Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Societal Security – the new standard ISO 22301 forBusiness Continuity ManagementLuigi Brusamolino, Managing Director South...
Who is BSI? – 10 fast facts                                                                                               ...
What is business continuity?• “Business continuity is the capability of an organization to  continue delivery of products ...
Examples of disruptions• Extreme weather conditions• Loss of IT/Cyber Security• Loss of people• Supply chain disruption• T...
Organisations which are at risk• 72% of companies surveyed had experienced at least one disruption to their  supply chain....
6                    Are organisations ready for the next crisis?              83% AGREE BCM is important/very important y...
2012 BCM survey – key findings• The business case for BCM – 81 per cent of managers whose  organisations activated their B...
2012 BCM survey – key findings• Drivers – the three biggest external drivers of BCM were corporate  governance (42%), dema...
9International development of BCM standard  PAS 56                                                   BS 25999   ISO 22301 ...
Introducing ISO 22301• ISO 22301 Societal Security - Business  continuity management system - Requirements.• Management sy...
Societal Security – ISO 223xx family standardThe term Societal Security was first uded by Barry Buzan in the book People, ...
B2S – Business to Society paradigmaThe term Societal Security and the importance of theeconomic, political, social environ...
What is ISO 22301?• Provides the requirements for a business continuity management system  (BCMS)• Based on global BCM bes...
Societal Security and BCM?• ISO 22301 now comes under a wider societal  security remit• This acknowledges the important ro...
Comparing ISO 22301 and BS 25999-2Includes all core requirements• The ‘Plan Do Check Act’ cycle                           ...
Key changes and aspectsNotable shifts in emphasis from BS 25999-2:2007:• First standard written in accordance with Guide 8...
Key changes and aspects• 22301 requires more careful planning for and preparing the resources needed  for ensuring busines...
BCM standard global adoption          Copyright © 2012 BSI. All rights reserved.   18
Multi-sector adoption             Copyright © 2012 BSI. All rights reserved.   19
Benefits of ISO 22301• Allows organizations to benefit from global BCM  best practice, regardless of whether they are  pla...
Benefits of certification• Certification offers many advantages, including:• It challenges your BCM programme and organiza...
Questions?             Copyright © 2012 BSI. All rights reserved.   22
Contact usAddress:       BSI               Via Fara, 35               Milano 20124Telephone:     +39 02 6679091Email:     ...
Upcoming SlideShare
Loading in …5
×

Societal Security – the new standard ISO 22301 for Business Continuity Management

1,952 views

Published on

Luigi BRUSAMOLINO

CISM, CRISC – Managing Director Southern Europe BSI

Published in: Education, Business, Technology

Societal Security – the new standard ISO 22301 for Business Continuity Management

