ISO 22301 is the new international standard for Business Continuity Management best practice. It provides organizations with a framework to manage risk and ensure that they can continue operations in any type of event. In this webinar, ISO 22301 expert John McGill will help you understand the ISO standard, why it's important, and how to plan for certification.
7. ISO 22301 7
ISO 22301 has sprung from a need
for global standardisation.
“I couldn’t help with the spill, I
couldn’t do anything about getting
the ship off the rocks”.
Statement 10 days after the Exxon
Valdez incident by Lawrence Rawl,
CEO Exxon Mobile
8. ISO 22301 8
ISO 22301 was developed by the
International Organization for
Standardization (ISO), the world’s
largest
developer of
international
standards.
9. ISO 22301 9
ISO 22301 identifies the
fundamentals of best
practice business continuity.
107 Steps to excellence
10. ISO 22301 10
The Automata
Fortress Model
of
Business
The Automata
Fortress Model
of
Terms and
Definitions
Understanding
The Business
Leadership
Planning
Support
Operation
Improvement
Introduction
Scope and
References
0
1/2
3
4 5
6
7
8
10
Evaluation9
12. ISO 22301 12
Establish, implement, maintain and
improve business continuity.
Meet the requirements of your
business continuity policy.
Give key stakeholders confidence.
Save time and money
13. ISO 22301 13
So why will an organisation’s
leaders decide they want to align
with ISO 22301, or even become
certified in it?
"I think the environmental impact of
this disaster is likely to have been
very, very modest."
—Tony Hayward, BP CEO
15. ISO 22301 15ISO 22301 15
All core 25999 business
continuity requirements are
in ISO 22301.
16. ISO 22301 16ISO 22301 16
ISO 22301 puts emphasis on:
Interested Parties
Understanding the organisation
Monitoring performance and
metrics
Legal and regulatory requirements
Crisis Communications
17. ISO 22301 17ISO 22301 17
BS 25999 ISO 22301
4.1
4.1
5.2
4.3.3.3 7.4, 8.4.2, 8.4.3
4.4.3 9.1
S 3.2.1 4.3
O 3.2.1.1 6.2
P 3.2.2 5.3
3.4 7.5
4.1.2 8.2.1, 8.2.3
BS 25999 and ISO 22301
Understanding the needs and expectations of interested parties
MagnitudeArea of change
Understand the organisation
Document information
Monitoring, measurement, analysis and evaluation
Risk assessment
Business continuity policy
Communication & warning system
Management commitment
Determine the scope
Business continuity objectives
BS 25999 vs. ISO 22301
Full chart will be available for download.
22. ISO 22301 22ISO 22301 22
Business Continuity
Management
System (BCMS)
23. ISO 22301 23ISO 22301 23
The key aspects of your ISO 22301
project:
1. Scope of business continuity
2. Business continuity Policy
3. Business continuity Objectives
4. Strategy for meeting the
objectives
25. ISO 22301 25ISO 22301 25
Develop the BIA
into a risk log
and then create
Business
Continuity
Plans
Evaluate the
Recovery
Timeframes
Review the
needs of
interested
parties
Review the
initial impact
and then the
impact were
the disruption
to continue
Consider the
impact were
the resources
upon which the
PAs depend are
unavailable
Identify Priority
Activities (PA)
26. ISO 22301 26ISO 22301 26
Develop Incident Management
Train
Test
27. ISO 22301 27ISO 22301 27
Resource requirements:
BCMS project leader ………………………….
Project team members ………………………
Project board chairman ……………………..
Incident Management team members
Executive …………………………………………..
Staff ……………………………………...............
1,000 Hours
36 Hours
130 Hours
20 Hours
20 Hours
1 Hour
29. ISO 22301 29ISO 22301 29
Certification process:
Identify accredited certification
companies
Meet a shortlist of companies
Appoint a certification company
Agree schedule with chosen company
Schedule audit and pre-audit meetings
30. ISO 22301 30
ISO 22301 outlines BCMS
requirements, but does not
dictate how to plan in a
prescriptive manner.
Heads Up: The auditor cannot
act as a consultant and advise you.
31. ISO 22301 31
Phase 1 audit: one day
Focuses on a review of your
documents
32. ISO 22301 32
Phase 1 non-conformities must be
resolved before the Phase 2 audit.
Phase 2 will last two days and will
comprise some further review of
documents.
The outcomes are as per the Phase
1 audit, plus the option for
certification.
33. ISO 22301 33
The project to obtain certification
should not be self serving.
Proof that your
business continuity
planning is following
best practice.
34. ISO 22301 34
The ISO 22301 Standard can be
downloaded at a cost of CHF 116
($124 /€94).
Additional guidance can be
downloaded in ISO 22313 at a cost
of CHF 154 ($165/€126).