Ensuring operational continuity



Similar documents
BS BUSINESS CONTINUITY MANAGEMENT

Reputation. Further excellence. business continuity. risk management. Data security

Company Management System. Business Continuity in SIA

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business Continuity Management

Principles for BCM requirements for the Dutch financial sector and its providers.

August 2013 Recommendations for Business Continuity Management (BCM)

Proposal for Business Continuity Plan and Management Review 6 August 2008

Independent third-party company specialized in second and third-party audits

November 2007 Recommendations for Business Continuity Management (BCM)

BANK OF RUSSIA RECOMMENDATIONS ON STANDARDISATION MAINTENANCE OF INFORMATION SECURITY OF THE RUSSIAN BANKING SYSTEM ORGANISATIONS

BCP and DR. P K Patel AGM, MoF

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Accreditation in Europe

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

PRODUCT CONFORMITY ASSESSMENT

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Management

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

SUPERVISORY AND REGULATORY GUIDELINES: PU BUSINESS CONTINUITY GUIDELINES

Il nuovo standard ISO sulla Business Continuity Scenari ed opportunità

Business Continuity Planning. A guide to loss prevention

Business Continuity Management Policy

De Nederlandsche Bank N.V. May Assessment Framework for Financial Core Infrastructure Business Continuity Management

Business Continuity Management Policy

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

Coping with a major business disruption. Some practical advice

Global Statement of Business Continuity

Audit of the control body through the monitoring of compliance with control plan. Measures for the irregularities

Business Continuity Standards A Primer

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Memorandum of Understanding

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Policy and Business Continuity Management System

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Business continuity management (BCM) for insurance companies in Switzerland minimum standards and recommendations

How To Manage A Disruption Event

Business Continuity (Policy & Procedure)

DRAFT Revised Guide to the National CDEM Plan 2015 July 2015

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Business Risk Consulting Group. Strengthening Business Resilience

Is securing personal information a priority? Reassure clients and achieve data protection compliance with BS 10012

GUIDANCE DOCUMENT FOR COMPLETION OF RESIDENTIAL CARE ESTABLISHMENTS BUSINESS CONTINUITY PLAN TEMPLATE WEST MIDLANDS

Business Continuity Plan Toolkit

Business Continuity Management. Policy Statement and Strategy

National Security Auditing Criteria (KATAKRI) version II, 2011

Cyber Security solutions

NSW Government Digital Information Security Policy

Overview of GFSI and Accredited Certification

Risk Management Guidelines

Overview TECHIS Manage information security business resilience activities

Risk Management How to manage your brand & build business resilience to improve your bottom line

The Resilient IT Infrastructure

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

Private Certification to Inform Regulatory Risk-Based Oversight: Discussion Document

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Emergency Response and Business Continuity Management Policy

5581/16 AD/NC/ra DGE 2

West Sussex County Council Resilience Policy

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

HKCS RESPONSE COMMONLY ACCEPTED AUDIT OR ASSESSMENT MECHANISM TO CERTIFY INFORMATION SECURITY STANDARDS

Disaster Management and Business Continuity Plan for Bankers

Business Continuity Management Framework

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Guidelines on business continuity for market infrastructures

Foreword 2 STO BR IBBS

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

Course: Information Security Management in e-governance. Day 1. Session 3: Models and Frameworks for Information Security Management

I attach the following documents in response:

Business Continuity Business Continuity Management Policy

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

RSA ARCHER BUSINESS CONTINUITY MANAGEMENT AND OPERATIONS Solution Brief

Business Continuity Management - A Guide to the Italian Premier Control System

Table of Contents... 1

Government of India Ministry of Labour and Employment

Regulations for the certification of environmental management systems in conformity with UNI EN ISO 14001:2004

BT Conferencing Business Continuity Management. Planning to stay in business

Corporate Information Security Policy

Business Continuity Planning

Domain 3 Business Continuity and Disaster Recovery Planning

For the Design, Installation, Commissioning & Maintenance of Fixed Gaseous Fire Suppression Systems

