More Related Content Similar to Rethinking Business Continuity: Applying ISO 22301 to improve resiliency, manage risk, and drive profitability in your organization (20) More from Bryghtpath LLC (7) Rethinking Business Continuity: Applying ISO 22301 to improve resiliency, manage risk, and drive profitability in your organization4. • Formerly BS25999
• Adopted globally in 2012
• Intersects with other ISO
Standards
– Ex: ISO 27001
• Establish and maintain a
Business Continuity
Management System
• Accreditation
• Certification
– Implementer / Lead
– Auditor / Lead
4
ISO 22301:2012
Societal Security – Business Continuity Management Systems
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
5. • Scope
• Terms and definition
• Organizational Context
• Leadership
• Planning
• Support
• Operation
• Performance Evaluation
• Improvement
5
ISO 22301 Content
Structure and Content of ISO 22301
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
7. a) A policy
b) People with defined responsibilities
c) Management processes relating to
1. Policy
2. Planning
3. Implementation & operation
4. Performance assessment
5. Management review
6. Improvement
d) Documentation providing auditable evidence
e) Any business continuity management processes
relevant to the organization
7
ISO 22301: 0.1
A BCMS has several key components
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
9. “… specifies requirements to plan, establish,
implement, operate, monitor, review, maintain, and
continually improve a documented management
system to protect against, reduce the likelihood of
occurrence, prepare for, respond to, and recover from
disruptive incidents when they arise...
9
ISO 22301: Clause 1
Scope of ISO 22301
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
19. Again:
• Who will be responsible
• What will be done
• What resources will be required
• When it will be completed
• How the results will be evaluated
19
ISO 22301: Clause 6
Planning
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
23. 8.3: Business Continuity Strategy
• The organization shall determine an appropriate business continuity
strategy for
– Protecting prioritized activities
– Recovering prioritized activities
– Mitigating, responding to, and managing impacts
• The organization shall determine the resource requirements to
implement the selected strategies (people, information, data, facilities,
technology, finance, partners, third parties)
• For identified risks requiring treatment, the organization shall consider
proactive measures
23
ISO 22301: Clause 8
Business Continuity Strategy
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
28. • All plans should be exercised
at least annually:
– Notification
– Table Top
– Recovery
– Fully integrated
• Disaster Recovery
– Testing DR plans and strategies
• Defined process for capturing
lessons learned and applying
to plans and strategies
28
ISO 22301 – Clause 8: Exercise, Testing, & Maturing
How will I exercise and test my plans? Based on those results, how will I improve?
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
30. • 9.2: Internal Audit
– The organization shall have an audit program
– Internal Audits shall be conducted at planned intervals to ensure that the BCMS
conforms to the requirements of this standard – and to the organization’s requirements
for BCMS
• 9.3: Management Review
– Top management shall review the organization’s BCMS at planned intervals to ensure
its continuing suitability, adequacy, and effectiveness
– Typically, the BCMS is briefed at lease once annually to the Board of Directors or the
Board’s Audit Committee.
30
ISO 22301: Clause 9
Internal Audits & Management Review
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
31. • 10.1: Non-Conformity
– Identify and react
– Evaluate the need for action
– Implement actions
– Make changes to the BCMS if needed
• 10.2: Continual Improvement
– The organization shall continually improve the suitability, adequacy, or effectiveness of
the BCMS
31
ISO 22301: Clause 10
Improvement
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
39. Global Standards
Business Continuity
• ISO 22301 (formerly BS25999)
• NFPA 1600
• ASIS Business Continuity Management Standard
• ASIS SPC.1: Organizational Resilience
US Government
• Federal Continuity Directives (FCD 1 / FCD 2)
• Continuity Guidance Circulators (CGC 1 / CGC 2)
39
Business Continuity and Emergency Management
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com
40. Professional Certifications
Business Continuity
• Disaster Recovery Institute International
– Associate Business Continuity Professional (ABCP)
– Certified Business Continuity Professional (CBCP)
– Master Business Continuity Professional (MBCP)
• Business Continuity Institute
– Member, Business Continuity Institute (MBCI)
– Fellow, Business Continuity Institute (FBCI)
• Business Continuity Management Institute (Singapore)
– Multiple certifications
Emergency Management
• International Association of Emergency Managers
– Associate Emergency Manager (AEM)
– Certified Emergency Manager (CEM)
40
Business Continuity and Emergency Management
Copyright © 2015 by Bryghtpath LLC | bryghtpath.com | +1-612-235-6435 | bryan@bryghtpath.com