SlideShare ist ein Scribd-Unternehmen logo

ISO 22301 Business Continuity Management

Ramiro Cid
Ramiro Cid

Presentation of ISO 22301 Societal Security - Business Continuity Management Systems, main concepts, basic terms, content of the standard, clauses, mandatory documentation, related standards, comparision with BS25999-2, benefits of ISO 22301 implementation, etc.

TechnologieBusiness
1 von 17
Downloaden Sie, um offline zu lesen
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Ramiro Cid | @ramirocid ISO 22301 Societal Security - Business Continuity Management Systems
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 2 Index 1. Introduction Page 3 2. Comparison between ISO 22301 and BS 25999-2 Page 4 3. Basic terms used in the standard Page 6 4. Content of ISO 22301 Page 7 5. ISO 22301 explained Page 8 6. Mandatory documentation Page 12 7. Related standards Page 13 8. Societal security context Page 14 9. Projects under development Page 15 10. Benefits of ISO 22301 business continuity management Page 16
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 3 Introduction The full name of this standard is: “ISO 22301 Societal security - Business continuity management systems - Requirements” This standard was created by leading experts on this area to provide the best framework for business continuity management in an organization. Object: ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. Scope: The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. Who can implement this standard? Any organization, large or small, with or nonprofit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 4 Comparison between ISO 22301 and BS 25999-2 The ISO 22301 has replaced 25999-2. These two standards are quite similar, but the ISO 22301 can be considered as an update of the BS 25999-2 ISO 22301 BS 25999-2 Complete name ISO 22301:2012 Societal security - Business continuity management systems - Requirements BS 25999-2 Business Continuity Management - Part 2: Specification Published by International Organization for Standardization British Standards Institution Published date 15/05/2012 20/11/2007 Total number of pages 24 28 Official recogment Internationally accepted by standards institutes on 163 countries Accepted only in United Kingdom only, but implemented worldwide
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 5 ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard. ISO 22301 places much greater emphasis on understanding requirements, setting objectives and measuring performance. Therefore, it will be more easily accepted by top management, which in turn will contribute to the widespread adoption of this standard like ISO 27001, ISO 9001 or ISO 14001. Comparison between ISO 22301 and BS 25999-2 (continuation)
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 6 Basic terms used in the standard Business Continuity Management System (BCMS) – part of an overall management system that takes care business continuity is planned, implemented, maintained, and continually improved Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD) Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organization needs to produce after resuming its business operations
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 7 Content of ISO 22301 Introduction 5 Leadership 8 Operation 0.1 General 5.1 General 8.1 Operational planning and control 0.2 The Plan-Do-Check-Act (PDCA) model 5.2 Management commitment 8.2 Business impact analysis and risk assessment 0.3 Components of PDCA in this International Standard 5.3 Policy 8.3 Business continuity strategy 1 Scope 5.4 Organizational roles, responsibilities and authorities 8.4 Establish and implement business continuity procedures 2 Normative references 6 Planning 8.5 Exercising and testing 3 Terms and definitions 6.1 Actions to address risks and opportunities 9 Performance evaluation 4 Context of the organization 6.2 Business continuity objectives and plans to achieve them 9.1 Monitoring, measurement, analysis and evaluation 4.1 Understanding of the organization and its context 7 Support 9.2 Internal audit 4.2 Understanding the needs and expectations of interested parties 7.1 Resources 9.3 Management review 4.3 Determining the scope of the management system 7.2 Competence 10 Improvement 4.4 Business continuity management system 7.3 Awareness 10.1 Nonconformity and corrective action 7.4 Communication 10.2 Continual improvement 7.5 Documented information Bibliography
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 8 ISO 22301 explained ISO 22301 is the second published management systems standard that has adopted the new high- level structure and standardized text agreed in ISO. This will ensure consistency with all future and revised management system standards and make integrated use easier with, for example, ISO 9001 (quality), ISO 14001 (environmental) and ISO/IEC 27001 (information security). The standard is divided into 10 main clauses, starting with scope, normative references, and terms and definitions. Following these are the standard’s requirements.