ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance"

Transcription

1 The Impact of ISO Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance We have all sat through presentations on How to Get and Keep Management Support for Your BCM Program. The problem is now solved. The new question becomes, How to Implement an Auditable and Internationally-Accepted Business Continuity Management System. Moving your business continuity program to a management system requires management commitment. It involves embedding business continuity management into the culture of the organization. It is the endgame. It is what we have been seeking. We finally have a standard method for BCM program development and improvement. We no longer need to rely on Consultant X s Patented Approach. We no longer have to discuss and argue about definitions. The vocabulary is defined. So how to you begin? 1. Learn about the standards. Buy them. Read them. Study them. Take classes on how to implement them. 2. Benchmark your current program against the requirements of the standards. What s missing? In what areas can you improve your program? 3. Use the guidance documents to guide you through the process (it s why they re there!) 4. Demonstrate to management how the implementation of the standard will increase the resilience of your organization. Learn About the Standards ISO 22301: Societal Security Business Continuity Management Systems Requirements is one standard that is part of a series of standards developed with the intention to, as defined in ISO 22312: Technical Specifications, work towards international standardization that provides protection from and response to risks of unintentionally, intentionally, and naturally-caused crises and disasters that disrupt and have consequences on societal functions. This series of standards address the public planning & response as well as private sector planning & response. The intent of ISO is to provide the structure for an organization to design a BCMS that is appropriate to its needs and that meets its interested parties requirements. Built upon the foundation of British Standard : 2007, it provides a framework for both BCM program development and improvement. If you are familiar with the requirements of BS you will note the following changes or modifications: New! Understanding of the Organization and its Context It is important for the cornerstone of the BCMS to be built upon an understanding of what internal and external factors should be taken into consideration when evaluating risk management and the requirements of interested parties. Terminology has been changed from key stakeholder to interested parties. Determining the Scope of the System Organizations must now document and explain exclusions from the scope of the BCMS.

2 Leadership & Support The standard is very specific on how management demonstrates is commitment. ISO includes the other requirements as well for competency of personnel and the required resources included in BS The Business Impact Analysis & Risk Assessment New Term! Minimum Business Continuity Objective (MBCO): Minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption. Maximum Tolerable Period of Disruption (MTPD) and Maximum Acceptable Outage (MAO) have been redefined as, time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable. The combination of Recovery Time Objective (RTO) and MBCO and setting prioritized timeframes for recovery of activities at a minimum acceptable level taking into consideration the time within which the impacts of not resuming them would become unacceptable is new language regarding the Business Impact Analysis. Regarding Risk Management, ISO specifically points to ISO 31000: Risk Management Principles and Guidelines as a reference to how to manage risk. Just like in BS 25999, the scope of the risk assessment may be limited to the scope of the business continuity management system. It can also be enterprise risk management, but is not a requirement for ISO Business Continuity Strategy What is interesting about how ISO has worded this section of the standard is that it requires the organization to differentiate between how it is going to mitigate identified risks that require treatment and those activities and their dependencies that need to have strategies developed to stabilize, continue, resume, and recover their operation as well as mitigate, respond to, and manage impacts. ISO (Guidance) offers these examples of what this might include.

3 Establishing Resource Requirements ISO draws a direct connection between the outputs of the BIA and RA and the development of risk treatments, including strategies for continuity and recovery. Included in this step is the establishment of resource requirements with the specific types of resources to be considered (at a minimum) as illustrated in the graphic. Business Continuity Objectives & the Plans to Achieve Them, Implementing Business Continuity Procedures, and Communication This section of the Standard is where there have been significant changes in both the organization and framework. In BS , there was an incident response structure with incident management plan content as well as requirements for any types of plans. These requirements remain but have been expanded upon. Expanded Focus on Communication In ISO the focus is much larger in scope and in requirements. In addition to the required incident response structure, there is a focus on communication of business continuity requirements and objectives as well as a warning and communication structure that is to be used to detect an incident, to monitor an incident, to document an incident, and the means of communicating during and after an incident. Included also is the need to document what will be communicated, when to communicate, and to whom to communicate. The organization must also establish procedures for receiving communications from interested parties. ISO has included requirements of ASIS.SPC.1:2009 and NFPA 1600:2010 in this section. As part of the planning stage, the organization must document the following resource requirements:

