• Save
Bsi Acp Iso 22301 Tg 2012
Upcoming SlideShare
Loading in...5
×
 

Bsi Acp Iso 22301 Tg 2012

on

  • 967 views

To support the implementation of the latest international requirements standard for business continuity management systems, this guide has been designed to make it easier for you to meet the ...

To support the implementation of the latest international requirements standard for business continuity management systems, this guide has been designed to make it easier for you to meet the requirements of the new BS ISO 22301
BS ISO 22301 specifies the requirements for setting up and managing an effective business continuity management system (BCMS) for any organization, regardless of type or size. BSI recommends that every business has a plan in place to avoid excessive downtime and reduced productivity in the event of an interruption
Meeting the requirements of the new international standard has never been easier. This presentation helps and supports organizations to implement BS ISO 22301, which will supersede BS 25999-2. It consists of an extract from John Sharp’s latest book ‘The Route Map to Business Continuity Management’ which provides practical guidance on how to meet the requirements of BS ISO 22301 and is available for purchase through the BSI shop
This transition guide will help you understand your organization’s needs and obligations and how to implement an effective BCMS. Whether you are planning to certify against the new standard or simply want to benefit from BCM best practice, this guide will help you put in place the necessary requirements

Statistics

Views

Total Views
967
Views on SlideShare
960
Embed Views
7

Actions

Likes
0
Downloads
0
Comments
0

2 Embeds 7

http://www.linkedin.com 6
https://www.linkedin.com 1

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Bsi Acp Iso 22301 Tg 2012 Bsi Acp Iso 22301 Tg 2012 Presentation Transcript

