SlideShare ist ein Scribd-Unternehmen logo

Business Continuity Management System ISO 22301:2012 An Overview

Ahmed Riad .
Ahmed Riad .

ISO 22301 ‘’Societal security - Business continuity management systems – Requirements’’, the world’s first international standard for Business Continuity Management (BCM), has been developed to help organisations to minimise the risk of any disruptions “Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity”.

Technologie
1 von 7
Downloaden Sie, um offline zu lesen
BestPractice Business Continuity Management System ISO 22301:2012 An Overview In the past in order to deal with crisis, the Organization was used to Emergency response plan or a small disaster management committee. ISO 22301 ‘’Societal security - Business continuity management systems – Requirements’’, the world’s first international standard for Business Continuity Management (BCM), has been developed to help organizations to minimize the risk of any disruptions “Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity”. This standard was published in May 2012 to provide the organization with the best framework for business continuity management and therefore replaces the BS25999 Business Continuity British Standard that was published in 2006. Recent worldwide situation such as revolutions, natural disasters, environmental crisis and technology issues has shown that severe incidents may happen and impact the private sectors as well as the public sectors. Manager – Risk Management & Compliance Advisory Service Ventures Middle East
Business Continuity Management History In 2012, ISO has also published ISO 22313 “ISO 22313:2012 Societal security - Business continuity management systems – Guidance “ to provide guidance to ISO 22301 for setting up and managing an effective business continuity management system (BCMS). ISO 22301 Objective: ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. ISO 22301 Scope: The ISO 22301 scope is generic and the intended requirements are applicable to all organizations or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity. Who can implement ISO 22301 standard? The implementation could be done by any organization, large or small, profitable or not, private or public. ISO 22301 is applicable to any size or type of organization. Business Continuity Definitions • Business Continuity Management (BCM) Holistic management process that identifies potential threats to an organization and the impacts to business operations of those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities 1988 Creation of DRII ( Disaster Recovery Institute ) USA 1994 Creation of Business Continuty Institute (BCI) 2012 ISO Publish first version of ISO 22301 2007 Pubication of BS 25999-2 2006 Publication of BS 2599-1
• Business Continuity Management Systems (BCMS) That part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity , The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources. Business Continuity Plan - documented procedures that guide organization to respond , recover , resume and restore to a pre-defined level of operation following disruption • Recovery Time Objective (RTO) Period of time following an incident within which product or service must be resumed or activity must be resumed or resources must be recovered • Recovery Point Objective (RPO) Maximum data loss, point to which information used by an activity must be restored to enable the activity to operate on resumption • Maximum Acceptable Outage (MAO) Time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable Business Continuity Benefits Protection of people Predictable and effective response to crises Cost reduction understanding of the organization Legal and egulatory compliance Contract compliance Maintenance of vital activities of the organization Confidence of clients Competitive advantage Increase effectiveness - helps to demonstrate to customers and stakeholders that the business is run effectively Reduce risk - remove uncertainty; perceived competence, dependability and openness Unprecedented improvement in behaviors Keeps existing business and Gains new business
Business Continuity Management System ISO 22301:2013 Structure This structure is a new formulation of ISO Management System and an alignment with “ Annex SL “ that allows the organization to made multiple implementation at the same time for related ISO Management Standard. As mentioned before in “ ISO 27001:2013 An Overview Article “ and our “Integrated implementation Model” that was proposed in CSCAMP 2013 (1) Now with our Integrated Implementation Model, any organization can implement ISO 22301:2012 (Business Continuity Management System) along with ISO/IEC 27001:2013 at the same implementation time within almost 12-14 Months. (2) Structure Contents 1. Scope State the Applicability of Standard within the Types of Organization 2. Normative References 3. Terms and Definitions A brief, formalized glossary Including Common Terms and Definition of BCMS Clause 4 – Context of the organization Understand the context of organization, internal and external needs, and setting clear boundaries for the scope of the BC management system. Clause 5 – Leadership BCMS required appropriate leadership. Top management must ensure appropriate resources, establishes policy and appoints people to implement and maintain the BCMS. Clause 6 – Planning This requires the organization to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.
