Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The New Corporate ISO 22301 BCStandard:What It Takes To ComplyRobert C. Chandler, Ph.D.Director, Nicholson S h l of CDi t Ni h l School f Communication i ti

About Everbridge• The Global Leader in incident notification systems• Fast-growing Fast growing global company with more than 1,500 clients in more than 100 countries• Serve the Global 2000 healthcare 2000, systems, state and local government, federal government, military, financial services firms, and universities• 100% focused on incident notification solutions that merge technology and expertise 2

AgendaPart 1: Presentation• The standards on which ISO 22301 is based• What this means for your current business continuity communication plan• How to improve your plan to withstand audit and reviewPart 2: Q&A 3

The New Corporate ISO 22301 BC Standard:BracingWhat It Takes To Comply for the 2010Hurricane Season Dr. Robert Chandler University of Central Florida

Do ISO standards really matter?• Over a million organizations worldwide are independently certified making ISO 9001 one of the certified, most widely used management tools in the world today.• In addition to several stakeholders’ benefits, a number of studies have identified significant financial benefits for organizations certified to ISO ISO.• Studies also indicate that certified organizations g achieved superior return on assets compared to otherwise similar organizations without certification.

BS 25999-2 was the beginning• In November 2006, the first draft of BS 25999 was published in the British Standards Institution finally Institution, providing a necessary structure to processes, principles and terminology for business continuity.• The second draft was published in November, 2007.• Targeted stakeholder assurance of BC plans in place place.• Will be withdrawn when ISO 22301 is finalized 6

The standard evolves with ISO 22301• Greater emphasis on setting the objectives, monitoring performance and metrics metrics.• Clearer expectations on management.• Requires more careful planning for and preparing the resources needed for ensuring business continuity.• An international standard appeals to top management of any organization. 7

The main differences betweenBS25999-2 dBS25999 2 and ISO 22301?• Communication: The requirements for business continuity plans, including response procedures and recovery plans, are much more detailed too - e.g. the communication part• Monitoring performance: Requirement for BCM/BCMS Metrics e g BIA update frequency e.g. frequency, number of plans, number of exercises completed, etc• Operational planning and control: Emphasis on operational planning and setting controls for the BCMS

The shift from BCMS to PCMS• BCMS (Business Continuity Management System) vs PCMS (Preparedness and Continuity Management System)• An emphasis on preparedness is now integrated in terminology.• Preparedness includes: • Creating policies and actions. • Controlling and measuring an organization’s risks. • Monitoring and reviewing progress progress. • Implementing continual improvement based on measurement

ISO 22301 anticipated timeline• The standard, entitled “Societal security - Business continuity management systems – R ti it t t Requirements” i i t ” is currently on to the Final Draft International Standard ( (FDIS) stage. ) g• The draft now needs a two-thirds majority of a yes or no vote (with less than one-third of the total vote ( being negative) by the TC233 committee for the standard to be published.• The earliest that the standard will be published is the end of 2011 but 2012 may be more likely.

Let’s highlight a few of thecommunication aspects of ISO 22301 i ti t f• Section 8 5 3 8.5.3• The organization shall establish, implement and maintain procedures for: c) internal communication between the various levels and functions within the organization; d) external communications with partner organizations and other stakeholders; Everbridge Aware Single step Single-step to send to all of your internal contacts and external partners and constituents 11

Let’s highlight a few of thecommunication aspects of ISO 22301 i ti t f• Section 8 5 3 8.5.3• The organization shall establish, implement and maintain procedures for: e) receiving, documenting and responding to communication from other stakeholders; h) assuring availability of means of communication during a disruptive incident; Everbridge Aware Receive 2-way real-time feedback on 2 way, real time notifications. Bullet proof infrastructure with 99.99% availability. 12

Let’s highlight a few of thecommunication aspects of ISO 22301 i ti t f• Section 8 5 3 cont’d 8.5.3 cont d• The organization shall establish, implement and maintain procedures for: i) facilitating structured communication with emergency responders; j) assuring the interoperability of multiple responding organizations and personnel; k) recording of vital information about the incident, actions taken and decisions made; and Everbridge Aware Pre planned Pre-planned structured messages Communicate across all device types Robust real-time reporting and results 13

Let’s highlight a few of thecommunication aspects of ISO 22301 i ti t f• Section 8 5 3 cont’d 8.5.3 cont d• The organization shall establish, implement and maintain procedures for: l) operations of a communications facility.• The communication and warning system shall be regularly exercised Everbridge Aware ENS system is core component of every communication facility. Easy and cost-effective to test regularly. 14

Let’s highlight a few of thecommunication aspects of ISO 22301 i ti t f• Section 8 5 4 8.5.4• The organization shall nominate incident response personnel with the necessary responsibility, responsibility authority and competence to manage an incident.• The organization shall establish an incident response structure that provides for personnel to: b) trigger an appropriate response; c) have processes and procedures for the activation, operation, Everbridge Aware coordination and communication Facilitates the response process. process of the incident response; Easy to incorporate your communication processes into the system 15

Let’s highlight a few of thecommunication aspects of ISO 22301 i ti t f• Section 8 5 4 8.5.4• The organization shall nominate incident response personnel with the necessary responsibility, responsibility authority and competence to manage an incident.• The organization shall establish an incident response structure that provides for personnel to: d) have resources available to support ) pp the processes and procedures to manage an incident; and Everbridge Aware e) communicate with stakeholders stakeholders. Provides the central infrastructure to communicate with stakeholders 16

Here are communication tips to enhanceyour compliance with requirements… li ith i t

Communication priorities to improve yourplan and enhance compliance l d h li1. Optimal timing2. Message content3. Maintain control4. Transparency5. Optimal delivery channels

Reaction timeFactors that affect reaction time include: • Recognition • Choice • Number of stimuli • Fatigue • Reasoning • Remembering • Imagining • Learning 19

Situation awareness• Situation awareness is “knowing what is going on so you can figure out what to do”* do• To function in a crisis, people need to have answers to: • What is happening? • Wh i it h Why is happening? i ? • What will happen next? • What can I do about it? 20 *Wikipedia

Is your communication plan fortified?Effective crisis communication includes just the rightamount of i f t f information, but… ti b t• What constitutes the right amount of information?• How much information is enough?• How much is too much?

Pitfalls to avoid in your messaging audit1. Underloading or overloading messages Balance ideas, information, and words the context of a crisis crisis.

Pitfalls to avoid in your messaging audit2. Not testing messages Test content, tone, and comprehension with focus groups.

Pitfalls to avoid in your messaging audit3. Sending mixed messages Create messages that are accurate, consistent, and reinforce each other.

Pitfalls to avoid in your messaging audit4. Poorly-timed messages Avoid too-early or too-late messages. Plan ahead and act quickly to communicate during the short window when people are most receptive.

Pitfalls to avoid in your messaging audit5. Wrong delivery channels Account for changes to common communication channels due to quarantine, illness, and other pandemic effects effects.

Pitfalls to avoid in your messaging audit6. Mismatched messages Create and send authoritative, accurate, accurate forthright messages. messages Do not downplay risks or threats. Correct misinformation swiftly.

Pitfalls to avoid in your messaging audit7. Failure to understand your audience Understand and adapt messaging to your audience’s comprehension levels and motivations. Avoid jargon and sophisticated concepts. concepts

Pitfalls to avoid in your messaging audit8. Lack of transparency Provide factual, accurate information. Remember that people have a right to know the risks and consequences.

Discussion continues… • Twitter: @ISO22301 • LinkedIn: http://www.linkedin.com/groups/ISO22301-3931836 p g p • Download the draft: http://www.iso.org/iso/iso_catalogue/catalogue_tc/c atalogue_detail.htm?csnumber=50038 t l d t il ht ? b 50038 30

It’s your choice! • Your organization can choose how important it i t certify. is to tif • Weigh the impact or advantages/disadvantages of certification on your organization. organization • More research is recommended to understand the full implications of ISO 22031 in your situation situation. 31

Incident NotificationMarc LadinChief Marketing Officer, Everbridge 32

Incident notification solutions addresscommon communication challenges• Communicate quickly easily and quickly, easily, • Reduce miscommunication and efficiently with large numbers of control rumors with accurate, people in minutes, not hours, making consistent messages sure that the lines of communication are open • Satisfy regulatory requirements• Receive feedback from your with extensive and complete messages by using polling reporting of communication attempts ti f i ti tt t capabilities and two-way acknowledgements from recipients• Ensure two-way communication two way to get feedback from message • Deliver refined, prepared , timed receivers messages to each pre-designated audience group, by scenario 33

Key evaluation criteria for an incidentnotification system• Experience and expertise• Ease of use• Ability to reach all contact paths, including voice email native SMS voice, email, (over SMPP and SMTP), IM, and more• Ease of integration 34

Communication resourcesContact information Upcoming webinars: Business Case Demo (August 25) www.everbridge.com/webinars www everbridge com/webinars White papers, literature, case studies www.everbridge.com/resourcesRobert C. Chandler, Ph.D.rcchandl@mail.ucf.edu h dl@ il f d Follow us:1.407.823.2683 blog.everbridge.com twitter.com/everbridge facebook.com/everbridgeinc youtube.com/user/everbridgeMarc Ladinmarc.ladin@everbridge.com1.818.230.97001 818 230 9700 Reminder Everbridge Insights webinars qualify for Continuing Education Activity Points (CEAPs) for DRII certifications. Visit www.drii.org to register your credit. Item Number (Schedule II): 26.3 Activity Group: A 1 Point for each webinar

http://blog.everbridge.com	621
http://www.google.com	2
http://www.google.co.in	1

Everbridge Webinar - The New Corporate ISO 22301 BC Standard

by Everbridge, Inc. on Aug 23, 2011

Accessibility

Categories

Upload Details

Usage Rights

3 Embeds 624

Statistics

Everbridge Webinar - The New Corporate ISO 22301 BC Standard Presentation Transcript