4 The following sections included in ISO do not vary significantly in intent or requirements from BS although they may be found organized differently between the two standards: Legal and regulatory requirements Policy Documented information Awareness Exercising and Testing Performance Evaluation, Continuous Improvement, Audit with the exception that ISO does not include the requirement for preventive actions. Benchmark your current program against the requirements of the standards. What s missing? In what areas can you improve your program? This is where the real work begins. Certifying Bodies often report that 90% of the time and resources required for a certification audit is in the preparation for the audit and not the audit itself. Don t underestimate the time it will take to bring your organization into conformance with a standard. But the upside is, it gives you specific program improvement goals and objectives that should provide for an annual budget. Use the guidance documents to guide you through the process (it s why they re there!) Yes, each standard and the guidance documents cost money. You can find out the exact cost by visiting ISO 22300: Societal Security - Terminology: Use this as a reference for how the world is going to be using terms related to business continuity in the future. Consider the need to modify and update how your organization defines terms and the relevance of aligning to international standards (or not). ISO 22313: Societal Security Business Continuity Management Systems Guidance: A great resource for how to interpret the requirements of ISO Kind of like having a teacher s guide for the standard. This document is also utilized by Certifying Bodies as a reference document for understanding the requirements. ISO 22398: Societal Security Exercises and Testing - Guidance: Learn how to manage your testing and exercise program. Why are tests pass or fail and exercises a demonstration improvement of the system? Activities are organized as discussion-based or operationally-based. Includes great Annexes with examples of how to do everything from create a scenario to how to evaluate the exercise itself. Demonstrate to management how the implementation of the standard will increase the resilience of your organization This is really where the rubber meets the road or how you can gain traction. Sometimes program leadership is not interested in aligning their customized and internally created program to a management system. The argument is made that if they tell senior management that changes need to be made that they will question the quality of the current program.

5 Do you want management to believe that they have a state-of-the-art program only to discover later that it didn t meet the requirements of an international standard? A management system requires continual improvement. A management system involves management. It requires management to demonstrate commitment. The standard provides a baseline for what that commitment looks like and the requirements of the program leadership. A management system approach (versus the current often siloed approach) is more efficient and ties to other management systems often in place in the organization. It can eliminate waste and duplication of services. It embeds BCS into the culture of the organization versus maintaining ownership with a few individuals. A management system is a proven framework for managing and continually improving your organization s policies, procedures and processes. Business units work with a shared vision, with information sharing, benchmarking, and team work. Seeking Third-Party Certification? ISO is being considered for adoption by DHS/FEMA as an additional standard that can be used for PS-Prep certification. The addition of the international standard will allow organizations to concurrently fulfill the U.S. national interests for preparedness with international trade interests. Show your support for the adoption of ISO as a PS-Prep standard by writing a letter to FEMA/DHS Administrator W. Craig Fugate. For more information, contact Lynnda Nelson by at

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the

More information

ISO 22301:2012 Societal Security Appendix B Business Continuity Management Systems Requirements 347

ISO 22301:2012 Societal Security Appendix B Business Continuity Management Systems Requirements 347 Appendix B Business Continuity Management Systems Requirements 347 B.3 Format and Structure ISO 22301 is the second published standard to adopt ISO s new high-level structure for management systems standards

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Business Continuity Standards A Primer

Business Continuity Standards A Primer INTELLIGENT NOTIFICATION Alphabet Soup: Making Sense of BC/DR Standards Part 1: Business Continuity Standards A Primer Why all the attention now? One of the hottest topics in BC/DR these days is standards.