Clause 7 – Support Introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. Clause 8 – Operations Operation Clause contains the main body of business continuity management . The organization must undertake business impact analysis, Risk assessment and development of business continuity strategy. Clause 9 – Evaluation For any management system, it is essential to evaluate performance . BCMS requires that the organization select and measure itself against appropriate performance metrics , Conduct Internal audits , management review of BCMS and act on these reviews. Clause 10 – Improvement Organizations and their environments are constantly changing. this Clause defines actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises . The Plan-Do-Check-Act Cycle The standard applies the ‘Plan-Do-Check-Act’ (PDCA) cycle to plan, establish, implement, operate, monitor, review, maintain and continually improve the effectiveness of an organization’s BCMS. Related Best Practices and Standards UAE AE/HSC/NCEMA 7000:2012 First BCM bilingual Standard (Arabic and English) in the whole region. This standard identifies the components, mechanisms and activities used to establish, implement, and continually improve business continuity management for entities in both public and private sectors. The Good Practice Guidelines (GPG) – Business Continuity Institute BCI Independent body of knowledge for good Business Continuity worldwide practice and now includes terminology from ISO 22301:2012, the International Standard for Business Continuity management systems and consist of six Professional practices. Professional Practices- Disaster Recovery Institute International DRII The Professional Practices are a body of knowledge designed to assist the entity in the development and implementation of a BCM program and Consist of Ten Subject Area.. ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity ISO/IEC 24762:2008 Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services
ISO 22301 Mandatory documentation Any organization that wants to implement ISO 22301 and get certified, the following documentation is mandatory: 1. List of applicable legal, regulatory and other requirements Understanding Context of organization 2. Scope of the BCMS Organization Statement of business continuity Scope that will be covered under BCMS 3. Business Continuity Policy Statement of BCM Policy that has to be applied on the Organization 4. Business Continuity objectives Clear statement of Organization BCMS objectives 5. Business Impact Analysis Analysis business function and the effect that the business disruption might have upon them 6. Risk Assessment, including risk appetite Overall process of risk identification, risk analysis and risk evaluation 7. Incident response structure The proper structure of dealing with organization incident including escalation criteria and incident levels 8. Business Continuity Plans Documented procedures that guide organization to respond, recover, resume and restore to a pre-defined level of operation following disruption 9. Records of communication with interested parties Address communication among the various levels of organization issue with internal /External interested parties 10. Recovery procedures A process that attempts to bring an organization back to a normal operating state (BAU) 11. Evidence of personnel competences Evidence of BCM Team Competencies, training, awareness and Staff skills. 12. Results of preventive actions and corrective actions Evidence of maintaining and improving the effectiveness and efficiency of the BCMS by taking preventive and corrective actions 13. Results of monitoring and measurement Evidence of defining measures of BCMS performance and continual improvement. 14. Results of internal audit Evidence of establishing an independent system for BCM implementation verification. 15. Results of management review Evidence that the organization’s top management reviews its BCMS regularly.
Estimated Time needed for Implementation and Certification ISO/IEC 27001:2013 Based on my Experience Phase I: Estimated time needed for ISO 22301:2012 Implementation Estimated Duration needed for Implementation depends on the Organization specifications “Employees, Premises, Processes and Budget allocation “ • Small Organization: 50 - 350 Employees Estimated time for Implementation of the Standard 4-6 Months • Medium Organization: 350 – 700 Employees Estimated time for Implementation of the Standard 7 - 9 Months • Large Organization: 700 to 1500+ Employees Estimated time for Implementation of the Standard 10 - 12 Months Phase II : Estimated Time needed for Certification ISO 22301:2012 Case 1 : in case of one or more Minor Nonconformity and the organization tries to Correct them accordingly the certificate can be Issued around a Month Case 2 : in case of one or more Major Nonconformity and the organization tries to Correct them accordingly the Certificate can be Issued around 3-5 Months Conclusion Organizations must follow systematic approach that includes protection, preparedness, mitigation, response for business continuity and recovery. Organization ability to recover from a disaster is related to the quality of the business continuity management approach that was taken in place before the disaster. Business continuity Management system helps organizations to reach the continuous operation of all types of businesses in case of disaster References • ISO 22301 Societal security - Business continuity management systems - Requirements • ISO 22313:2012 Societal security -- Business continuity management systems – Guidance (1) “ ISO 27001:2013 An Overview Article “ http://www.slideshare.net/AhmedRiad2/isoiec-2 (2) “ Integrated Implementation Model can Implement ISO 22301:2012 (Business Continuity Management System) Together with ISO/IEC 27001:2013 http://www.slideshare.net/AhmedRiad2/presentation-final-28559374