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 9 ISO 22301 explained Clause 4 – Context of the organization The first step involves getting to know the organization, both internal and external needs, and setting clear boundaries for the scope of the management system. In particular, this requires the organization to understand the requirements of relevant interested parties, such as regulators, customers and staff. It must in particular understand the applicable legal and regulatory requirements. This enables it to determine the scope of the business continuity management system (BCMS). Clause 5 – Leadership ISO 22301 places particular emphasis on the need for appropriate leadership of BCM. This is so that top management ensures appropriate resources are provided, establishes policy and appoints people to implement and maintain the BCMS. Clause 6 – Planning This requires the organization to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 10 ISO 22301 explained Clause 7 – Support Since resources are required for implementation, Clause 7 introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. It is also important that all staff are aware of their own role in responding to incidents and this clause deals with all of these areas. The need for communication about the BCMS – for instance in telling customers that the organization has appropriate BCM in place – and preparedness to communicate following an incident (when normal channels may be disrupted) is also covered here. Clause 8 – Operations This section contains the main body of business continuity-specific expertise. The organization must undertake business impact analysis to understand how its business is affected by disruption and how this changes over time. Risk assessment seeks to understand the risks to the business in a structured way and these inform the development of business continuity strategy. Steps to avoid or reduce the likelihood of incidents are developed alongside steps to be taken when incidents occur. As it is impossible to completely predict and prevent all incidents, the approach of balancing risk reduction and planning for all eventualities is complementary. It might be said, “hope for the best and plan for the worst”.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 11 ISO 22301 explained Clause 9 – Evaluation For any management system, it is essential to evaluate performance against plan. ISO 22301 therefore requires that the organization select and measure itself against appropriate performance metrics. Internal audits must be conducted and there is a requirement that management review the BCMS and act on these reviews. Clause 10 – Improvement No management system is perfect at the outset, and organizations and their environments are constantly changing. Clause 10 defines actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises and so on are addressed.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 12 Mandatory documentation If an organization wants to implement this standard, the following documentation is mandatory: List of applicable legal, regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication with interested parties Business impact analysis Risk assessment, including risk appetite Incident response structure Business continuity plans Recovery procedures Results of preventive actions Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 13 Related standards Other standards that are helpful in implementation of business continuity are: ISO/IEC 27031 – Guidelines for information and communication technology readiness for business continuity PAS 200 – Crisis management – Guidance and good practice PD 25666 – Guidance on exercising and testing for continuity and contingency programs PD 25111 – Guidance on human aspects of business continuity ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services ISO/PAS 22399 – Guideline for incident preparedness and operational continuity management ISO/IEC 27001 – Information security management systems – Requirements
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 14 Societal security context ISO 22301 has been developed by ISO/TC 223, Societal security The committee has previously published the following standards and other documents: ISO 22300:2012, Societal security – Terminology ISO 22320:2011, Societal security – Emergency management – Requirements for incident response ISO/TR 22312:2011, Societal security – Technological capabilities ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 15 Projects under development ISO 22311, Societal security – Video-surveillance – Export interoperability ISO 22313, Societal security – Business continuity management systems – Guidance ISO 22315, Societal security – Mass evacuation ISO 22322, Societal security – Emergency management – Public warning ISO 22323, Organizational resilience management systems – Requirements with guidance for use ISO 22325, Societal security – Guidelines for emergency capability assessment for organizations ISO 22351, Societal security – Emergency management – Shared situation awareness ISO 22397, Societal security – Public Private Partnership – Guidelines to set up partnership agreements ISO 22398, Societal security – Guidelines for exercises and testing ISO 22324, Societal security – Emergency management – Colour-coded alert
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 16 Benefits of ISO 22301 business continuity management What are the benefits of ISO 22301 business continuity management? Identify and manage current and future threats to your business Take a proactive approach to minimizing the impact of incidents Keep critical functions up and running during times of crises Minimize downtime during incidents and improve recovery time Demonstrate resilience to customers, suppliers and for tender requests
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Questions? Many thanks! ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/RamiroCid http://www.youtube.com/user/cidramiro Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