ISO/IEC 27001:2013 Your implementation guide

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

ISO 27001: Information Security and the Road to Certification

General Rules for the certification of Management Systems

Building up an IT Service Management System through the ISO Certification

NHS 24 - Business Continuity Strategy

Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY

Business Continuity and Disaster Recovery Planning

BUSINESS CONTINUITY PLANNING

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Business Continuity Management Standard and Guide

Transcription:

Certification of BCMS (Business Continuity Management Systems) Standard BS 25999-2

Certification of BCMS (Business Continuity Management System Ensuring operational continuity in the event of interruptions, whether these are due to serious incidents or minor setbacks, is a fundamental requirement of any organisation operating in today s local and international context.

s) Standard BS 25999-2 Continuity in the provision of services or the delivery of products is an asset with an economic value and must thus be adequately protected from a wide range of threats so as to ensure that company activities are carried out normally, while minimizing the damage to the company (financial and/or image) and maximizing the returns on investment. Ensuring operational continuity requires the existence of an appropriate set of measures, including policies, operating practices and organisational structures that will allow a company to fulfil its business continuity objectives. An evaluation of the effects on operations is the ideal point from which to start to determine the solutions which most effectively meet the needs of each individual company. The new-economy and globalisation have resulted in a significant improvement of electronical transactions (typical examples can be found in the banking, insurance and financial sectors) while rendering organisations increasingly interdependent (in particular insofar as the critical infrastructures are concerned, these including Energy, ICT, Finance and Transportation among others) while dependence on outsourcers for processes that are vital to the organization has increased. This situation coupled with specific sectorial requests (for example the guidelines issued by the Bank of Italy on business continuity) and the proposal for a European Directive on Critical Infrastructures, have made it necessary to develop business continuity management systems that will guarantee survival of organisations in the event of an interruption in operations while ensuring the recovery of critical activities within predetermined times and through the use of specific procedures. In addition to the perceived value, auditing by a third party is one of the advantages of having a certified Business Continuity Management System (BCMS). Indeed, unlike other management systems (qualitative, environmental, safety, etc.), such an audit includes a documentary and operational structure which is tested through exercises that allow for validation of the system being certified. The regulatory and legislative framework for operational continuity Banking regulations Basel Accord II International Convergence of Capital Measurement and Capital Standards Revised Framework June 2004; Bank for International Settlements: Basel Committee on Banking Supervision Sound Practices for the Management and Supervision of Operational Risk Bank for International Settlements ; Guidelines of the Bank of Italy for the continuity of services in wholesale markets and support systems, October 2004; Supervisory Provisions of the Bank of Italy of 21 March 2007 (published in the Supervisory Bulletin issue n. 7, July 2004, pages 7-13) Specific requirements for operational continuity in systemically relevant processes.