Empfohlen

what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?Ascent World
 
Business Continuity Management In The Erm Framework February 2010
Business Continuity Management In The Erm Framework February 2010Business Continuity Management In The Erm Framework February 2010
Business Continuity Management In The Erm Framework February 2010Eneni Oduwole
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
Business continuity management system overveiw
Business continuity management system overveiwBusiness continuity management system overveiw
Business continuity management system overveiwNaresh Rao
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsGlobal Risk Forum GRFDavos
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Global Risk Forum GRFDavos
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 

Empfohlen

what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?Ascent World
 
Business Continuity Management In The Erm Framework February 2010
Business Continuity Management In The Erm Framework February 2010Business Continuity Management In The Erm Framework February 2010
Business Continuity Management In The Erm Framework February 2010Eneni Oduwole
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
Business continuity management system overveiw
Business continuity management system overveiwBusiness continuity management system overveiw
Business continuity management system overveiwNaresh Rao
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsGlobal Risk Forum GRFDavos
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementRamiro Cid
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Global Risk Forum GRFDavos
 
D1 security and risk management v1.62
D1 security and risk management v1.62D1 security and risk management v1.62
D1 security and risk management v1.62AlliedConSapCourses
 
Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Iso 22301
Iso 22301Iso 22301
Iso 22301Craig Willetts ISO Expert
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Steelhenge
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-templateMohamed Owaish
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumMuhammad Ghazali MBCI, ISO22301 LA, CRISC, BCM Trainer
 
Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcmfaisal_ss
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportNQA
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Future ISO 22301 - BCM Requirements
Future ISO 22301 - BCM RequirementsFuture ISO 22301 - BCM Requirements
Future ISO 22301 - BCM RequirementsSANMADHUR TRAININGS AND CONSULTING
 
Business Continuity Management Culture at NCBC
Business Continuity Management Culture at NCBC Business Continuity Management Culture at NCBC
Business Continuity Management Culture at NCBCContinuity and Resilience
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminarcmckinney
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms ComplianceRamkumar Ramachandran
 
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdfiso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdfVictorNagesparan
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity AuditInstitute for Business Continuity Training
 

Weitere ähnliche Inhalte

Was ist angesagt?

Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRobert Kloots
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Alexander Larsen
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Steelhenge
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-templateMohamed Owaish
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
 
Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcmfaisal_ss
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportNQA
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAPPECB
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guidemfmurat
 
Business Continuity Management Culture at NCBC
Business Continuity Management Culture at NCBC Business Continuity Management Culture at NCBC
Business Continuity Management Culture at NCBCContinuity and Resilience
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminarcmckinney
 

Was ist angesagt? (20)

Rob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcmRob kloots auditingforscyandbcm
Rob kloots auditingforscyandbcm
 
Iso 22301
Iso 22301Iso 22301
Iso 22301
 
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
Business Continuity Management (BCM, BCP) Smaple (Animations don't work in Sl...
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
 
Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Business continuity-plan-template
Business continuity-plan-templateBusiness continuity-plan-template
Business continuity-plan-template
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar ForumISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
ISO 22301, The first ever ISO for BCM - Presented at BCI Qatar Forum
 
Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcm
 
BCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking ReportBCI ISO 22301 Benchmarking Report
BCI ISO 22301 Benchmarking Report
 
Governance Risk and Compliance for SAP
Governance Risk and Compliance for SAPGovernance Risk and Compliance for SAP
Governance Risk and Compliance for SAP
 
Iso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guideIso 27001 metrics and implementation guide
Iso 27001 metrics and implementation guide
 
Future ISO 22301 - BCM Requirements
Future ISO 22301 - BCM RequirementsFuture ISO 22301 - BCM Requirements
Future ISO 22301 - BCM Requirements
 
Business Continuity Management Culture at NCBC
Business Continuity Management Culture at NCBC Business Continuity Management Culture at NCBC
Business Continuity Management Culture at NCBC
 
Business Continuity Planning Seminar
Business Continuity Planning SeminarBusiness Continuity Planning Seminar
Business Continuity Planning Seminar
 
Popular Pitfalls In Isms Compliance
Popular Pitfalls In Isms CompliancePopular Pitfalls In Isms Compliance
Popular Pitfalls In Isms Compliance
 

Ähnlich wie Business Continuity Management System ISO 22301:2012 An Overview

iso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdfiso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdfVictorNagesparan
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301PECB
 
Quality management system services 'QMS' in India
Quality management system services 'QMS' in IndiaQuality management system services 'QMS' in India
Quality management system services 'QMS' in IndiaManojHosur
 
ISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxNapoleon NV
 
Creating an Effective Business Continuity Plan
Creating an Effective Business Continuity PlanCreating an Effective Business Continuity Plan
Creating an Effective Business Continuity PlanPECB
 
Understanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxUnderstanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxINTERCERT
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPDian Hermawan
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPDian Hermawan
 
ISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxSunil Arora
 
Quick_Guide_to_ISO_55001_Requirements_fo.pptx
Quick_Guide_to_ISO_55001_Requirements_fo.pptxQuick_Guide_to_ISO_55001_Requirements_fo.pptx
Quick_Guide_to_ISO_55001_Requirements_fo.pptxwexiwa1
 
What are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationWhat are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationhimalya sharma
 
Health & Safety Management For Quarries
Health & Safety Management For QuarriesHealth & Safety Management For Quarries
Health & Safety Management For Quarriesahmad bassiouny
 
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Jerimi Soma
 
ISO 9001-implementation-guide
ISO 9001-implementation-guideISO 9001-implementation-guide
ISO 9001-implementation-guideSeyha In
 

Ähnlich wie Business Continuity Management System ISO 22301:2012 An Overview (20)

iso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdfiso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
iso22301businesscontinuitymanagement-140207090550-phpapp01.pdf
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity Audit
 
Bcm in oil&gas industry
Bcm in oil&gas industryBcm in oil&gas industry
Bcm in oil&gas industry
 
Transition bs25999-to-iso22301
Transition bs25999-to-iso22301Transition bs25999-to-iso22301
Transition bs25999-to-iso22301
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
 
Quality management system services 'QMS' in India
Quality management system services 'QMS' in IndiaQuality management system services 'QMS' in India
Quality management system services 'QMS' in India
 
ISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptxISO27k ISMS implementation and certification process overview v2.pptx
ISO27k ISMS implementation and certification process overview v2.pptx
 
Unit 4 standards.ppt
Unit 4 standards.pptUnit 4 standards.ppt
Unit 4 standards.ppt
 
Creating an Effective Business Continuity Plan
Creating an Effective Business Continuity PlanCreating an Effective Business Continuity Plan
Creating an Effective Business Continuity Plan
 
Understanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docxUnderstanding the Roles and Responsibilities of ISMS Auditor.docx
Understanding the Roles and Responsibilities of ISMS Auditor.docx
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
 
ISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docx
 
Quick_Guide_to_ISO_55001_Requirements_fo.pptx
Quick_Guide_to_ISO_55001_Requirements_fo.pptxQuick_Guide_to_ISO_55001_Requirements_fo.pptx
Quick_Guide_to_ISO_55001_Requirements_fo.pptx
 
What are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationWhat are the steps for ISO 22301 certification
What are the steps for ISO 22301 certification
 
Health & Safety Management For Quarries
Health & Safety Management For QuarriesHealth & Safety Management For Quarries
Health & Safety Management For Quarries
 
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
Business Continuity (ISO22301) is relevant to PCI DSS v3.2.1 【Continuous Study】
 
Qsys Profile
Qsys ProfileQsys Profile
Qsys Profile
 
9001-2015
9001-20159001-2015
9001-2015
 
ISO 9001-implementation-guide
ISO 9001-implementation-guideISO 9001-implementation-guide
ISO 9001-implementation-guide
 

Kürzlich hochgeladen

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Kürzlich hochgeladen (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Business Continuity Management System ISO 22301:2012 An Overview

  • 1. BestPractice Business Continuity Management System ISO 22301:2012 An Overview In the past in order to deal with crisis, the Organization was used to Emergency response plan or a small disaster management committee. ISO 22301 ‘’Societal security - Business continuity management systems – Requirements’’, the world’s first international standard for Business Continuity Management (BCM), has been developed to help organizations to minimize the risk of any disruptions “Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity”. This standard was published in May 2012 to provide the organization with the best framework for business continuity management and therefore replaces the BS25999 Business Continuity British Standard that was published in 2006. Recent worldwide situation such as revolutions, natural disasters, environmental crisis and technology issues has shown that severe incidents may happen and impact the private sectors as well as the public sectors. Manager – Risk Management & Compliance Advisory Service Ventures Middle East
  • 2. Business Continuity Management History In 2012, ISO has also published ISO 22313 “ISO 22313:2012 Societal security - Business continuity management systems – Guidance “ to provide guidance to ISO 22301 for setting up and managing an effective business continuity management system (BCMS). ISO 22301 Objective: ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. ISO 22301 Scope: The ISO 22301 scope is generic and the intended requirements are applicable to all organizations or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity. Who can implement ISO 22301 standard? The implementation could be done by any organization, large or small, profitable or not, private or public. ISO 22301 is applicable to any size or type of organization. Business Continuity Definitions • Business Continuity Management (BCM) Holistic management process that identifies potential threats to an organization and the impacts to business operations of those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities 1988 Creation of DRII ( Disaster Recovery Institute ) USA 1994 Creation of Business Continuty Institute (BCI) 2012 ISO Publish first version of ISO 22301 2007 Pubication of BS 25999-2 2006 Publication of BS 2599-1
  • 3. • Business Continuity Management Systems (BCMS) That part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity , The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources. Business Continuity Plan - documented procedures that guide organization to respond , recover , resume and restore to a pre-defined level of operation following disruption • Recovery Time Objective (RTO) Period of time following an incident within which product or service must be resumed or activity must be resumed or resources must be recovered • Recovery Point Objective (RPO) Maximum data loss, point to which information used by an activity must be restored to enable the activity to operate on resumption • Maximum Acceptable Outage (MAO) Time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable Business Continuity Benefits Protection of people Predictable and effective response to crises Cost reduction understanding of the organization Legal and egulatory compliance Contract compliance Maintenance of vital activities of the organization Confidence of clients Competitive advantage Increase effectiveness - helps to demonstrate to customers and stakeholders that the business is run effectively Reduce risk - remove uncertainty; perceived competence, dependability and openness Unprecedented improvement in behaviors Keeps existing business and Gains new business
  • 4. Business Continuity Management System ISO 22301:2013 Structure This structure is a new formulation of ISO Management System and an alignment with “ Annex SL “ that allows the organization to made multiple implementation at the same time for related ISO Management Standard. As mentioned before in “ ISO 27001:2013 An Overview Article “ and our “Integrated implementation Model” that was proposed in CSCAMP 2013 (1) Now with our Integrated Implementation Model, any organization can implement ISO 22301:2012 (Business Continuity Management System) along with ISO/IEC 27001:2013 at the same implementation time within almost 12-14 Months. (2) Structure Contents 1. Scope State the Applicability of Standard within the Types of Organization 2. Normative References 3. Terms and Definitions A brief, formalized glossary Including Common Terms and Definition of BCMS Clause 4 – Context of the organization Understand the context of organization, internal and external needs, and setting clear boundaries for the scope of the BC management system. Clause 5 – Leadership BCMS required appropriate leadership. Top management must ensure appropriate resources, establishes policy and appoints people to implement and maintain the BCMS. Clause 6 – Planning This requires the organization to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.
