John Zeppos - BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard

986 views

Published on

Published in: Education, Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
986
On SlideShare
0
From Embeds
0
Number of Embeds
290
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

John Zeppos - BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard

  1. 1. BS25999-2:2007 Certification & Transition to new ISO22301 BCM StandardJohn ZepposOTE Group Business Continuity Management Deputy DirectorAugust 2012
  2. 2. How has Business Continuity Management Developed?  Holistic approach  BS25999 formed the  USA - Natural Disasters intended to reduce risks key input to the and resulting impacts ISO22301  UK - Irish Terrorist attacks resulted in the “Disaster-  US standard NFPA 1600 – a recommended  ISO22301 Standard Recovery” approach in the approach for Disaster May 2012 UK to deal with the aftermath of an event Management – based on Natural, Human or Technological disasters Current1970s 1990s situation 1980s 2000s  Standards Start to be developed  2003/2004 PAS56 - UK - never developed into a full standard  NFPA1600 USA – became programme based  BCM professionals  BS25999 – Code of Practice & recognised the need to Specification (2006/7) – organisations able understand the Impact to to be independently certified the Business – hence BIA, o Management System approach aligned Risk Assessment etc with existing Management Systems o Lifecycle to ensure that the business is protected – not Disaster and then Recover John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 2
  3. 3. 2006/2007 2003 2012John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 3
  4. 4. BCMS Certification Why should one decide to undertake certification ?  BS25999 / ISO22301 is the most appropriate standard containing both the Continuity and Crisis Management  They are is based on a Management System approach fully aligned with ISO9001 and ISO27001  They provide independent proof that one’s BCMS is fit for purpose  Senior Management confidence that the approach that they are being asked to underwrite is appropriate.  Certificate could significantly reduce Insurance costs Certification Programme  Initial pre-assessment by qualified independent auditors ( gap analysis )  Certification project internal kick off meeting with all relevant functions  Stage 1 Assessment – finalise scope and agree timing  Stage 2 Assessment – Certification Audit  1 Month later - Certificate can be officially issued John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 4
  5. 5. ISO22301:2012  ISO22301 published w/b May 15 UKAS transition project under way 1st May 2012 with internal actions, document  BS25999-2 will be withdrawn in November 2012 preparation, internal training etc. No new applications accepted for  No new applications for certification after 22nd 31st October 2012 accreditation to BS 25999-2 October 2012 Transition Assessments begin as part  Scope extensions for existing certifications 1st November 2012 of the normal surveillance cycle supported to end October 2013 No new BS 25999-2 scope extensions 31st October 2013 accepted by UKAS  After 1st November 2012 all visits based on ISO 22301 No new BS 25999-2 certificates to be 31st December 2013 issued by CABs  Existing certificates remain valid until the end of All CABS to have transitioned to ISO 30th May 2014 transitional period (30th May 2014) 22301 All CAB clients to have transitioned  No new certificates or renewals after 31st within one year of Accreditation to December 2013 ISO 22301.John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 5
  6. 6. ISO TC 223  ISO TC 223 is the Technical Committee responsible  TC 223 deals with all matters regarding Societal Security o provision of International Standards to enhance all actors capacity in society to handle all phases before, during and after disruptive events  45 countries are participating members  All standards from this committee are prefixed “Societal Security” and are number 223xx  Other standards being developed include: o Mass evacuation o Emergency Management Command and ControlJohn Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 6
  7. 7. ContributorsJohn Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 7
  8. 8. ISO22301:2012  Source documents included o BS25999-2 o NFPA 1600 o ASIS OR standard o Singapore standards o ISO27031 o ISO Guide 73 o ISO/PAS22399  So ISO 22301 is not simply an international version of BS25999-2:2007  ISO moving towards standardization of management systems headings and text o In development as it was being written o Agreed now and published as ISO Guide 83 o Rules on how to apply this were not always clear so had to be changed  Hence our interpretation may differ in detail from others like ISO 27001 – all management systems standards will follow Guide 83’s standardized headings and text  Integration of management systems will be easierJohn Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 8
  9. 9. ISO22301:2012  ISO 22301 is the requirements document  ISO 22313 is the guidance document that accompanies ISO22301 o It was originally planned to publish these together but in practicality 22301 has run ahead of the guidance o It is aligned to 22301, clearly BS25999-1 was not  ISO 22313 should be published early next year o Currently at DISJohn Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 9
  10. 10. John Zeppos Twitter : @jzepposyzeppos@cosmote.gr http://www.linkedin.com/in/johnzeppos+30 697 9666844 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos 10

×