Certification of Business Continuity Management Systems (BCM - Business Continuity Management) - Standard BS 25999-2 Fiscal regulations DMEF (Decree of the Minister of Economy and Finance) of 23 January 2004 (Official Gazette issue 27 of 3 February 2004) Procedures for fulfilling fiscal obligations relating to electronic documents and their reproduction in different support media; Circular of the Italian Inland Revenue Service of 6 December 2006 n.36/e Ministerial Decree of 23 January 2004 - Procedures for fulfilling fiscal obligations relating to electronic documents and their reproduction in different support media; Legislative Decree n. 52 of 20 February 2004 (Official Gazette issue 49 of 28 February 2004) Enactment of Directive 2001/115/EC which simplifies and harmonises invoicing procedures pertaining to V.A.T.; Circular of the Italian Inland Revenue Service of 19 October 2005 n.45/e Legislative Decree n. 52 of 20 February 2004 Enactment of Directive 2001/115/EC which simplifies and harmonises invoicing procedures pertaining to V.A.T. Regulations in the field of critical infrastructures Decree of the Ministry of the Interior of 9 January 2008 (Official journal no. 101 of 30 April 2008) Identification of critical IT infrastructures of national interest; Directive on the identification and designation of critical European infrastructures and on the evaluation of the need to improve their protection, text approved on 5 June 2008 by the Justice and Home Affairs Council of the European Union. Other applicable regulations Legislative Decree no. 196 of 30 June 2003 (Official journal no. 174 of 29 July 2003) Personal data protection code; Prime Ministerial Decree of 13 January 2004 (Official journal no. 98 of 27 April 2004) Technical specifications for the creation, transfer, storage, duplication, reproduction, and validation, including by time-stamp, of electronic documents; Legislative Decree of 2 November 2005 (Official journal no. 266 of 15 November 2005) Technical specifications for the creation, transfer and validation, including by time-stamp, of certified e-mail; Resolution no. 4, 17 February 2005 of the National Centre for IT in Public Administrations (Official journal no. 51 of 3 March 2005) Rules for the recognition and verification of the electronic document Voluntary regulations: BS 25999-2 Business continuity management Part 2: Specification BS 25999-1 Business continuity management Part 1: Code of practice CSQ-BCM certification Thanks to the great levels of experience CSQ has gained through his work in major areas of production, he is able to offer services to companies that wish to compare their methods with BS 25999-2, which is the new standard of reference on business continuity. BS 25999, the world s first standard on business continuity management, was developed by British standardisation

body BSI to reduce the risk of such interruptions to a minimum, this being a priority of many companies. CSQ has developed the CSQ-BCM scheme for issuing of BS 259992 certification. CSQ-BCM allows organisations to certify their own Operational Continuity System (OCS), through assessment of: The scope of the BCMS The Business Continuity Policy BIA Business Impact Analysis Risk Assessment Risk handling choices The existence of an organisation dedicated to the management of incidents and operational continuity Implementation of the provisions set up for operational continuity Procedures for the management of operational continuity Assessment and periodic review of the BCMS adopted The certification process This generally takes place in at least two phases, both of which aim to identify compliance with BS 25999-2. Phase 1: Audit on documentation. Assessment of the documentation supporting the BCMS, from the business continuity management manual to the document on business impact analysis and risk assessment. This can be carried out within the organization and involves all the major documents pertaining to the Business Continuity Management System. Phase 2: Audit on organization On site visit for interviews, examination of documents, comparisons of formal procedures and operating practices. The goal is to ensure that the organisation adheres to its own policies, objectives and procedures and that the OCS is efficiently imple-

Certification of Business Continuity Management Systems (BCM - Business Continuity Management) - Standard BS 25999-2 mented, maintained and improved. The objectives To provide a consistent infrastructure that is based on the best international practices with which to manage operational continuity. To identify any impacts that could threaten the organisation and provide a model to ensure resilience and the ability to react in a feasible manner so as to safeguard the interests of the main stakeholders, the reputation, brand and the activities that create added value. To proactively improve resilience in case of interruption, so as to ensure that key objectives are reached. To provide an effective method for recovering the capacity to deliver critical products and services at a predefined level and within a specified time following an interruption. To offer an appropriate response for managing an interruption. To provide a clear comprehension of how the entire organisation operates and to identify opportunities for improvement. To make it possible to reduce the insurance premium for the interruption of operations. IMQ accreditations 1. IMQ is accredited by SINCERT to issue certifications that comply with the ISO/IEC 27001 standard in all sectors included in the international EA (European Cooperation for Accreditation) classification. 2. IMQ's Security Testing Laboratory assesses IT security according to the ITSEC and Common Criteria (ISO/IEC 15408) standards. The laboratory is accredited by National Schemes for the Evaluation and Certification of the Security of ICT Systems and Products. Advantages of CSQ-BCM certification Certifying a business continuity management system makes it possible to: ensure adherence to contractual and legislative requirements; strengthen a company s credibility and visibility while safeguarding its image and assets and facilitating recovery from interruptions; reduce the cost of incidents; efficiently finalise the investments used to implement the incident management and operational continuity plans; ensure and prove to stakeholders that all instruments and technical and organisational measures are in place to ensure the delivery of critical products and services.