  1. 1. Societal Security – the new standard ISO 22301 forBusiness Continuity ManagementLuigi Brusamolino, Managing Director Southern EMEA - BSICopyright © 2012 BSI. All rights reserved.
  2. 2. Who is BSI? – 10 fast facts No owners/ Global independent Founded in business services shareholders … all profit 1901 organization reinvested into the business Standards, assessment, testing, National #1 certification >2,500 staff certification, training, Standards body in the UK and >50% non- software Body in the UK and USA UK 53 offices 64,000 clients £244.9m located around in 147 revenue in the world countries 2011 Copyright © 2012 BSI. All rights reserved. 2
  3. 3. What is business continuity?• “Business continuity is the capability of an organization to continue delivery of products or services at acceptable predefined levels following disruptive incident.” (ISO 22301 – Societal security – Terminology) Copyright © 2012 BSI. All rights reserved. 3
  4. 4. Examples of disruptions• Extreme weather conditions• Loss of IT/Cyber Security• Loss of people• Supply chain disruption• Transport Disruption• Loss of access to site The dependency on offshore outsourcing, the use of just-in-time sourcing, and the reliance on global supply chains make businesses highly vulnerable. Copyright © 2012 BSI. All rights reserved. 4
  5. 5. Organisations which are at risk• 72% of companies surveyed had experienced at least one disruption to their supply chain.• 83% had experienced disruption over all. Copyright © 2012 BSI. All rights reserved. 5
  6. 6. 6 Are organisations ready for the next crisis? 83% AGREE BCM is important/very important yet…*• 61% of CEO’s surveyed say they have BCM plans in place• 50% of organizations with BCM report that it includes plans for handling the media• 45% of organizations with BCM do not require any supply chain partners to have their own plans• 50% of organizations with BCM exercise their plans once a year.• Around 25% fail to exercise their plans on a regular basis.* BSI/BCI/Cabinet Office survey 2012 with Chartered Management Institute (CMI) Copyright © 2012 BSI. All rights reserved. 6
  7. 7. 2012 BCM survey – key findings• The business case for BCM – 81 per cent of managers whose organisations activated their Business Continuity Management (BCM) arrangements in the last 12 months agree that it effectively reduced disruption. The same number agree that the benefits outweighed the cost.• Adoption of BCM – Overall 61 per cent of managers report that their organisation has BCM in place, up from 58 per cent last year and 49 per cent in 2010. Copyright © 2012 BSI. All rights reserved. 7
  8. 8. 2012 BCM survey – key findings• Drivers – the three biggest external drivers of BCM were corporate governance (42%), demand from existing or potential customers (37%) and regulation (33%).• Disruptive events of 2011 – four in ten were affected by the BlackBerry outage in 2011, 55% of organisations by public sector strikes and 26% by the summer riots*• Disruptive weather – severe weather conditions caused disruption to 49% of organisations over the last year.*UK specific disruptive events of 2011 Copyright © 2012 BSI. All rights reserved. 8
  9. 9. 9International development of BCM standard PAS 56 BS 25999 ISO 22301 2003 2006 2012 • Started as a “PAS” (Publicly Available Specification) by BSI • Became British Standard BS 25999 in 2006 • New ISO 22301 (16 May 2012) Copyright © 2012 BSI. All rights reserved. 9
  10. 10. Introducing ISO 22301• ISO 22301 Societal Security - Business continuity management system - Requirements.• Management system standard• All core business continuity elements in BS 25999-2 are present in ISO 22301 Copyright © 2012 BSI. All rights reserved. 10
  11. 11. Societal Security – ISO 223xx family standardThe term Societal Security was first uded by Barry Buzan in the book People, Statesand Fear: National Security Problems in International Relations (1991).ISO defines Societal Security as the challenge an organization, group of organizations orsociety may face before, during and after a disruptive event.Societal Security ISO 223xx family standards integrates a range of interconnecteddisciplines: asset protection, security, risk management, preparedness, crisis management,emergy management, business continuity management , recovery management anddisaster management.In order to assure sustainability of operations and maintain resilience, competitiveness andperformance, organizations must have an integrated framework and system tomanage risks. Copyright © 2012 BSI. All rights reserved. 29/08/12 11
  12. 12. B2S – Business to Society paradigmaThe term Societal Security and the importance of theeconomic, political, social environment ini which an organizationoperate, re-define the business priorities and focus from traditionalB2C, B2B models to a B2S (Business-to-Society) model inwhich the importance of interested parties (supply chain,governments, local authorities, citizens,..) is critical to the successand sustainability of an organization. Copyright © 2012 BSI. All rights reserved. 29/08/12 12
  13. 13. What is ISO 22301?• Provides the requirements for a business continuity management system (BCMS)• Based on global BCM best practice• Created in response to strong interest in the original British Standard BS 25999- 2 and other regional standards• BS 25999-2 key source text in its development• For those certified to or aligned with BS 25999-2, the additional requirements are not onerous Copyright © 2012 BSI. All rights reserved. 13
  14. 14. Societal Security and BCM?• ISO 22301 now comes under a wider societal security remit• This acknowledges the important role that BCM has to play in protecting society and ensuring our ability to respond to incidents, emergencies and disasters. Copyright © 2012 BSI. All rights reserved. 14
  15. 15. Comparing ISO 22301 and BS 25999-2Includes all core requirements• The ‘Plan Do Check Act’ cycle atte e w dd rra tt ieew aann• Business continuity policy pee nndd eenn oop aa em m r i vvi r ree ti toor k• Business impact analysis mp pl le Mo onn h ec Im D o M• Risk assessment and risk treatments I C• Exercising• Business continuity plans and strategy vee shh oov• Internal audit bbl li is r ppr nndd ai nn i ttaa m• Management review s i im aa ntta c t Es E l an aai in A• Non conformity and corrective action P MM• Improvement actions Copyright © 2012 BSI. All rights reserved. 15
  16. 16. Key changes and aspectsNotable shifts in emphasis from BS 25999-2:2007:• First standard written in accordance with Guide 83• Change in the way an organization is defined (extended enterprise)• Clearer expectations on management• Preventive action has been replaced with “actions to address risks and opportunities” and features earlier• ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics – aligning BC to top management strategic thinking Copyright © 2012 BSI. All rights reserved. 16
  17. 17. Key changes and aspects• 22301 requires more careful planning for and preparing the resources needed for ensuring business continuity• Communication elements more demanding and there is a responsibility to the wider community defined• BIA similar but with some changes to terminology• There is a stronger link to the organizations approach to risk (integrated risk- management)• To reflect the societal security approach some new terminology has been introduced, see ISO 22300 Copyright © 2012 BSI. All rights reserved. 17
  18. 18. BCM standard global adoption Copyright © 2012 BSI. All rights reserved. 18
  19. 19. Multi-sector adoption Copyright © 2012 BSI. All rights reserved. 19
  20. 20. Benefits of ISO 22301• Allows organizations to benefit from global BCM best practice, regardless of whether they are planning to certify or not• Provides a foundation and a common vocabulary for BCM best practice and guidance• Consensus standards like ISO 22301 represent the input and recommendations of hundreds of BC professionals and industry experts• Saves you having to reinvent the wheel Copyright © 2012 BSI. All rights reserved. 20
  21. 21. Benefits of certification• Certification offers many advantages, including:• It challenges your BCM programme and organization to reach a higher level of maturity and preparedness• Supply chain requirement• Prequalification for tenders• Provides a competitive advantage• Signifies a base level of readiness and a commitment and seriousness about BCM Copyright © 2012 BSI. All rights reserved. 21
  22. 22. Questions? Copyright © 2012 BSI. All rights reserved. 22
  23. 23. Contact usAddress: BSI Via Fara, 35 Milano 20124Telephone: +39 02 6679091Email: Marketing.italy@bsigroup.comLinks: www.bsigroup.it Copyright © 2012 BSI. All rights reserved. 23

×