If your organization’s business continuity program was audited, would you survive the scrutiny? Understanding the communication requirements of the new ISO 22301 standard will help you assess how prepared you really are.
As a new international standard, ISO 22301 will provide guidance for organizations on how to define, improve, and maintain their business continuity program. Businesses of any size or shape can benefit from learning how to fortify their plans to meet this new standard.
Join crisis communications expert Dr. Robert Chandler as he reviews the communication requirements in this draft international document, where it came from and what you should do about it now.
What you will learn:
• The standards on which ISO 22301 is based
• What this means for your current business continuity communications plan
• How to improve your plan to withstand audit and review
Call Girls From Raj Nagar Extension Ghaziabad❤️8448577510 ⊹Best Escorts Servi...
Everbridge Webinar - The New Corporate ISO 22301 BC Standard
1. The New Corporate ISO 22301 BC
Standard:
What It Takes To Comply
Robert C. Chandler, Ph.D.
Director, Nicholson S h l of C
Di t Ni h l School f Communication
i ti
2. About Everbridge
• The Global Leader in incident notification
systems
• Fast-growing
Fast growing global company with
more than 1,500 clients in more
than 100 countries
• Serve the Global 2000 healthcare
2000,
systems, state and local government,
federal government, military, financial
services firms, and universities
• 100% focused on incident notification
solutions that merge technology
and expertise
2
3. Agenda
Part 1: Presentation
• The standards on which ISO 22301 is based
• What this means for your current business continuity
communication plan
• How to improve your plan to withstand audit and
review
Part 2: Q&A
3
4. The New Corporate ISO
22301 BC Standard:
BracingWhat It Takes To Comply
for the 2010
Hurricane Season
Dr. Robert Chandler
University of Central Florida
5. Do ISO standards really matter?
• Over a million organizations worldwide are
independently certified making ISO 9001 one of the
certified,
most widely used management tools in the world today.
• In addition to several stakeholders’ benefits, a number
of studies have identified significant financial benefits
for organizations certified to ISO
ISO.
• Studies also indicate that certified organizations
g
achieved superior return on assets compared to
otherwise similar organizations without certification.
6. BS 25999-2 was the beginning
• In November 2006, the first draft of BS 25999 was
published in the British Standards Institution finally
Institution,
providing a necessary structure to processes, principles
and terminology for business continuity.
• The second draft was published in November, 2007.
• Targeted stakeholder assurance of BC plans in place
place.
• Will be withdrawn when ISO 22301 is finalized
6
7. The standard evolves with ISO 22301
• Greater emphasis on setting the objectives, monitoring
performance and metrics
metrics.
• Clearer expectations on management.
• Requires more careful planning for and preparing the
resources needed for ensuring business continuity.
• An international standard appeals to top management
of any organization.
7
8. The main differences between
BS25999-2 d
BS25999 2 and ISO 22301?
• Communication:
The requirements for business continuity plans, including
response procedures and recovery plans, are much more
detailed too - e.g. the communication part
• Monitoring performance:
Requirement for BCM/BCMS Metrics e g BIA update frequency
e.g. frequency,
number of plans, number of exercises completed, etc
• Operational planning and control:
Emphasis on operational planning and setting controls
for the BCMS
9. The shift from BCMS to PCMS
• BCMS (Business Continuity Management System)
vs PCMS (Preparedness and Continuity
Management System)
• An emphasis on preparedness is now integrated
in terminology.
• Preparedness includes:
• Creating policies and actions.
• Controlling and measuring an organization’s risks.
• Monitoring and reviewing progress
progress.
• Implementing continual improvement based on measurement
10. ISO 22301 anticipated timeline
• The standard, entitled “Societal security - Business
continuity management systems – R
ti it t t Requirements” i
i t ” is
currently on to the Final Draft International Standard
(
(FDIS) stage.
) g
• The draft now needs a two-thirds majority of a yes
or no vote (with less than one-third of the total vote
(
being negative) by the TC233 committee for the
standard to be published.
• The earliest that the standard will be published is the
end of 2011 but 2012 may be more likely.
11. Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f
• Section 8 5 3
8.5.3
• The organization shall establish, implement
and maintain procedures for:
c) internal communication between the various levels
and functions within the organization;
d) external communications with partner organizations
and other stakeholders;
Everbridge Aware
Single step
Single-step to send to all of your
internal contacts and external partners
and constituents
11
12. Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f
• Section 8 5 3
8.5.3
• The organization shall establish, implement
and maintain procedures for:
e) receiving, documenting and responding to
communication from other stakeholders;
h) assuring availability of means of communication
during a disruptive incident;
Everbridge Aware
Receive 2-way real-time feedback on
2 way, real time
notifications. Bullet proof infrastructure
with 99.99% availability.
12
13. Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f
• Section 8 5 3 cont’d
8.5.3 cont d
• The organization shall establish, implement
and maintain procedures for:
i) facilitating structured communication with emergency responders;
j) assuring the interoperability of multiple
responding organizations and personnel;
k) recording of vital information about
the incident, actions taken and
decisions made; and Everbridge Aware
Pre planned
Pre-planned structured messages
Communicate across all device types
Robust real-time reporting and results
13
14. Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f
• Section 8 5 3 cont’d
8.5.3 cont d
• The organization shall establish, implement
and maintain procedures for:
l) operations of a communications facility.
• The communication and warning system
shall be regularly exercised
Everbridge Aware
ENS system is core component of
every communication facility. Easy
and cost-effective to test regularly.
14
15. Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f
• Section 8 5 4
8.5.4
• The organization shall nominate incident response
personnel with the necessary responsibility,
responsibility
authority and competence to manage an incident.
• The organization shall establish an incident
response structure that provides for personnel to:
b) trigger an appropriate response;
c) have processes and procedures
for the activation, operation,
Everbridge Aware
coordination and communication Facilitates the response process.
process
of the incident response; Easy to incorporate your
communication processes into
the system 15
16. Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f
• Section 8 5 4
8.5.4
• The organization shall nominate incident response
personnel with the necessary responsibility,
responsibility
authority and competence to manage an incident.
• The organization shall establish an incident
response structure that provides for personnel to:
d) have resources available to support
) pp
the processes and procedures to
manage an incident; and Everbridge Aware
e) communicate with stakeholders
stakeholders. Provides the central infrastructure to
communicate with stakeholders
16
18. Communication priorities to improve your
plan and enhance compliance
l d h li
1. Optimal timing
2. Message content
3. Maintain control
4. Transparency
5. Optimal delivery channels
19. Reaction time
Factors that affect reaction time include:
• Recognition
• Choice
• Number of stimuli
• Fatigue
• Reasoning
• Remembering
• Imagining
• Learning
19
20. Situation awareness
• Situation awareness is “knowing what is
going on so you can figure out what to do”*
do
• To function in a crisis, people need to
have answers to:
• What is happening?
• Wh i it h
Why is happening?
i ?
• What will happen next?
• What can I do about it?
20
*Wikipedia
21. Is your communication plan fortified?
Effective crisis communication includes just the right
amount of i f
t f information, but…
ti b t
• What constitutes the right amount of information?
• How much information is enough?
• How much is too much?
22. Pitfalls to avoid in your messaging audit
1. Underloading or
overloading messages
Balance ideas,
information, and words
the context of a crisis
crisis.
23. Pitfalls to avoid in your messaging audit
2. Not testing messages
Test content, tone, and comprehension
with focus groups.
24. Pitfalls to avoid in your messaging audit
3. Sending mixed messages
Create messages that are
accurate, consistent, and
reinforce each other.
25. Pitfalls to avoid in your messaging audit
4. Poorly-timed messages
Avoid too-early or too-late
messages. Plan ahead and
act quickly to communicate
during the short window when
people are most receptive.
26. Pitfalls to avoid in your messaging audit
5. Wrong delivery channels
Account for changes to common
communication channels due to
quarantine, illness, and other
pandemic effects
effects.
27. Pitfalls to avoid in your messaging audit
6. Mismatched messages
Create and send authoritative,
accurate,
accurate forthright messages.
messages
Do not downplay risks
or threats. Correct
misinformation swiftly.
28. Pitfalls to avoid in your messaging audit
7. Failure to understand your audience
Understand and adapt messaging to your
audience’s comprehension levels and
motivations. Avoid jargon and sophisticated
concepts.
concepts
29. Pitfalls to avoid in your messaging audit
8. Lack of transparency
Provide factual, accurate information.
Remember that people have a right to
know the risks and consequences.
30. Discussion continues…
• Twitter:
@ISO22301
• LinkedIn:
http://www.linkedin.com/groups/ISO22301-3931836
p g p
• Download the draft:
http://www.iso.org/iso/iso_catalogue/catalogue_tc/c
atalogue_detail.htm?csnumber=50038
t l d t il ht ? b 50038
30
31. It’s your choice!
• Your organization can choose how important
it i t certify.
is to tif
• Weigh the impact or advantages/disadvantages
of certification on your organization.
organization
• More research is recommended to understand the
full implications of ISO 22031 in your situation
situation.
31
33. Incident notification solutions address
common communication challenges
• Communicate quickly easily and
quickly, easily, • Reduce miscommunication and
efficiently with large numbers of control rumors with accurate,
people in minutes, not hours, making consistent messages
sure that the lines of communication
are open
• Satisfy regulatory requirements
• Receive feedback from your with extensive and complete
messages by using polling reporting of communication attempts
ti f i ti tt t
capabilities and two-way acknowledgements
from recipients
• Ensure two-way communication
two way
to get feedback from message • Deliver refined, prepared , timed
receivers messages to each pre-designated
audience group, by scenario
33
34. Key evaluation criteria for an incident
notification system
• Experience and expertise
• Ease of use
• Ability to reach all contact paths,
including voice email native SMS
voice, email,
(over SMPP and SMTP), IM, and more
• Ease of integration
34
35. Communication resources
Contact information Upcoming webinars:
Business Case Demo (August 25)
www.everbridge.com/webinars
www everbridge com/webinars
White papers, literature, case studies
www.everbridge.com/resources
Robert C. Chandler, Ph.D.
rcchandl@mail.ucf.edu
h dl@ il f d Follow us:
1.407.823.2683 blog.everbridge.com
twitter.com/everbridge
facebook.com/everbridgeinc
youtube.com/user/everbridge
Marc Ladin
marc.ladin@everbridge.com
1.818.230.9700
1 818 230 9700
Reminder
Everbridge Insights webinars
qualify for Continuing Education
Activity Points (CEAPs) for DRII
certifications. Visit www.drii.org
to register your credit.
Item Number (Schedule II): 26.3
Activity Group: A
1 Point for each webinar