More information

Is Business Continuity Certification Right for Your Organization?

Is Business Continuity Certification Right for Your Organization? 2008-2013 AVALUTION CONSULTING, LLC ALL RIGHTS RESERVED i This white paper analyzes the business case for pursuing organizational business continuity certification, including what it takes to complete

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

ISO & Business Continuity Management System Standards and Application for Incident Communication Plans

ISO & Business Continuity Management System Standards and Application for Incident Communication Plans ISO 22301 & 22313 Business Continuity Management System Standards and Application for Incident Communication Plans ISO 22301 & 22313: Business Continuity Management System Standards and Application for

More information

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting

Business Continuity Trends, Requirements and Expectations in 2009. Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Business Continuity Trends, Requirements and Expectations in 2009 Brian Zawada (MBCP) Director of Consulting Services Avalution Consulting Overview What Is Business Continuity? The Value Proposition What

More information

Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità

Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Il nuovo standard ISO 22301 sulla Business Continuity Scenari ed opportunità Massimo Cacciotti Business Services Manager BSI Group Italia Agenda BSI: Introduction 1. Why we need BCM? 2. Benefits of BCM

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

EPRR: Toolkit Facilitator Guide

EPRR: Toolkit Facilitator Guide NHS England Business Continuity Management EPRR: Toolkit Facilitator Guide APPENDIX 1 1 [Intentionally Blank] INTRODUCTION The document has been designed to assist you to deliver the outcomes of the workshop

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

BCS Practitioner Certificate in Business Continuity Management Syllabus

BCS Practitioner Certificate in Business Continuity Management Syllabus BCS Practitioner Certificate in Business Continuity Management Syllabus Version 4.3 March 2015 Contents Change History... 4 Introduction... 5 Objectives... 5 Entry Criteria... 5 Examination Format and

More information

Checklist of ISO 22301 Mandatory Documentation

Checklist of ISO 22301 Mandatory Documentation Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers

More information

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental

More information

BS 25999 BUSINESS CONTINUITY MANAGEMENT

BS 25999 BUSINESS CONTINUITY MANAGEMENT BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Prudential Standard LPS 232

Prudential Standard LPS 232 Prudential Standard LPS 232 Business Continuity Management Objective and key requirements of this Prudential Standard This Prudential Standard aims to ensure that each life company implements a whole of

More information

How to measure your business resiliency

How to measure your business resiliency How to measure your business resiliency Define the KPI s/kri s and scorecards to control your security and business continuity capabilities Krzysztof Pulkiewicz BCMLogic krzysztof.pulkiewicz@bcmlogic.com

More information

Societal security Business continuity management systems Guidance

Societal security Business continuity management systems Guidance DRAFT INTERNATIONAL STANDARD ISO/DIS 22313 ISO/TC 223 Secretariat: SIS Voting begins on Voting terminates on 2011-12-13 2012-05-13 INTERNATIONAL ORGANIZATION FOR STANDARDIZATION МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ

More information

BUSINESS CONTINUITY STRATEGY 2014-2017

BUSINESS CONTINUITY STRATEGY 2014-2017 BUSINESS CONTINUITY STRATEGY 2014-2017 This strategy covers the period 01 April 2014 31 March 2017 and was approved by the Major Incident Working Group 19.03.2014 Caroline Rushmer Major Incident and Business

More information

Business Intelligence & Business Continuity

Business Intelligence & Business Continuity Business Intelligence & Business Continuity BCM Maturity Curve April 22, 2013 COOP Systems Briefing 2 Chris Alvord, CEO, COOP Systems CBCP, MBCI, Former DRII Certified Trainer OCEG GRC, ISO 22301 Lead