Empfohlen

ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
MissionMode
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...
Mart Rovers
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
Danang suryo Wardhono
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
IT Governance Ltd
 
Iso 22301
Iso 22301Iso 22301
Iso 22301
Craig Willetts ISO Expert
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
barbytee
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 

Empfohlen

ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
MissionMode
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...
Mart Rovers
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
Danang suryo Wardhono
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
IT Governance Ltd
 
Iso 22301
Iso 22301Iso 22301
Iso 22301
Craig Willetts ISO Expert
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
barbytee
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
ISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS AwarenessISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS Awareness
Ali Fuad R
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
Global Risk Forum GRFDavos
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
Tanmay Shinde
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Global Risk Forum GRFDavos
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness
Imad Almurib
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...
Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...
Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...
Kanaidi ken
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
mcloete
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
SlideTeam
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
Narudom Roongsiriwong, CISSP
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
Ahmed Riad .
 

Weitere ähnliche Inhalte

Was ist angesagt?

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
tschraider
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
Andy Willams
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
SlideTeam
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 

Was ist angesagt? (20)

ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS AwarenessISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS Awareness
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3ISO 27001 - Information security user awareness training presentation - part 3
ISO 27001 - Information security user awareness training presentation - part 3
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
 
BCP Awareness
BCP Awareness BCP Awareness
BCP Awareness
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
Iso27001 The Road To Certification
Iso27001 The Road To CertificationIso27001 The Road To Certification
Iso27001 The Road To Certification
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...
Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...
Konsep Fundamental ISO 22301_BCMS & Crisis Management _ Materi Training BCMS...
 
Iso27001 Audit Services
Iso27001 Audit ServicesIso27001 Audit Services
Iso27001 Audit Services
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 

Andere mochten auch

Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
hhuihhui
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery Planning
NEBizRecovery
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
TimSchaefer
 
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de UreñaAuditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
Maricarmen García de Ureña
 
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
Ahmed Riad .
 
Indicadores gestion
Indicadores gestionIndicadores gestion
Indicadores gestion
delosaga72
 

Andere mochten auch (20)

Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster Recovery
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery Planning
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
 
Business Continuity Management System ISO 22301:2012 Mind Map
Business Continuity Management System ISO 22301:2012 Mind Map Business Continuity Management System ISO 22301:2012 Mind Map
Business Continuity Management System ISO 22301:2012 Mind Map
 
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de UreñaAuditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
 
SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301
SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301
SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301
 
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
 
ISO 22301 Seguridad de las sociedades- Continuidad del negocio
ISO 22301 Seguridad de las sociedades- Continuidad del negocioISO 22301 Seguridad de las sociedades- Continuidad del negocio
ISO 22301 Seguridad de las sociedades- Continuidad del negocio
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprint
 
Estructura iso 45001
Estructura iso 45001Estructura iso 45001
Estructura iso 45001
 
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
 
Indicadores gestion
Indicadores gestionIndicadores gestion
Indicadores gestion
 
Bsi el papel del liderazgo en la continuidad del negocio
Bsi el papel del liderazgo en la continuidad del negocioBsi el papel del liderazgo en la continuidad del negocio
Bsi el papel del liderazgo en la continuidad del negocio
 
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
 
Auditoría del SGCN según ISO 22301
Auditoría del SGCN según ISO 22301Auditoría del SGCN según ISO 22301
Auditoría del SGCN según ISO 22301
 

Ähnlich wie ISO 22301 Business Continuity Management

ISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docx
Sunil Arora
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
PECB
 

Ähnlich wie ISO 22301 Business Continuity Management (20)

Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcm
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity Audit
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
 
Bcm in oil&gas industry
Bcm in oil&gas industryBcm in oil&gas industry
Bcm in oil&gas industry
 
What are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationWhat are the steps for ISO 22301 certification
What are the steps for ISO 22301 certification
 
tuvsud-ISO-9001-2015-guidance.pdf
tuvsud-ISO-9001-2015-guidance.pdftuvsud-ISO-9001-2015-guidance.pdf
tuvsud-ISO-9001-2015-guidance.pdf
 
ISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docx
 
Transition bs25999-to-iso22301
Transition bs25999-to-iso22301Transition bs25999-to-iso22301
Transition bs25999-to-iso22301
 
9001-2015
9001-20159001-2015
9001-2015
 
Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
 
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
 
Upload iso 9001 2015 presentation
Upload iso 9001 2015 presentationUpload iso 9001 2015 presentation
Upload iso 9001 2015 presentation
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Awareness session on iatf 16949 2016 standard
Awareness session on iatf 16949 2016 standardAwareness session on iatf 16949 2016 standard
Awareness session on iatf 16949 2016 standard
 

Mehr von Ramiro Cid

Mehr von Ramiro Cid (20)

Seminario sobre ciberseguridad
Seminario sobre ciberseguridadSeminario sobre ciberseguridad
Seminario sobre ciberseguridad
 
