to respond to incidents, emergencies and disasters.
5 Benefits of adopting a systems approach to managing BCM Allows organizations to benefit from global BCM best practice, regardless of whether they are planning to certify or not Provides a foundation and a common vocabulary for BCM best practice and guidance Consensus standards like ISO represent the input and recommendations of hundreds of BC professionals and industry experts Saves you having to reinvent the wheel Comparing ISO and BS Includes all core requirements The Plan Do Check Act cycle Business continuity policy Business impact analysis Risk assessment and risk treatments Exercising Business continuity plans and strategy Internal audit Management review Non conformity and corrective action Improvement actions
6 Key aspects First standard written in accordance with Annex SL Change in the way an organization is defined Clearer expectations on management Preventive action has been replaced with actions to address risks and opportunities and features earlier ISO puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management strategic thinking 11 Key aspects requires more careful planning for and preparing the resources needed for ensuring business continuity Communication elements more demanding and there is a responsibility to the wider community defined BIA similar but with some changes to terminology There is a stronger link to the organizations approach to risk To reflect the societal security approach some new terminology has been introduced, see ISO (Societal security Terminology)
7 New high level structure ISO is the first management system standard to be developed using Annex SL Annex SL* is for standards writers and provides a Standardized text suitable for all ISO management system standards The intention is to Standardize terminology and requirements for fundamental Management System requirements irectives_and_iso_supplement.htm Objectives, monitoring performance and metrics Greater emphasis on setting of objectives, monitoring performance and metrics Most organizations will already produce metrics which can be tailored to BCMS performance
8 Top management commitment Top management given clearer BCM responsibilities The ISO outlines specific ways in which management must demonstrate its commitment to the system Planning The ISO contains extended requirements, clearly structured It requires that the BCMS be integrated with the organizations objectives, taking into account its risk appetite It requires the organization to address threats to the BCMS not being successfully established, implemented and maintained and threats to the business itself Also requires a procedure to manage legal and regulatory requirements
9 Requirements around supply chain ISO outlines more requirements relating to suppliers These make it a useful tool for validating supply chains and client and contractual requirements Structure of ISO 22301: Clause Description 4.0 Is a component of Plan. It introduces requirements necessary to establish the context of the BCMS as it applies to the organization, as well as needs, requirements, and scope. 5.0 Is a component of Plan. It summarises the requirements specific to top management s role in the BCMS, and how leadership articulates its expectations to the organization via a policy statement. 6.0 Is a component of Plan. It describes requirements as it relates to establishing strategic objectives and guiding principles for the BCMS as a whole. The content of Clause 6 differs from establishing risk treatment opportunities stemming from risk assessment, as well as business impact analysis (BIA) derived recovery objectives.
10 Structure of ISO 22301: Clause Description 7.0 Is a component of Plan. It supports BCMS operations as they relate to establishing competence and communication on a recurring/asneeded basis with interested parties, while documenting, controlling, maintaining and retaining required documentation. 8.0 Is a component of Do. It defines BC requirements, determines how to address them and develops the procedures to manage a disruptive incident. 9.0 Is a component of Check. It summarises requirements necessary to measure BCM performance, BCMS compliance with the International Standard and management s expectations, and seeks feedback from management regarding expectations Is a component of Act. It identifies and acts on BCMS nonconformance through corrective action. New concepts and activities Context of the organization Interested parties Leadership Maximum acceptable outage (MAO) Minimum business continuity objective (MBCO) Performance evaluation Prioritized timeframes Warning and communication
11 Concept of interested parties ISO replaces the term stakeholders with that of interested parties The ISO requires broader consideration of interested parties than BS Closer alignment with organizational objectives for corporate social responsibility Context - Interested Parties 22
12 How identifying crucial risk factors already affecting your organization drives the overall plan Understanding your organization s needs and obligations Essential steps in program management
13 Documentation Requirement for documenting: links between the business continuity policy and the organization s objectives and other policies, including its overall risk management strategy; and the organization s risk appetite. The requirement to have procedures which identify legal and regulatory requirements. There is also a requirement to keep this information up to date which must tie in with maintenance. 25 Planning Section 6.1 talks about risks and 6.2 about objectives Standardized text Having fully understood the context of the organization, planning activities are introduced to address the risks and opportunities of the business. This proactive approach, if carried out properly, will ensure a resilient BCM system as it will focus on planning for successfully achieving BCM objectives and realizing opportunities for improvement. Ownership and accountability of BC objectives will be allocated and a clear direction to accomplishing these objectives will be agreed.