More information

Auditing Business Continuity Management. DHIRAJ LAL Executive Director

Auditing Business Continuity Management. DHIRAJ LAL Executive Director Auditing Business Continuity Management DHIRAJ LAL Executive Director +971 52 9263933 dhiraj.l@continuityandresilience.com Agenda About us Relevance of Business Continuity in the UAE The UAE BCM Standard

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Business Impact Analysis Process Policy Author: Daniel Hale - Head of Emergency Planning Version:

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity in SIA

Business Continuity in SIA Aim of the document: This document describes how SIA develops, implements and maintains its business continuity management system, applying what is stated in the company Business Continuity Guidelines,

More information

BS a framework for resilience and success. Robert Whitcher BCI Webinar June, 2009

BS a framework for resilience and success. Robert Whitcher BCI Webinar June, 2009 BS 25999 a framework for resilience and success Robert Whitcher BCI Webinar June, 2009 2 Scope of Presentation The Standards process Drivers for BCM and BS 25999 BS 25999 development Overview of BS 25999

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

Societal Security Management System Standards

Societal Security Management System Standards Societal Security System Standards ISO/TC 223: Societal Security Dr. Marc Siegel Security System Consultant ASIS International Ever since the term Societal Security was first used by Barry Buzan in the

More information

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief

More information

Business Continuity Management Standard and Guide

Business Continuity Management Standard and Guide Business Continuity Management Standard and Guide AE/HSC/NCEMA 7000: 2012 Version 1 His Highness Sheikh Khalifa Bin Zayed Al Nahyan President of the United Arab Emirates Chairman of the Supreme Council

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

Council Policy Business Continuity Management

Council Policy Business Continuity Management Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief

More information

NHS Commissioning Board Business Continuity Management Framework (service resilience)

NHS Commissioning Board Business Continuity Management Framework (service resilience) NHS Commissioning Board Business Continuity Management Framework (service resilience) 1 P a g e NHS Commissioning Board Business Continuity Management Framework Date 7 January 2013 Audience NHS Commissioning

More information

External Supplier Control Requirements BCM

External Supplier Control Requirements BCM External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity

More information

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief INTRODUCTION Now more than ever, organizations depend on services, business processes and technologies to generate revenue and meet

More information

MHA Consulting. Business Continuity Management 101

MHA Consulting. Business Continuity Management 101 0 MHA Consulting Business Continuity Management 101 Presented by: Michael Herrera Brandon Magestro MHA Consulting Agenda MHA Consulting Introduction Business Continuity Management (BCM) Defined 2013 Trends

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

Disaster Recovery Journal Spring World 2014

Disaster Recovery Journal Spring World 2014 Disaster Recovery Journal Spring World 2014 What works: Services and service supply chain business continuity risk management Don Hall, CBCP, Cisco Services Business Continuity Analyst Cisco Systems, Inc.

More information

Plan Development Getting from Principles to Paper

Plan Development Getting from Principles to Paper Plan Development Getting from Principles to Paper March 22, 2015 Table of Contents / Agenda Goals of the workshop Overview of relevant standards Industry standards Government regulations Company standards

More information

Business Continuity Management

Business Continuity Management Annex A Business Continuity Management Programme Business Continuity Management Policy 1. Introduction This Business Continuity Management (BCM) Policy defines the scope of the SPCB s ability to maintain

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

TELUS Business Continuity Program past and future

TELUS Business Continuity Program past and future TELUS Business Continuity Program past and future Presentation to EPICC 6 th Annual Seminar Victoria, BC September 17, 2010 John Yamniuk, MBCP Member of the TELUS team TELUS BCM Purpose To provide an overview

More information

BUSINESS CONTINUITY PLANNING TOOL KIT GUIDE

BUSINESS CONTINUITY PLANNING TOOL KIT GUIDE BUSINESS CONTINUITY PLANNING TOOL KIT GUIDE 1 Table of Contents INTRODUCTION... 3 What is Business Continuity?... 3 When is a process critical?... 3 What is Business Continuity Planning?... 3 Why you should

More information

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT

CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT CONTINUITY OF OPERATIONS AUDIT PROGRAM EVALUATION AND AUDIT April 16, 2014 INTRODUCTION Purpose The purpose of the audit is to give assurance that the development of the Metropolitan Council s Continuity

More information

Time Warner Cable s (TWC) Path to Declaring Conformity to ISO 22301

Time Warner Cable s (TWC) Path to Declaring Conformity to ISO 22301 14th Annual Time Warner Cable s (TWC) Path to Declaring Conformity to ISO 22301 A BCM journey from variance to consistency The Road to Resilience Speaker Information Rachelle Loyear Enterprise Director

More information

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability

ABA Homeland Security Law Institute Panel. Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability ABA Homeland Security Law Institute Panel Two Ounces of Prevention: The SAFETY Act and PS Prep Voluntary Programs to Mitigate Liability March 23, 2012 Remarks of Stephen Amitay, Counsel to ASIS International

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12 POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

The ABA s Path to Business Continuity Certification

The ABA s Path to Business Continuity Certification The ABA s Path to Business Continuity Certification George Huff & Diana Gilbert A Business Case American Bar Association 2 / 9 /2013 This Business Case is authored by George Huff, a Member of the Special

More information

CSA Z1600 Emergency Management and Business Continuity Programs

CSA Z1600 Emergency Management and Business Continuity Programs CSA Z1600 Emergency Management and Business Continuity Programs Presented by: John Lindsay, Brandon University Department of Applied Disaster and Emergency Studies and Z1600 Technical Committee member

More information

Business Continuity / Disaster Recovery Context

Business Continuity / Disaster Recovery Context Capability Business Continuity / Disaster Recovery Context What is Business Continuity? The Business Continuity Program Life Cycle Copyright: Virtual Corporation, 1994 2006 Modified U.S. DoD Graphic Normal

More information

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1

University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems 4/6/2004 1 University of Michigan Disaster Recovery / Business Continuity Administrative Information Systems. 1 Michigan Administrative Information Services (MAIS) MAIS is responsible for the production support of

More information

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Best Practices in Disaster Recovery Planning and Testing

Best Practices in Disaster Recovery Planning and Testing Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely

More information

Using an Integrated Management System Approach to Increase Resilience

Using an Integrated Management System Approach to Increase Resilience Using an Integrated Management System Approach to Increase Resilience The World is Getting Riskier Traditional corporate strategies are no longer protecting us from unexpected events. The imperative to

More information

D2-02_01 Disaster Recovery in the modern EPU

D2-02_01 Disaster Recovery in the modern EPU CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October

More information

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)

The Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS) Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services

More information

Update from the Business Continuity Working Group

Update from the Business Continuity Working Group 23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore

Loss Control Webcast. Disaster Recovery Planning we re not in Kansas anymore Loss Control Webcast Disaster Recovery Planning we re not in Kansas anymore May 15, 2013 1 The information presented in this material has been developed from sources believed to be reliable. It is presented

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Getting Your Business Back

Getting Your Business Back Getting Your Business Back Pulling Together Business Continuity, Crisis Management and Disaster Recovery Many organizations have a program (or programs) in place to keep operations going (or to resume

More information

Business Continuity Management Emerging Trends

Business Continuity Management Emerging Trends Business Continuity Management Emerging Trends Presentation Title Goes Here Samir Shah CA, CISA, DISA, CIA, CISSP, CFE, ISO 22301 LI Associate Director Axis Risk Consulting March 2013 Outline 2 1. Business

More information

ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER

ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER COMPETENCY LEVEL COMPETENCY WHICH LEVEL SHOULD I BE STARTING MY BUSINESS CONTINUITY TRAINING? KNOW DO BCM-230 BCM-330 I am new

More information

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0 NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet

eet Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry Power and Utilities Fact Sheet Power and Utilities Fact Sh Business continuity and disaster recovery Enhancing enterprise resiliency for the power and utilities industry A holistic approach to business resiliency and disaster recovery

More information

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST

DESIGNING A BUSINESS CONTINUITY TRAINING PROGRAM TO MAXIMIZE VALUE & MINIMIZE COST CONTENTS A Brief Introduction... 3 Where is the Value?... 3 How Can We Control Costs?... 5 The Delivery Mechanism... 7 Strategies to Deliver Training and Awareness... 8 Proving Training/Awareness Program

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight

> State Street. Corporate Continuity Program. Continuity Organizational Structure. Program Oversight > State Street An Integrated Approach to Continuity Metrics & Progress Reporting Presented to: Continuity Insights May 2007 Presented by: Chris Glebus Continuity Organizational Structure Executive Management

More information

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems

NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems NIST SP 800-34, Revision 1 Contingency Planning Guide for Federal Information Systems Marianne Swanson NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY 1 Table Of Contents Introduction to NIST SP 800-34

More information

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009

Business Continuity Management 101. Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 Business Continuity Management 101 Patrick Potter, CBCP MHA Consulting ISACA November 19, 2009 1 Who is MHA Consulting Who We Are What We Do Leading boutique consulting firm since 1998 Provider of consulting

More information

Protecting Your Business

Protecting Your Business Protecting Your Business Business Continuity/Disaster Recovery Planning Robert Haberman Senior Product Manager BCP/DRP TELUS BUSINESS SOLUTIONS Business Continuity/Disaster Recovery Planning 1 Agenda:

More information

PS 170 Business Continuity Management Policy

PS 170 Business Continuity Management Policy PS 170 Business Continuity Management Policy July 2013 Version 2 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010;

More information

Business continuity management policy

Business continuity management policy Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business

More information

EPRR: Toolkit Business Impact

EPRR: Toolkit Business Impact NHS England Business Continuity Management EPRR: Toolkit Business Impact Assessment (BIA) Template Appendix 3.1 0 [Intentionally Blank] 1 INTRODUCTION The purpose of this document is to assist those who

More information

Agenda. Perform a BIA. Introduction. What is a Business Impact Analysis? 3/27/2014. Stacy Gardner (MBCI) Managing Consultant Avalution Consulting

Agenda. Perform a BIA. Introduction. What is a Business Impact Analysis? 3/27/2014. Stacy Gardner (MBCI) Managing Consultant Avalution Consulting Perform a BIA the ISO 22301 Way Stacy Gardner (MBCI) Managing Consultant Avalution Consulting Agenda Introduction What is a Business Impact Analysis (BIA)? How ISO 22301 Approaches BIAs Differently Components

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Effective risk management

Effective risk management Effective risk management Our holistic and disciplined risk management program is designed to mitigate risks at all levels of our business in order to protect our clients interests. 2 Vanguard > Effective

More information

Need to protect your business from potential disruption? Prepare for the unexpected with ISO 22301.

Need to protect your business from potential disruption? Prepare for the unexpected with ISO 22301. Need to protect your business from potential disruption? Prepare for the unexpected with. Why BSI? Keep your business running with and BSI. Our knowledge can transform your organization. For more than

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

TAKING ON BUSINESS CONTINUITY: ONE COMPANY S JOURNEY TO ISO CERTIFICATION. The Continuity Project, LLC. Title (sub)

TAKING ON BUSINESS CONTINUITY: ONE COMPANY S JOURNEY TO ISO CERTIFICATION. The Continuity Project, LLC. Title (sub) TAKING ON BUSINESS CONTINUITY: ONE COMPANY S JOURNEY TO ISO 22301 CERTIFICATION George B. Huff TITLE Jr., Esquire, MBCI, (MAIN) ISO 22301 Lead Auditor, The Continuity Project, LLC Title (sub) Maureen Roskoski,

More information

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for

More information