• Like

ISO 22301: The New Standard for Business Continuity Best Practice

  • 2,672 views
Uploaded on

ISO 22301 is the new international standard for Business Continuity Management best practice. It provides organizations with a framework to manage risk and ensure that they can continue operations in …

ISO 22301 is the new international standard for Business Continuity Management best practice. It provides organizations with a framework to manage risk and ensure that they can continue operations in any type of event. In this webinar, ISO 22301 expert John McGill will help you understand the ISO standard, why it's important, and how to plan for certification.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
2,672
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
206
Comments
0
Likes
5

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. ISO 22301 The New Standard for Business Continuity Best Practice Sponsored By Emergency Notification | Incident Management
  • 2. Reputation Combat: Protecting Your Company’s Online Reputation ©Copyright 2011, Jonathan Bernstein2ISO 22301 2 Agenda 1 • So what is ISO 22301? 2 • The Benefits of ISO 22301 3 • BS 25999 compared to ISO 22301 4 • Planning to comply with ISO 22301 5 • The Certification Process 6 • Q & A
  • 3. Reputation Combat: Protecting Your Company’s Online Reputation ©Copyright 2011, Jonathan Bernstein3ISO 22301 3 Sponsored by Smarter Crisis Management Emergency Notification Incident Management Mobile Crisis Communications www.missionmode.com/mobile
  • 4. Reputation Combat: Protecting Your Company’s Online Reputation ©Copyright 2011, Jonathan Bernstein4ISO 22301 4 This presentation is from a recorded webinar. To view and listen to the video presentation, visit: www.missionmode.com/webinars
  • 5. Reputation Combat: Protecting Your Company’s Online Reputation ©Copyright 2011, Jonathan Bernstein5ISO 22301 5 John McGill Managing Partner, ISO 22301 Ltd.
  • 6. So What Is ISO 22301?
  • 7. ISO 22301 7 ISO 22301 has sprung from a need for global standardisation. “I couldn’t help with the spill, I couldn’t do anything about getting the ship off the rocks”. Statement 10 days after the Exxon Valdez incident by Lawrence Rawl, CEO Exxon Mobile
  • 8. ISO 22301 8 ISO 22301 was developed by the International Organization for Standardization (ISO), the world’s largest developer of international standards.
  • 9. ISO 22301 9  ISO 22301 identifies the fundamentals of best practice business continuity.  107 Steps to excellence
  • 10. ISO 22301 10 The Automata Fortress Model of Business The Automata Fortress Model of Terms and Definitions Understanding The Business Leadership Planning Support Operation Improvement Introduction Scope and References 0 1/2 3 4 5 6 7 8 10 Evaluation9
  • 11. The Benefits of ISO 22301
  • 12. ISO 22301 12  Establish, implement, maintain and improve business continuity.  Meet the requirements of your business continuity policy.  Give key stakeholders confidence.  Save time and money
  • 13. ISO 22301 13 So why will an organisation’s leaders decide they want to align with ISO 22301, or even become certified in it? "I think the environmental impact of this disaster is likely to have been very, very modest." —Tony Hayward, BP CEO
  • 14. BS 25999 vs. ISO 22301
  • 15. ISO 22301 15ISO 22301 15 All core 25999 business continuity requirements are in ISO 22301.
  • 16. ISO 22301 16ISO 22301 16 ISO 22301 puts emphasis on:  Interested Parties  Understanding the organisation  Monitoring performance and metrics  Legal and regulatory requirements  Crisis Communications
  • 17. ISO 22301 17ISO 22301 17 BS 25999 ISO 22301 4.1 4.1 5.2 4.3.3.3 7.4, 8.4.2, 8.4.3 4.4.3 9.1 S 3.2.1 4.3 O 3.2.1.1 6.2 P 3.2.2 5.3 3.4 7.5 4.1.2 8.2.1, 8.2.3 BS 25999 and ISO 22301 Understanding the needs and expectations of interested parties MagnitudeArea of change Understand the organisation Document information Monitoring, measurement, analysis and evaluation Risk assessment Business continuity policy Communication & warning system Management commitment Determine the scope Business continuity objectives BS 25999 vs. ISO 22301 Full chart will be available for download.
  • 18. Planning to comply with ISO 22301
  • 19. ISO 22301 19 ISO 22301 specifically requires you to define your approach for measurement and monitoring.
  • 20. ISO 22301 20ISO 22301 20
  • 21. ISO 22301 21ISO 22301 21
  • 22. ISO 22301 22ISO 22301 22 Business Continuity Management System (BCMS)
  • 23. ISO 22301 23ISO 22301 23 The key aspects of your ISO 22301 project: 1. Scope of business continuity 2. Business continuity Policy 3. Business continuity Objectives 4. Strategy for meeting the objectives
  • 24. The Business Impact Analysis (BIA)
  • 25. ISO 22301 25ISO 22301 25 Develop the BIA into a risk log and then create Business Continuity Plans Evaluate the Recovery Timeframes Review the needs of interested parties Review the initial impact and then the impact were the disruption to continue Consider the impact were the resources upon which the PAs depend are unavailable Identify Priority Activities (PA)
  • 26. ISO 22301 26ISO 22301 26 Develop Incident Management  Train  Test
  • 27. ISO 22301 27ISO 22301 27 Resource requirements: BCMS project leader …………………………. Project team members ……………………… Project board chairman …………………….. Incident Management team members Executive ………………………………………….. Staff ……………………………………............... 1,000 Hours 36 Hours 130 Hours 20 Hours 20 Hours 1 Hour
  • 28. The Certification Process
  • 29. ISO 22301 29ISO 22301 29 Certification process:  Identify accredited certification companies  Meet a shortlist of companies  Appoint a certification company  Agree schedule with chosen company  Schedule audit and pre-audit meetings
  • 30. ISO 22301 30 ISO 22301 outlines BCMS requirements, but does not dictate how to plan in a prescriptive manner. Heads Up: The auditor cannot act as a consultant and advise you.
  • 31. ISO 22301 31 Phase 1 audit: one day Focuses on a review of your documents
  • 32. ISO 22301 32  Phase 1 non-conformities must be resolved before the Phase 2 audit.  Phase 2 will last two days and will comprise some further review of documents.  The outcomes are as per the Phase 1 audit, plus the option for certification.
  • 33. ISO 22301 33 The project to obtain certification should not be self serving. Proof that your business continuity planning is following best practice.
  • 34. ISO 22301 34 The ISO 22301 Standard can be downloaded at a cost of CHF 116 ($124 /€94). Additional guidance can be downloaded in ISO 22313 at a cost of CHF 154 ($165/€126).
  • 35. Reputation Combat: Protecting Your Company’s Online Reputation ©Copyright 2011, Jonathan Bernstein35ISO 22301 Sponsored by Smarter Crisis Management Emergency Notification Incident Management Mobile Crisis Communications info@missionmode.com www.missionmode.com/mobile
  • 36. ISO 22301 36ISO 22301 36 John McGill ISO22301@btinternet.com
  • 37. Reputation Combat: Protecting Your Company’s Online Reputation ©Copyright 2011, Jonathan Bernstein37ISO 22301 This presentation is from a recorded webinar. To view and listen to the video presentation, visit: www.missionmode.com/webinars