14 Support 7.2 Competence The organization (generally acknowledged to be through its Top Management) has a responsibility to ensure that sufficient and appropriate resource is available for the BCMS. Appropriateness is often determined through competency analysis It is people who take action when an incident occurs Competence relates both to operating the BCMS AND to performing following an incident Note also 7.3 d) everyone has to be aware of their role during disruptive incidents Communication external communication with customers, partner entities, local community, and other interested parties, including the media, receiving, documenting, and responding to communication from interested parties, adapting and integrating a national or regional threat advisory system, or equivalent, into planning and operational use, if appropriate, ensuring availability of the means of communication during a disruptive incident operating and testing of communications capabilities intended for use during disruption of normal communications. 28
15 Risk Assessment The organization shall establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyzes, and evaluates the risk of disruptive incidents to the organization. NOTE This process could be made in accordance with ISO The organization shall identify risks of disruption to the organization s prioritized activities and the processes, systems, information, people, assets, outsource partners and other resources that support them, analyze them, evaluate and treat them. 29 BIA a) identifying activities that support the provision of products and services; b) assessing the impacts over time of not performing these activities; c) setting prioritized timeframes for resuming these activities at a specified minimum acceptable level, taking into consideration the time within which the impacts of not resuming them would become unacceptable; and d) identifying dependencies and supporting resources for these activities, including suppliers, outsource partners and other relevant interested parties. 30
16 Strategy ISO better defined Decide what you are going to do to reduce the likelihood and impact as well as how to respond Set RTOs Work out the resource requirements Act on the protection and mitigation needed Evaluate business continuity capability of suppliers 31 Incident Response Structure Impact thresholds is new Personnel to assess the incident Communication mentions authorities and media explicitly External communications a new requirement. Life safety explicitly mentioned. Warning and Informing 32
17 Warnings and Communication The organization shall establish, implement and maintain procedures for a) detecting an incident, b) regular monitoring of an incident, c) internal communication within the organization d) receiving, documenting and responding to any national or regional risk advisory system or equivalent, e) assuring availability of the means of communication during a disruptive incident, f) facilitating structured communication with emergency responders, g) recording of vital information about the incident, actions taken and decisions made, 33 Recovery The organization shall have documented procedures to restore and return business activities from the temporary measures adopted to support normal business requirements after an incident 34
18 Exercising and Testing Covers pretty much the same ground as BS It talks about exercises and tests. Expect to see a program point is that over time these should provide objective assurance that the arrangements made will work as anticipated and when required: so does the program really do this? 35 Performance evaluation As with all management system standards there is a need to look back at what has been achieved ISO also requires that this analysis is evaluated and conclusions drawn by the organization Greater emphasis on setting of objectives, monitoring performance and metrics Most organizations will already produce metrics which can be tailored to BCMS performance
19 Performance evaluation Internal audits and management review continue to be key methods of reviewing the performance of the BCMS and tools for its continual improvement Improvement Nonconformities of the BCMS have to be dealt with together with corrective actions to ensure they don t happen again As with all management system standards, continual improvement is a core requirement of the standard
20 To certify or not to certify Certification VS Compliance What is Compliance? Compliance is an informal industry term generally accepted to mean the system provides support for some or all of a given standard. Vendors of compliant systems are generally expected to offer documentation describing which parts of the standard are supported, and which are not.
21 What is certification? Certification on the other hand is a recognition of formal testing, to prove that a system provides 100% support for a given standard. Certification is awarded to an organization after an official accredited Certification Body (CB) has reviewed not only the results of formal testing, but formal conformance documentation as well as assessing their management system against the requirements of a standard and the organizations own internal requirements proving effectiveness. Shows that the organization abides by the principles set out in the standard. Offers global consistency in implementation. Continual improvement - achieved through regular assessments of the management system. Supply Chain Management. ~Accountability~ 41 Transition Plan to ISO 22301
22 Transition plan Certification certificates will remain valid during the two year transitional period Organizations will need to complete their transition to the new revision by 1 June 2014 Failure to do this will result in the expiry of their certificate How will the transition take place for existing BS organizations? They will be able to be assessed to the new standard during continuing assessment visits A date for their transition will be agreed with their auditor A new certificate will be issued once they have demonstrated compliance with ISO Clients can transition ahead of their next surveillance audit for an additional fee
23 How will the transition take place for existing PS-Prep customers? BS certified organizations will have to wait to see if ISO is accepted by DHS or transition to ISO under the UKAS scheme or Rule 40 under ANAB. DHS is reviewing and analyzing ISO If accepted, it will have to posted on the federal register for public comment. Exact time lines are not known at this time, but DHS has indicated that the ISO will be issued for comment VIA federal register in March. Contact Us Address: BSI Management Systems America Inc Sunset Hills Road Reston VA John DiMaria Main Office Telephone: Fax: Links: 46
Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità
Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM
More informationISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance
The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal
More informationMoving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationISO 9001 and the Supply Chain
ISO 9001 and the Supply Chain John DiMaria; CSSBB, HISP, MHISP, AMBCI Sr. Product Manager, Systems Certification - Americas Provide insight into understanding of Clause 4. Context of the Organization Discuss
More informationChecklist of ISO 22301 Mandatory Documentation
Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationIs Business Continuity Certification Right for Your Organization?
2008-2013 AVALUTION CONSULTING, LLC ALL RIGHTS RESERVED i This white paper analyzes the business case for pursuing organizational business continuity certification, including what it takes to complete
More informationBusiness Continuity Standards A Primer
INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationISO/IEC 27001:2013 webinar
ISO/IEC 27001:2013 webinar 11 June 2014 Dr. Mike Nash Gamma Secure Systems Limited UK Head of Delegation, ISO/IEC JTC 1/SC 27 Introducing ISO/IEC 27001:2013 and ISO/IEC 27002:2013 New versions of the Information
More informationBusiness Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting
Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationISO 22301:2012 Societal Security Appendix B Business Continuity Management Systems Requirements 347
Appendix B Business Continuity Management Systems Requirements 347 B.3 Format and Structure ISO 22301 is the second published standard to adopt ISO s new high-level structure for management systems standards
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationISO 14001: 2015. White Paper on the Changes to the ISO Standard on Environmental Management Systems JULY 2015
ISO 14001: 2015 White Paper on the Changes to the ISO Standard on Environmental Management Systems JULY 2015 4115, Sherbrooke St. West, Suite 310, Westmount QC H3Z 1K9 T 514.481.3401 / F 514.481.4679 eem.ca
More informationNEW SCHEME FOR THE INFORMATION SECURITY MANAGEMENT WITH ISO 27001:2013
NEW SCHEME FOR THE INFORMATION SECURITY MANAGEMENT WITH ISO 27001:2013 INTRODUCTION The Organization s tendency to implement and certificate multiple Managements Systems that hold up and align theirs IT
More informationSolihull Clinical Commissioning Group
Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience
More informationBy. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd
BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page
More informationeet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet
Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery
More informationPreparation for ISO 45001 OH&S Management Systems
Preparation for ISO 45001 OH&S Management Systems HEALTH & SAFETY MANAGEMENT QUALITY MANAGEMENT ACCESSIBILITY ENVIRONMENTAL MANAGEMENT ENERGY MANAGEMENT ISO 45001 TIMELINE ISO project committee ISO PC
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)
More informationISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015
ISO 9001 REVISION INTRODUCTION TO ISO 9001: 2015 AGENDA Introduction Structure and Terminology Changes to ISO 9001 Future Developments How SGS can support you 2 INTRODUCTION ISO/DIS 9001 Issued May 2014
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationISO/IEC 27001:2013 Your implementation guide
ISO/IEC 27001:2013 Your implementation guide What is ISO/IEC 27001? Successful businesses understand the value of timely, accurate information, good communications and confidentiality. Information security
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationBusiness Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems
Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008 2 Presentation content Drivers for Business Continuity Standards and definitions.
More informationCourse: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management
Course: Information Security Management in e-governance Day 1 Session 3: Models and Frameworks for Information Security Management Agenda Introduction to Enterprise Security framework Overview of security
More informationISO 14001:2004 vs. ISO 14001:2015
ISO 14001:2004 vs. ISO 14001:2015 1. General Changes at the second Committee Draft Stage The new standard: Adopts high-level structure and terminology of Annex SL, a unified guideline used for the development
More informationABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability
ABA Homeland Security Law Institute Panel Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability March 23, 2012 Remarks of Stephen Amitay, Counsel to ASIS International
More informationBusiness continuity management policy
Business continuity management policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationISO 9001:2015 Your implementation guide
ISO 9001:2015 Your implementation guide ISO 9001 is the world s most popular management system standard Updated in 2015 to make sure it reflects the needs of modern-day business, ISO 9001 is the world
More informationBusiness Continuity / Disaster Recovery Context
Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal
More informationHow to manage the transition successfully ISO 9001:2015 TOP MANAGEMENT - QUALITY MANAGERS TECHNICAL GUIDE. Move Forward with Confidence
How to manage the transition successfully ISO 9001:2015 TOP MANAGEMENT - QUALITY MANAGERS Move Forward with Confidence 2 WHAT ARE THE MAIN CHANGES IN ISO 9001? PLAN DO CHECK ACT 4 5 CONTEXT OF THE ORGANIZATION
More informationBS 25999 BUSINESS CONTINUITY MANAGEMENT
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationNavigating ISO 14001:2015
Navigating ISO 14001:2015 Why the new ISO 14001 revision matters to everyone White paper Abstract This white paper takes a concise, yet detailed look at the upcoming ISO 14001:2015 revision. The revision
More informationSouth Norfolk Council Business Continuity Policy
South Norfolk Council Business Continuity Policy 1 Title: Business Continuity Policy Date of Publication: TBC Version: 2 Published by: Emergency Planning Team Review date: April 2014 Document Owner: Document
More informationWhite Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview
White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental
More informationISO/IEC 20000 Part 1 the next edition. Lynda Cooper project editor for ISO20000 part 1
ISO/IEC 20000 Part 1 the next edition Lynda Cooper project editor for ISO20000 part 1 Agenda The ISO20000 series Why has it changed Changes ITIL3 impact New requirements Changed requirements How to prepare
More informationBusiness Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013
Business Continuity Trends and Risk Considerations Financial Executives International Portland Chapter June 12 2013 Chitra Gopalakrishnan Director KPMG LLP Agenda Introduction Business Continuity / Disaster
More informationRSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief
RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet
More informationSustainability through Business Continuity Management
Sustainability through Business Continuity Management R Vaidhyanathan (RV) MBCI,CBCP, TE BS25999, BS25999LA, BCCE, 27001LA, ITIL Practice Head for Crisis Management & BCM Continuity and Resilience (CORE)
More informationBusiness Intelligence & Business Continuity
Business Intelligence & Business Continuity BCM Maturity Curve April 22, 2013 COOP Systems Briefing 2 Chris Alvord, CEO, COOP Systems CBCP, MBCI, Former DRII Certified Trainer OCEG GRC, ISO 22301 Lead
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationNeed to protect your business from potential disruption? Prepare for the unexpected with ISO 22301.
Need to protect your business from potential disruption? Prepare for the unexpected with. Why BSI? Keep your business running with and BSI. Our knowledge can transform your organization. For more than
More informationQuality Management Standard BS EN ISO 9001:2008. www.imsworld.org
Quality Management Standard BS EN ISO 9001:2008 The Origin of Quality Standards Ministry of Defence Marks & Spencer Ford Motor Company All had their own Quality standards, which they expected their suppliers
More informationISO 14001:2015 How your ISO 14001 audit will be different. Whitepaper
ISO 14001:2015 How your ISO 14001 audit will be different Whitepaper Introduction The new revision of ISO 14001 introduces some key changes which could impact how your environmental management system (EMS)
More informationPreparing for the Convergence of Risk Management & Business Continuity
Preparing for the Convergence of Risk Management & Business Continuity Disaster Recovery Journal Webinar Series September 5, 2012 2012 Strategic BCP, Inc. All rights reserved. strategicbcp.com 1 Today
More informationDisaster Recovery Journal Spring World 2014
Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.
More informationINTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT
INTRODUCTION TO ISO 9001 REVISION - COMMITTEE DRAFT AGENDA Introduction Annex SL Changes to ISO 9001 Future Development How SGS can support you 2 INTRODUCTION ISO 9001 Revision Committee Draft Issued 2013
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationBT Conferencing Business Continuity Management. Planning to stay in business
BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked
More informationBusiness Continuity Management Standard and Guide
Business Continuity Management Standard and Guide AE/HSC/NCEMA 7000: 2012 Version 1 His Highness Sheikh Khalifa Bin Zayed Al Nahyan President of the United Arab Emirates Chairman of the Supreme Council
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationGENERIC STANDARDS CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE CUSTOMISED SOLUTIONS INDUSTRY STANDARDS TRAINING SERVICES THE ROUTE TO
PROCESSES SUPPLY CHAIN SKILLED TALENT CUSTOMER RELATIONSHIPS FURTHER EXCELLENCE GENERIC STANDARDS INDUSTRY STANDARDS CUSTOMISED SOLUTIONS TRAINING SERVICES THE ROUTE TO ISO 9001:2015 FOREWORD The purpose
More informationCQI briefing note. Annex SL
CQI briefing note Annex SL The most important event since ISO 9001? A quarter of a century ago, in December 1987, ISO 9001 Quality systems Model for quality assurance in design/development, production,
More informationInformation Security ISO Standards. Feb 11, 2015. Glen Bruce Director, Enterprise Risk Security & Privacy
Information Security ISO Standards Feb 11, 2015 Glen Bruce Director, Enterprise Risk Security & Privacy Agenda 1. Introduction Information security risks and requirements 2. Information Security Management
More informationDe Nederlandsche Bank N.V. May 2011. Assessment Framework for Financial Core Infrastructure Business Continuity Management
De Nederlandsche Bank N.V. May 2011 Assessment Framework for Financial Core Infrastructure Business Continuity Management Contents INTRODUCTION... 3 BUSINESS CONTINUITY MANAGEMENT STANDARDS... 5 1. STRATEGY
More informationAS9100 B to C Revision
AS9100 B to C Revision Key: Additions Deletions Clarifications 1.2 Application AS9100C Key Additions This standard is intended for use by organizations that design, develop and/or produce aviation, space
More informationWhen Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES. www.pecb.com
When Recognition Matters WHITEPAPER ISO 31000 RISK MANAGEMENT PRINCIPLES AND GUIDELINES www.pecb.com CONTENT 3 4 4 5 7 7 7 7 8 Introduction An overview of ISO 31000:2009 Structure of ISO 31000:2009 Key
More informationISO20000: What it is and how it relates to ITIL v3
ISO20000: What it is and how it relates to ITIL v3 John DiMaria; Certified Six Sigma BB, HISP BSI Product Manager; ICT (ISMS,ITSM,BCM) Objectives and Agenda To raise awareness, to inform and to enthuse
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems
ISO/IEC 17021:2011 Conformity assessment Requirements for bodies providing audit and certification of management systems The publication of ISO/IEC 17021:2011 introduces some important new requirements
More informationThe PNC Financial Services Group, Inc. Business Continuity Program
The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis
More informationISO/IEC 20000-1 Registration Guidance Document
ISO/IEC 20000-1 Registration Guidance Document Introduction This document is written to help you understand your organization s role and responsibilities in the registration/certification process and to
More informationPreparing yourself for ISO/IEC 27001 2013
Preparing yourself for ISO/IEC 27001 2013 2013 a Vintage Year for Security Prof. Edward (Ted) Humphreys (edwardj7@msn.com) [Chair of the ISO/IEC and UK BSI Group responsible for the family of ISMS standards,
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationHow to measure your business resiliency
How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com
More informationISO 9001:2015 Draft International Standard Overview
BUSINESS ASSURANCE ISO 9001:2015 Draft International Standard Overview A Survey of Proposed Changes to ISO 9001:2008 Burt Holm Northern District Sales Manager 1 SAFER, SMARTER, GREENER Who is DNV GL? Is
More informationEPRR: Toolkit Facilitator Guide
NHS England Business Continuity Management EPRR: Toolkit Facilitator Guide APPENDIX 1 1 [Intentionally Blank] INTRODUCTION The document has been designed to assist you to deliver the outcomes of the workshop
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationDeliverable: D2.2: Desktop Study Contingency Planning Methodologies and Business Continuity Version: 1.0 Seventh Framework Programme Theme
Deliverable: D2.2: Desktop Study Contingency Planning Methodologies and Business Continuity Version: 1.0 Seventh Framework Programme Theme ICT-SEC-2007-7.0-01 Project Acronym: EURACOM Project Full Title:
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationENTERPRISE RISK MANAGEMENT FRAMEWORK
ENTERPRISE RISK MANAGEMENT FRAMEWORK COVENANT HEALTH LEGAL & RISK MANAGEMENT CONTENTS 1.0 PURPOSE OF THE DOCUMENT... 3 2.0 INTRODUCTION AND OVERVIEW... 4 3.0 GOVERNANCE STRUCTURE AND ACCOUNTABILITY...
More informationAppendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015
Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity
More informationThe Role of Internal Audit In Business Continuity Planning
The Role of Internal Audit In Business Continuity Planning Dan Bailey, MBCP Page 0 Introduction Dan Bailey, MBCP Senior Manager Protiviti Inc. dan.bailey@protiviti.com Actively involved in the Information
More informationPractice Guide BUSINESS CONTINUITY MANAGEMENT
Practice Guide BUSINESS CONTINUITY MANAGEMENT AUGUST 2014 Table of Contents Executive Summary... 1 Introduction... 2 Internal Audit Roles and Engagements... 4 Internal Audit s Evaluation of Key BCM Elements...
More informationRisk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015
+ Risk, Risk Assessments and Risk Management Christopher Bowler CPA, CISA August 10, 2015 + Agenda A Few Thoughts Fundamentals of Risk Assessments Fundamentals of Risk Management Assessments vs. Management
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version BUSINESS CONTINUITY MANAGEMENT POLICY DOCUMENT CONTROL Type of Document Document Title
More informationTG 47-01. TRANSITIONAL GUIDELINES FOR ISO/IEC 17021-1:2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES
TRANSITIONAL GUIDELINES FOR ISO/IEC 17021-1:2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES Approved By: Senior Manager: Mpho Phaloane Created By: Field Manager: John Ndalamo Date of Approval:
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationChapter 1. The ISO 9001:2000 Standard and Certification Process
CH01_pp.001-008 15/08/01 12.15 pm Page 1 Chapter 1 The ISO 9001:2000 Standard and Certification Process Overview Introduction This chapter describes the ISO 9000 Standards, ISO 9001:2000 concepts, and
More informationISO Revisions Whitepaper
ISO Revisions ISO Revisions Whitepaper What is the difference between a procedures and a process approach? Approaching change Process vs procedures: What does this mean? The concept of process management
More informationPresentation by BSI on the main changes to the IATF ISO/TS 16949 certification scheme
Presentation by BSI on the main changes to the IATF ISO/TS 16949 certification scheme ISO/TS 16949 IATF Scheme rules 4 th edition areas that impact BSI Clients Copyright 2014 BSI. All rights reserved.
More informationINFOSEC.MY KNOWLEDGE SHARING SESSION
INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have
More informationEnsuring operational continuity
Certification of BCMS (Business Continuity Management Systems) Standard BS 25999-2 Certification of BCMS (Business Continuity Management System Ensuring operational continuity in the event of interruptions,
More informationISO/IEC 20000 Part 1 the next edition
ISO/IEC 20000 Part 1 the next edition Lynda Cooper Independent Consultant UK representative to ISO and project editor for ISO20000 part 1 Synopsis ISO/IEC 20000 part 1 was published in 2005. Since then,
More informationCQI. Chartered Quality Institute
CQI Chartered Quality Institute Introduction Report published in September 2014 by: International Register of Certificated Auditors (IRCA), part of The Chartered Quality Institute (CQI), 2nd Floor North,
More informationISO 9001 Quality Management System
ISO 9001 Quality Management System DETAILED GUIDE ISO 9001 Background ISO 9001:2008 is the world s foremost quality management standard, used by hundreds of thousands of organizations in over 170 countries
More informationISO 9001:2015 Overview of the Revised International Standard
ISO 9001:2015 Overview of the Revised International Standard Introduction This document provides: a summary of the new ISO 9001:2015 structure. an overview of the new and revised ISO 9001:2015 requirements
More informationMaseno University. Towards ISO 9001:2008. Certification
Maseno University Towards ISO 9001:2008 Certification Introduction In 2007 Maseno University started working towards attaining ISO 9001:2000 Certification for its service through Kenya Bureau of standards
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More information