  • Business Development BSI CIS ACP Moving from BS 25999-2 to ISO 22301The new international standard for business continuity management systems
  • 2That’s why organizations need strongbusiness continuity planningTo support the implementation of the latest international requirements standard for businesscontinuity management systems, this guide has been designed to make it easier for you tomeet the requirements of the new BS ISO 22301BS ISO 22301 specifies the requirements for setting up and managing an effective businesscontinuity management system (BCMS) for any organization, regardless of type or size. BSIrecommends that every business has a plan in place to avoid excessive downtime andreduced productivity in the event of an interruptionMeeting the requirements of the new international standard has never been easier. Thispresentation helps and supports organizations to implement BS ISO 22301, which willsupersede BS 25999-2. It consists of an extract from John Sharp’s latest book ‘The RouteMap to Business Continuity Management’ which provides practical guidance on how to meetthe requirements of BS ISO 22301 and is available for purchase through the BSI shopThis transition guide will help you understand your organization’s needs and obligations andhow to implement an effective BCMS. Whether you are planning to certify against the newstandard or simply want to benefit from BCM best practice, this guide will help you put inplace the necessary requirements
  • 3Why adopt a business continuitystandard?As business continuity management (BCM) has developed worldwide, there hasbeen a convergence in the methodologies being promoted. It became apparentfollowing the Year 2000 problem or ‘millennium bug’, when organizations weredeluged with requests for compliance statements from their customers and clients,that there was a need for a uniform approach to BCMIt is undesirable for major customers to enforce their own approach to BCM downtheir supply chains, as happened with other management systems, notably quality.While a supplier can run different quality systems to meet the requirements of itscustomer base, it cannot run different, and possibly conflicting, BCM systems,which will be used during a disruption at a time when tensions are high. This wasone of the principal drivers for establishing BCM standards In the UK
  • 4Why adopt a business continuitystandard?BS 25999 was created to set out a uniform benchmark in good practice, satisfyingthe needs of customers, clients, government, regulators and all other interestedparties. BS 25999 has been accepted worldwide and has formed the basis of manyother BCM standards, including the US ASIS/BSI BCM.01 standard adopted byANSI. BS 25999 and other BCM standards from across the globe provided thesource material for the creation of two new international standards: ISO 22301(requirements) and ISO 22313 (guidance)By adopting a standard approach to BCM as set out in ISO 22301, organizationscan offer their customers and clients greater assurance that they will be capable ofmaintaining continuity of operations if they suffer disruptive incidentsFor those already certified to BS 25999-2 there will be a transition period to allowthem to update their BCM systems to ISO 22301. For those certified, and thoseorganizations working towards certification, the additional requirements are notonerous
  • 5 Implementing ISO 22301The international standard for BCM, ISO 22301:2012specifies requirements for setting up and managing aneffective business continuity management system (BCMS). Itis for use by internal and external parties, includingcertification bodies, to assess the organization’s ability tomeet regulatory and customer requirements as well as theorganization’s own requirements. ISO 22301 contains onlythose requirements that can be objectively audited and ademonstration of successful implementation can therefore beused by an organization to assure interested parties that anappropriate BCMS is in place.During the latter part of 2012 or early in 2013, ISO will issue aguidance document ISO 22313. This document will take theform of good practice guidance andrecommendations, indicating what practices an organizationshould, or may, undertake to implement effective BCM.Organizations may choose to follow all or part of theguidance, which may be used for self-assessment or betweenorganizations. The guidance is not a specification for BCM.
  • 6 Comparing ISO 22301:2012 with BS 25999-2:2007When news of an ISO standard for BCM emerged, business continuity managersexpressed concern that they might have to radically rework their BCM procedures andprocesses once ISO 22301 was introduced. BS 25999-2 had been, and continues to be,used by many organizations across the world as the basis of their BCM procedures andprocesses. The good news is that BS 25999-2 has provided the main foundation of thenew ISO standard. There are some important additions and a few elements that havebeen omitted. The additions have added greater depth and clarity while the omissions donot detract from the overall good BCM practices and principles.The new standard is entitled ‘Societal security – Business continuity managementsystems – Requirements.’ This is one of a suite of standards being developed by ISO/TC223 designed to achieve greater societal security. Societal security can be defined asproviding protection of society from, and the ability to respond to, incidents, emergenciesand disasters caused by intentional and unintentional human acts, natural hazards, andtechnical failures.
  • 7Comparing ISO 22301:2012 withBS 25999-2:2007The way in which ISO 22301 can be used is detailed in Clause 1 Scope. Itstates that the standard is applicable to all types and sizes of organizationsthat wish to• establish, implement, maintain and improve a BCMS• ensure conformity with stated business continuity policy• demonstrate conformity to others• seek certification/registration of its BCMS by an accredited third partycertification body• make a self-determination and self-declaration of conformity with thisInternational Standard [ISO 22301:2012].The standard can also be used by an organization to assess its suppliers’ability to meet continuity needs and obligations.
  • 8New concepts and activities …New Concept ExplanationContext of the organization The environment in which the organization operatesInterested parties Replaces «stakeholders»Leadership Requirements specific to top managementMaximum acceptable outage (MAO) «time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable» This is the same as «maximum tolerable period of disruption (MTPD)»Minimum business continuity «minimum level of services and/or products that is acceptable to theobjective (MBCO) organization to achieve its business objectives during a disruption»Performance evaluation Covers the measurement of BCMS and BCM effectivenessPrioritized timeframes Order and timing of recovery for critical activitiesWarning and communication Activities undertaken during an incidentThere have been many other additions and some slight alterations to the terms anddefinitions listed in the standard. The additions and changes reflect terms and definitionscommonly used by BCM practitioners today
  • 9The major additions to ISO 22301:2012
  • 10
  • 11Sergey RomanovskyCertification & Partner Programme Director, CISLead Auditor | ACP ManagerBritish Standards Institution24/2 Radio Str. 105005 Moscow RussiaT: +7 495 9816507F: +7 495 9816508E: sergey.romanovsky@bsigroup.comW: www.bsigroup.com | www.bsi-russia.ru