Ensuring continuity of transactions; Ensuring data protection and recovery; Recovering critical services within established time. The banking sector and by extension its strategic partners can use the certification of their own BCMS to provide objective evidence of compliance with the directives of the Bank of Italy so as to ensure the continuity of operations. Certification of Operational Continuity Systems: Major industrial sectors and areas covered The need to guarantee that products and/or services continue to be delivered even in the case of serious incidents of any type (such as natural disasters, breakdowns, strikes, acts of terrorism or vandalism, etc.) is now a requirement of all organisations. Indeed, we note that in such a context, business continuity in a general sense cannot be ensured solely by the introduction of technical elements, as it requires appropriate organisation and procedures. Furthermore, the management of operational continuity is strongly based on the participation of all key personnel and in certain cases of suppliers, clients and other stakeholders. Organisations must therefore identify specific critical areas depending on the sector they operate in. Financial Sector Financial services are carried out throughout different sectors ranging from banks to insurance companies, all of which share the need to utilise network systems for data and funds transactions. In this sector, the following are important: The Utilities Sector Suppliers of energy, telecommunications, transportation, etc. are among Italy s critical infrastructures. The transposition of European Directives in this area results in the implementation of plans guaranteeing the continuity of supply and services and BCMS certification will be the natural way to ensure that the emergency management system is updated, appropriate and in a state of continual improvement. Industry and Sales The Industry and Sales sectors must guarantee production or the provision of services in the advent of a disaster, by anticipating possible scenarios and being prepared and trained to ensure survival of the organisation while ascertaining that its own critical suppliers are equally prepared to do so. It does not suffice to be optimistic that such a thing will not occur, while it is always best to be prepared for the worst. Certification of a company s BCMS also provides the advantage of a better image and more opportunities compared to the competitors. The Public Sector The Public Sector includes many different areas, for which the issue of operational continuity is of fundamental importance; in particular, this involves public administration (PA), defence, health and the provision of services to citizens. Understanding an organisation s particular situation and the threats that it may be subject to, analyzing the possible scenarios and the impacts to services and infrastructures, planning ahead to reduce the impact of these disastrous events, managing incidents and having plans in place that will allow for recovery of operations should be the duty of any good public administration. Certifying an operational continuity system means ensuring that what has been planned is consistent, updated, efficient and tested, while it is periodically reviewed and improved.

ABOUT US The IMQ group is Italy's leading organisation in conformity assessment (certifications, tests, verifications and inspections). With the synergies of its companies, its prestige gained from more than 50 years of experience and a complete range of services, the IMQ Group is the partner of choice for companies who are committed to safety and quality. The IMQ group operates in numerous sectors, from the electro-technical and electronics industries to telecommunications, the automotive industry, the gas sector, plant engineering, construction products and the food and agricultural industry. The IMQ group can provide general or targeted services for each product category, based on needs, including product certification, certification for EC directives, company management system certification, inspections of systems and property, laboratory tests, international type tests, assistance with exports, surveillance of manufacturing abroad, as well as assistance with technical formalities and training. The comprehensive range of services is delivered through the expertise gained in numerous product categories from IMQ group companies: IMQ S.p.A., CSI S.p.A., IMQ Primacontrol S.r.l., IMQ Clima S.p.A., ICILA S.r.l., IMQ Iberica SL, IMQ Kraków R.O., IMQ Shanghai R.O. (Representative Office in China). The IMQ Group also has a holding in Istituto Giordano S.p.A., in CISQCERT S.p.A. and in Icube S.A. (Argentina). mod.1131/0/e- 2009/1 -Med. 250 MILAN - ROME - BARCELONA - MADRID - KRAKÓW - SHANGHAI - BUENOS AIRES

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information