Captación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenCaptación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagen
 
Passwords for sale
Passwords for salePasswords for sale
Passwords for sale
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
 
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodology
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk Aggregation
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Thinking on risk analysis
Thinking on risk analysisThinking on risk analysis
Thinking on risk analysis
 
Drones and their use on critical infrastructure
Drones and their use on critical infrastructureDrones and their use on critical infrastructure
Drones and their use on critical infrastructure
 
Internet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyInternet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacy
 
Space computing
Space computingSpace computing
Space computing
 
The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 

Kürzlich hochgeladen

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
Overkill Security
 

Kürzlich hochgeladen (20)

[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Ransomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdfRansomware_Q4_2023. The report. [EN].pdf
Ransomware_Q4_2023. The report. [EN].pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 

ISO 22301 Business Continuity Management

  • 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Ramiro Cid | @ramirocid ISO 22301 Societal Security - Business Continuity Management Systems
  • 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 2 Index 1. Introduction Page 3 2. Comparison between ISO 22301 and BS 25999-2 Page 4 3. Basic terms used in the standard Page 6 4. Content of ISO 22301 Page 7 5. ISO 22301 explained Page 8 6. Mandatory documentation Page 12 7. Related standards Page 13 8. Societal security context Page 14 9. Projects under development Page 15 10. Benefits of ISO 22301 business continuity management Page 16
  • 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 3 Introduction The full name of this standard is: “ISO 22301 Societal security - Business continuity management systems - Requirements” This standard was created by leading experts on this area to provide the best framework for business continuity management in an organization. Object: ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. Scope: The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. Who can implement this standard? Any organization, large or small, with or nonprofit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
  • 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 4 Comparison between ISO 22301 and BS 25999-2 The ISO 22301 has replaced 25999-2. These two standards are quite similar, but the ISO 22301 can be considered as an update of the BS 25999-2 ISO 22301 BS 25999-2 Complete name ISO 22301:2012 Societal security - Business continuity management systems - Requirements BS 25999-2 Business Continuity Management - Part 2: Specification Published by International Organization for Standardization British Standards Institution Published date 15/05/2012 20/11/2007 Total number of pages 24 28 Official recogment Internationally accepted by standards institutes on 163 countries Accepted only in United Kingdom only, but implemented worldwide
  • 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 5 ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard. ISO 22301 places much greater emphasis on understanding requirements, setting objectives and measuring performance. Therefore, it will be more easily accepted by top management, which in turn will contribute to the widespread adoption of this standard like ISO 27001, ISO 9001 or ISO 14001. Comparison between ISO 22301 and BS 25999-2 (continuation)
  • 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 6 Basic terms used in the standard Business Continuity Management System (BCMS) – part of an overall management system that takes care business continuity is planned, implemented, maintained, and continually improved Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD) Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organization needs to produce after resuming its business operations
  • 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 7 Content of ISO 22301 Introduction 5 Leadership 8 Operation 0.1 General 5.1 General 8.1 Operational planning and control 0.2 The Plan-Do-Check-Act (PDCA) model 5.2 Management commitment 8.2 Business impact analysis and risk assessment 0.3 Components of PDCA in this International Standard 5.3 Policy 8.3 Business continuity strategy 1 Scope 5.4 Organizational roles, responsibilities and authorities 8.4 Establish and implement business continuity procedures 2 Normative references 6 Planning 8.5 Exercising and testing 3 Terms and definitions 6.1 Actions to address risks and opportunities 9 Performance evaluation 4 Context of the organization 6.2 Business continuity objectives and plans to achieve them 9.1 Monitoring, measurement, analysis and evaluation 4.1 Understanding of the organization and its context 7 Support 9.2 Internal audit 4.2 Understanding the needs and expectations of interested parties 7.1 Resources 9.3 Management review 4.3 Determining the scope of the management system 7.2 Competence 10 Improvement 4.4 Business continuity management system 7.3 Awareness 10.1 Nonconformity and corrective action 7.4 Communication 10.2 Continual improvement 7.5 Documented information Bibliography
  • 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 8 ISO 22301 explained ISO 22301 is the second published management systems standard that has adopted the new high- level structure and standardized text agreed in ISO. This will ensure consistency with all future and revised management system standards and make integrated use easier with, for example, ISO 9001 (quality), ISO 14001 (environmental) and ISO/IEC 27001 (information security). The standard is divided into 10 main clauses, starting with scope, normative references, and terms and definitions. Following these are the standard’s requirements.