  • 5. Clause 7 – Support Introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. Clause 8 – Operations Operation Clause contains the main body of business continuity management . The organization must undertake business impact analysis, Risk assessment and development of business continuity strategy. Clause 9 – Evaluation For any management system, it is essential to evaluate performance . BCMS requires that the organization select and measure itself against appropriate performance metrics , Conduct Internal audits , management review of BCMS and act on these reviews. Clause 10 – Improvement Organizations and their environments are constantly changing. this Clause defines actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises . The Plan-Do-Check-Act Cycle The standard applies the ‘Plan-Do-Check-Act’ (PDCA) cycle to plan, establish, implement, operate, monitor, review, maintain and continually improve the effectiveness of an organization’s BCMS. Related Best Practices and Standards UAE AE/HSC/NCEMA 7000:2012 First BCM bilingual Standard (Arabic and English) in the whole region. This standard identifies the components, mechanisms and activities used to establish, implement, and continually improve business continuity management for entities in both public and private sectors. The Good Practice Guidelines (GPG) – Business Continuity Institute BCI Independent body of knowledge for good Business Continuity worldwide practice and now includes terminology from ISO 22301:2012, the International Standard for Business Continuity management systems and consist of six Professional practices. Professional Practices- Disaster Recovery Institute International DRII The Professional Practices are a body of knowledge designed to assist the entity in the development and implementation of a BCM program and Consist of Ten Subject Area.. ISO/IEC 27031:2011 Information technology -- Security techniques -- Guidelines for information and communication technology readiness for business continuity ISO/IEC 24762:2008 Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services
  • 6. ISO 22301 Mandatory documentation Any organization that wants to implement ISO 22301 and get certified, the following documentation is mandatory: 1. List of applicable legal, regulatory and other requirements Understanding Context of organization 2. Scope of the BCMS Organization Statement of business continuity Scope that will be covered under BCMS 3. Business Continuity Policy Statement of BCM Policy that has to be applied on the Organization 4. Business Continuity objectives Clear statement of Organization BCMS objectives 5. Business Impact Analysis Analysis business function and the effect that the business disruption might have upon them 6. Risk Assessment, including risk appetite Overall process of risk identification, risk analysis and risk evaluation 7. Incident response structure The proper structure of dealing with organization incident including escalation criteria and incident levels 8. Business Continuity Plans Documented procedures that guide organization to respond, recover, resume and restore to a pre-defined level of operation following disruption 9. Records of communication with interested parties Address communication among the various levels of organization issue with internal /External interested parties 10. Recovery procedures A process that attempts to bring an organization back to a normal operating state (BAU) 11. Evidence of personnel competences Evidence of BCM Team Competencies, training, awareness and Staff skills. 12. Results of preventive actions and corrective actions Evidence of maintaining and improving the effectiveness and efficiency of the BCMS by taking preventive and corrective actions 13. Results of monitoring and measurement Evidence of defining measures of BCMS performance and continual improvement. 14. Results of internal audit Evidence of establishing an independent system for BCM implementation verification. 15. Results of management review Evidence that the organization’s top management reviews its BCMS regularly.
  • 7. Estimated Time needed for Implementation and Certification ISO/IEC 27001:2013 Based on my Experience Phase I: Estimated time needed for ISO 22301:2012 Implementation Estimated Duration needed for Implementation depends on the Organization specifications “Employees, Premises, Processes and Budget allocation “ • Small Organization: 50 - 350 Employees Estimated time for Implementation of the Standard 4-6 Months • Medium Organization: 350 – 700 Employees Estimated time for Implementation of the Standard 7 - 9 Months • Large Organization: 700 to 1500+ Employees Estimated time for Implementation of the Standard 10 - 12 Months Phase II : Estimated Time needed for Certification ISO 22301:2012 Case 1 : in case of one or more Minor Nonconformity and the organization tries to Correct them accordingly the certificate can be Issued around a Month Case 2 : in case of one or more Major Nonconformity and the organization tries to Correct them accordingly the Certificate can be Issued around 3-5 Months Conclusion Organizations must follow systematic approach that includes protection, preparedness, mitigation, response for business continuity and recovery. Organization ability to recover from a disaster is related to the quality of the business continuity management approach that was taken in place before the disaster. Business continuity Management system helps organizations to reach the continuous operation of all types of businesses in case of disaster References • ISO 22301 Societal security - Business continuity management systems - Requirements • ISO 22313:2012 Societal security -- Business continuity management systems – Guidance (1) “ ISO 27001:2013 An Overview Article “ http://www.slideshare.net/AhmedRiad2/isoiec-2 (2) “ Integrated Implementation Model can Implement ISO 22301:2012 (Business Continuity Management System) Together with ISO/IEC 27001:2013 http://www.slideshare.net/AhmedRiad2/presentation-final-28559374