Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The New Corporate ISO 22301 BC
Standard:
What It Takes To Comply
Robert C. Chandler, Ph.D.
Director, Nicholson S h l of C
Di t Ni h l School f Communication
i ti

About Everbridge
• The Global Leader in incident notification
systems

• Fast-growing
Fast growing global company with
more than 1,500 clients in more
than 100 countries

• Serve the Global 2000 healthcare
2000,
systems, state and local government,
federal government, military, financial
services firms, and universities

• 100% focused on incident notification
solutions that merge technology
and expertise

2

Agenda

Part 1: Presentation
• The standards on which ISO 22301 is based
• What this means for your current business continuity
communication plan
• How to improve your plan to withstand audit and
review

Part 2: Q&A

3

The New Corporate ISO
22301 BC Standard:
BracingWhat It Takes To Comply
for the 2010
Hurricane Season
Dr. Robert Chandler
University of Central Florida

Do ISO standards really matter?

• Over a million organizations worldwide are
independently certified making ISO 9001 one of the
certified,
most widely used management tools in the world today.

• In addition to several stakeholders’ benefits, a number
of studies have identified significant financial benefits
for organizations certified to ISO
ISO.

• Studies also indicate that certified organizations
g
achieved superior return on assets compared to
otherwise similar organizations without certification.

BS 25999-2 was the beginning

• In November 2006, the first draft of BS 25999 was
published in the British Standards Institution finally
Institution,
providing a necessary structure to processes, principles
and terminology for business continuity.
• The second draft was published in November, 2007.
• Targeted stakeholder assurance of BC plans in place
place.
• Will be withdrawn when ISO 22301 is finalized

6

The standard evolves with ISO 22301

• Greater emphasis on setting the objectives, monitoring
performance and metrics
metrics.
• Clearer expectations on management.
• Requires more careful planning for and preparing the
resources needed for ensuring business continuity.
• An international standard appeals to top management
of any organization.

7

The main differences between
BS25999-2 d
BS25999 2 and ISO 22301?
• Communication:
The requirements for business continuity plans, including
response procedures and recovery plans, are much more
detailed too - e.g. the communication part

• Monitoring performance:
Requirement for BCM/BCMS Metrics e g BIA update frequency
e.g. frequency,
number of plans, number of exercises completed, etc

• Operational planning and control:
Emphasis on operational planning and setting controls
for the BCMS

The shift from BCMS to PCMS

• BCMS (Business Continuity Management System)
vs PCMS (Preparedness and Continuity
Management System)

• An emphasis on preparedness is now integrated
in terminology.

• Preparedness includes:
• Creating policies and actions.
• Controlling and measuring an organization’s risks.
• Monitoring and reviewing progress
progress.
• Implementing continual improvement based on measurement

ISO 22301 anticipated timeline

• The standard, entitled “Societal security - Business
continuity management systems – R
ti it t t Requirements” i
i t ” is
currently on to the Final Draft International Standard
(
(FDIS) stage.
) g

• The draft now needs a two-thirds majority of a yes
or no vote (with less than one-third of the total vote
(
being negative) by the TC233 committee for the
standard to be published.

• The earliest that the standard will be published is the
end of 2011 but 2012 may be more likely.

Let’s highlight a few of the
communication aspects of ISO 22301
i ti t f

• Section 8 5 3
8.5.3
• The organization shall establish, implement
and maintain procedures for:
c) internal communication between the various levels
and functions within the organization;

d) external communications with partner organizations
and other stakeholders;

Everbridge Aware
Single step
Single-step to send to all of your
internal contacts and external partners
and constituents
11

i ti t f

• Section 8 5 3
8.5.3
e) receiving, documenting and responding to
communication from other stakeholders;

h) assuring availability of means of communication
during a disruptive incident;

Everbridge Aware
Receive 2-way real-time feedback on
2 way, real time
notifications. Bullet proof infrastructure
with 99.99% availability.
12

i ti t f

• Section 8 5 3 cont’d
8.5.3 cont d
i) facilitating structured communication with emergency responders;

j) assuring the interoperability of multiple
responding organizations and personnel;

k) recording of vital information about
the incident, actions taken and
decisions made; and Everbridge Aware
Pre planned
Pre-planned structured messages
Communicate across all device types
Robust real-time reporting and results
13

i ti t f

• Section 8 5 3 cont’d
8.5.3 cont d
l) operations of a communications facility.

• The communication and warning system
shall be regularly exercised

Everbridge Aware
ENS system is core component of
every communication facility. Easy
and cost-effective to test regularly.
14

i ti t f

• Section 8 5 4
8.5.4
• The organization shall nominate incident response
personnel with the necessary responsibility,
responsibility
authority and competence to manage an incident.
• The organization shall establish an incident
response structure that provides for personnel to:
b) trigger an appropriate response;

c) have processes and procedures
for the activation, operation,
Everbridge Aware
coordination and communication Facilitates the response process.
process
of the incident response; Easy to incorporate your
communication processes into
the system 15

i ti t f

• Section 8 5 4
8.5.4
• The organization shall nominate incident response
personnel with the necessary responsibility,
responsibility
authority and competence to manage an incident.
• The organization shall establish an incident
response structure that provides for personnel to:
d) have resources available to support
) pp
the processes and procedures to
manage an incident; and Everbridge Aware
e) communicate with stakeholders
stakeholders. Provides the central infrastructure to
communicate with stakeholders

16

Here are communication tips to enhance
your compliance with requirements…
li ith i t

Communication priorities to improve your
plan and enhance compliance
l d h li

1. Optimal timing

2. Message content

3. Maintain control

4. Transparency

5. Optimal delivery channels

Reaction time
Factors that affect reaction time include:
• Recognition
• Choice
• Number of stimuli
• Fatigue
• Reasoning
• Remembering
• Imagining
• Learning

19

Situation awareness
• Situation awareness is “knowing what is
going on so you can figure out what to do”*
do

• To function in a crisis, people need to
have answers to:
• What is happening?

• Wh i it h
Why is happening?
i ?

• What will happen next?

• What can I do about it?

20
*Wikipedia

Is your communication plan fortified?

Effective crisis communication includes just the right
amount of i f
t f information, but…
ti b t
• What constitutes the right amount of information?
• How much information is enough?
• How much is too much?

Pitfalls to avoid in your messaging audit

1. Underloading or
overloading messages

Balance ideas,
information, and words
the context of a crisis
crisis.


2. Not testing messages

Test content, tone, and comprehension
with focus groups.


3. Sending mixed messages

Create messages that are
accurate, consistent, and
reinforce each other.


4. Poorly-timed messages

Avoid too-early or too-late
messages. Plan ahead and
act quickly to communicate
during the short window when
people are most receptive.


5. Wrong delivery channels

Account for changes to common
communication channels due to
quarantine, illness, and other
pandemic effects
effects.


6. Mismatched messages

Create and send authoritative,
accurate,
accurate forthright messages.
messages
Do not downplay risks
or threats. Correct
misinformation swiftly.


7. Failure to understand your audience

Understand and adapt messaging to your
audience’s comprehension levels and
motivations. Avoid jargon and sophisticated
concepts.
concepts


8. Lack of transparency

Provide factual, accurate information.
Remember that people have a right to
know the risks and consequences.

Discussion continues…

• Twitter:
@ISO22301

• LinkedIn:
http://www.linkedin.com/groups/ISO22301-3931836
p g p

• Download the draft:
http://www.iso.org/iso/iso_catalogue/catalogue_tc/c
atalogue_detail.htm?csnumber=50038
t l d t il ht ? b 50038

30

It’s your choice!

• Your organization can choose how important
it i t certify.
is to tif
• Weigh the impact or advantages/disadvantages
of certification on your organization.
organization
• More research is recommended to understand the
full implications of ISO 22031 in your situation
situation.

31

Incident Notification

Marc Ladin
Chief Marketing Officer, Everbridge

32

Incident notification solutions address
common communication challenges

• Communicate quickly easily and
quickly, easily, • Reduce miscommunication and
efficiently with large numbers of control rumors with accurate,
people in minutes, not hours, making consistent messages
sure that the lines of communication
are open
• Satisfy regulatory requirements
• Receive feedback from your with extensive and complete
messages by using polling reporting of communication attempts
ti f i ti tt t
capabilities and two-way acknowledgements
from recipients
• Ensure two-way communication
two way
to get feedback from message • Deliver refined, prepared , timed
receivers messages to each pre-designated
audience group, by scenario

33

Key evaluation criteria for an incident
notification system

• Experience and expertise
• Ease of use
• Ability to reach all contact paths,
including voice email native SMS
voice, email,
(over SMPP and SMTP), IM, and more

• Ease of integration

34

Communication resources
Contact information Upcoming webinars:
Business Case Demo (August 25)
www.everbridge.com/webinars
www everbridge com/webinars

White papers, literature, case studies
www.everbridge.com/resources
Robert C. Chandler, Ph.D.
rcchandl@mail.ucf.edu
h dl@ il f d Follow us:
1.407.823.2683 blog.everbridge.com
twitter.com/everbridge
facebook.com/everbridgeinc
youtube.com/user/everbridge
Marc Ladin
marc.ladin@everbridge.com
1.818.230.9700
1 818 230 9700

Reminder
Everbridge Insights webinars
qualify for Continuing Education
Activity Points (CEAPs) for DRII
certifications. Visit www.drii.org
to register your credit.
Item Number (Schedule II): 26.3
Activity Group: A
1 Point for each webinar

Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Andere mochten auch

Andere mochten auch (17)

Ähnlich wie Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Ähnlich wie Everbridge Webinar - The New Corporate ISO 22301 BC Standard (20)

Mehr von Everbridge, Inc.

Mehr von Everbridge, Inc. (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Everbridge Webinar - The New Corporate ISO 22301 BC Standard