  • 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 9 ISO 22301 explained Clause 4 – Context of the organization The first step involves getting to know the organization, both internal and external needs, and setting clear boundaries for the scope of the management system. In particular, this requires the organization to understand the requirements of relevant interested parties, such as regulators, customers and staff. It must in particular understand the applicable legal and regulatory requirements. This enables it to determine the scope of the business continuity management system (BCMS). Clause 5 – Leadership ISO 22301 places particular emphasis on the need for appropriate leadership of BCM. This is so that top management ensures appropriate resources are provided, establishes policy and appoints people to implement and maintain the BCMS. Clause 6 – Planning This requires the organization to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.
  • 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 10 ISO 22301 explained Clause 7 – Support Since resources are required for implementation, Clause 7 introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. It is also important that all staff are aware of their own role in responding to incidents and this clause deals with all of these areas. The need for communication about the BCMS – for instance in telling customers that the organization has appropriate BCM in place – and preparedness to communicate following an incident (when normal channels may be disrupted) is also covered here. Clause 8 – Operations This section contains the main body of business continuity-specific expertise. The organization must undertake business impact analysis to understand how its business is affected by disruption and how this changes over time. Risk assessment seeks to understand the risks to the business in a structured way and these inform the development of business continuity strategy. Steps to avoid or reduce the likelihood of incidents are developed alongside steps to be taken when incidents occur. As it is impossible to completely predict and prevent all incidents, the approach of balancing risk reduction and planning for all eventualities is complementary. It might be said, “hope for the best and plan for the worst”.
  • 11. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 11 ISO 22301 explained Clause 9 – Evaluation For any management system, it is essential to evaluate performance against plan. ISO 22301 therefore requires that the organization select and measure itself against appropriate performance metrics. Internal audits must be conducted and there is a requirement that management review the BCMS and act on these reviews. Clause 10 – Improvement No management system is perfect at the outset, and organizations and their environments are constantly changing. Clause 10 defines actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises and so on are addressed.
  • 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 12 Mandatory documentation If an organization wants to implement this standard, the following documentation is mandatory: List of applicable legal, regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication with interested parties Business impact analysis Risk assessment, including risk appetite Incident response structure Business continuity plans Recovery procedures Results of preventive actions Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions
  • 13. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 13 Related standards Other standards that are helpful in implementation of business continuity are: ISO/IEC 27031 – Guidelines for information and communication technology readiness for business continuity PAS 200 – Crisis management – Guidance and good practice PD 25666 – Guidance on exercising and testing for continuity and contingency programs PD 25111 – Guidance on human aspects of business continuity ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services ISO/PAS 22399 – Guideline for incident preparedness and operational continuity management ISO/IEC 27001 – Information security management systems – Requirements
  • 14. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 14 Societal security context ISO 22301 has been developed by ISO/TC 223, Societal security The committee has previously published the following standards and other documents: ISO 22300:2012, Societal security – Terminology ISO 22320:2011, Societal security – Emergency management – Requirements for incident response ISO/TR 22312:2011, Societal security – Technological capabilities ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management
  • 15. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 15 Projects under development ISO 22311, Societal security – Video-surveillance – Export interoperability ISO 22313, Societal security – Business continuity management systems – Guidance ISO 22315, Societal security – Mass evacuation ISO 22322, Societal security – Emergency management – Public warning ISO 22323, Organizational resilience management systems – Requirements with guidance for use ISO 22325, Societal security – Guidelines for emergency capability assessment for organizations ISO 22351, Societal security – Emergency management – Shared situation awareness ISO 22397, Societal security – Public Private Partnership – Guidelines to set up partnership agreements ISO 22398, Societal security – Guidelines for exercises and testing ISO 22324, Societal security – Emergency management – Colour-coded alert
  • 16. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 16 Benefits of ISO 22301 business continuity management What are the benefits of ISO 22301 business continuity management? Identify and manage current and future threats to your business Take a proactive approach to minimizing the impact of incidents Keep critical functions up and running during times of crises Minimize downtime during incidents and improve recovery time Demonstrate resilience to customers, suppliers and for tender requests
  • 17. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Questions? Many thanks! ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/RamiroCid http://www.youtube.com/user/cidramiro Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL