SlideShare a Scribd company logo

Business Continuity Management: How to get started

IT Governance Ltd
IT Governance Ltd

This webinar illustrates: - An overview of what business continuity management (BCM) is - Why organisations choose to deploy a formalised BCM programme (and why others don’t) - The difference between business continuity planning and BCMS - An introduction to ISO 22301, the international standard for BCM - Considerations for implementing a BCMS - How to get approval for your implementation project A recording of the webinar can be found here: https://www.youtube.com/watch?v=zU0782vbYPc&t=23s

Business
1 of 28
Download to read offline
Presented by: • Tony Drewitt, Managing Director • IT Governance Ltd • 19 April 2018 Business Continuity Management: How to get started
• Tony Drewitt - Managing Director: IT Governance UK and EU • One of the first BCM consultants to achieve certification to BS 25999-2:2017, superceded by ISO 22301. • Extensive consultancy experience in delivering ISO 27001 and ISO 22301 implementation projects. • Author of several books, including A Manager’s Guide to ISO22301, ISO22301 - A Pocket Guide, and Everything you want to know about Business Continuity Introduction Copyright IT Governance Ltd – v 0.1
IT Governance: GRC one-stop shop Copyright IT Governance Ltd – v 0.1
• An overview of what business continuity management (BCM) is • Why organisations choose to deploy a formalised BCM programme (and why others don’t) • The difference between business continuity planning and BCMS • An introduction to ISO 22301, the international standard for BCM • Considerations for implementing a BCMS • How to get approval for your implementation project Today’s discussion Copyright IT Governance Ltd – v 0.1
The BCM landscape BCI Horizon Scan 2018 report: • 77% of 657 respondents say their organisations business continuity investment levels are going to either increase or maintain the same compared to 2017. - BCI Horizon Scan Report – 2018 The longer business continuity is implemented for, the more ROI it brings an organisation. – ‘Business Continuity delivers return on investment 2016’, Business Continuity Institute, 2016 Top five disruption threats: • Cyber attack • Data breaches • Unplanned IT outages • Interruption to utility supply • Adverse weather BCI Horizon Scan Report – 2018 Continuity Central survey of 239 business continuity professionals: • 85.3% expect to see revisions to their organisation’s BCM strategies and/or business continuity plans Continuity Central Survey, 2015 BCI Horizon Scan 2018 report: • 657 respondents • No. of organisations implementing relevant BC standards, such as ISO 22301, has risen to 70%. BCI Horizon Scan Report – 2018
What is business continuity management (BCM)? Copyright IT Governance Ltd – v 0.1 ISO 22301: “A holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities." 1. Reliable incident response & business continuity plans 2. People who know how to use them 3. Reliable & proven contingency resources 4. Reliable & proven communication arrangements 5. People who know how to use them 6. Exercise an test arrangements 7. Processes to ensure the above remain fit for purpose
Copyright IT Governance Ltd - v 0.1 What is a BCMS? • A set of management processes that deliver BCM • Plans and arrangements that are based on analysis of: • Disruption risks • Impact of business process disruption • Business as usual resources • A basis for directors to assure themselves that operation disruption risks continue to be appropriately managed • The best chance of ongoing operational resilience • A key element in aby cyber-resilience strategy
Copyright IT Governance Ltd – v 0.1 Why choose to implement BCM? Corporate governance/regulatory requirements • Director’s duties • Corporate social responsibility • Accountability in the event of an incident • Securing information security/networks – NIS Directive Supply chain assurance and competitive advantage • Company reputation • Upstream and downstream assurance • Contractual requirement • Procurement qualifier • Capability (of all suppliers) often assumed “Organizations that have tested BC plans are in a much better place to recover from incidents than those that do not.” - Nick Wildgoose FCA FCIPS, Global Supply Chain Product Leader for Zurich Insurance
Copyright IT Governance Ltd - v 0.1 Return on investment • Faster recovery with lower disruption costs • Identification of ineffective and unnecessary risk controls • Catalyst for business process improvement • Optimised insurance premiums and covers “BC significantly contributes towards optimising organisational performance….BC is not just an overhead, it is an investment for a better organisation.” - ‘Business Continuity delivers return on investment 2016’, Business Continuity Institute, 2016
Inhibitors to BCM growth • ISO 22301 is not as widely adopted as other international standards. There were only 3,853 recorded certifications in 2016. • BCPs don’t eliminate disruptions or resulting impact • Return on investment difficult to quantify and prove • Common mind set: “it won’t happen…..” • Not about personal assets • Assumed but not requested (by customers/clients)
Copyright IT Governance Ltd - v 0.1 Business continuity planning (BCP): a definition ISO 22301: "Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. Typically this covers resources, services and activities required to ensure the continuity of critical business functions." • Assumes activity resumption • Pre-defined level has to be established • What is a ‘critical’ business function?
Copyright IT Governance Ltd – v 0.1 Business continuity planning (BCP) • Incident detection, warning and communication • Incident response organisation (people & process) • Incident management plans • Business continuity plans • Recovery (from temporary measures….) • Based on strategy “The organization shall establish documented procedures for responding to a disruptive incident and how it will continue or recover its activities within a predetermined timeframe.” - ISO 22301 standard
Copyright IT Governance Ltd - v 0.1 Business continuity planning (BCP) • Specific requirements: • Defined roles and responsibilities • Activation response • Details to manage the immediate consequences of a disruptive incident (welfare of individuals, the organisation’s strategic, tactical and operational response options, and prevention of further loss) • Communication plans for employees, key interested parties and emergency contacts • How the organisation will continue or recover prioritised activities within identified timeframes • Details of the organisation’s media response following an incident • A process for standing down once the incident is over
Copyright IT Governance Ltd - v 0.1 Business continuity management system (BCMS): a definition ISO 22301: “Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources. Optimised incident response and business continuity arrangements: • Based on comprehensive analysis Vs. subjective intuition • For all identified unacceptable disruption risk scenarios • Proven competent responders • Continual assurance that all operational disruptions risks are being appropriately managed
Copyright IT Governance Ltd - v 0.1 A comprehensive approach to developing organisational resilience • Should utilise a cross functional team, committee or group including: • Senior manager/director(s) • Programme executive • Functional representatives • Resource providers (internal) • Can contain numerous BCPs, based on conducting a risk assessment • Collaboration in various elements, including: • Competencies • Training & awareness programmes • Management review and audits • Documentation management • Most effective when aligned with the international standard, ISO 22301 Business continuity management system (BCMS)
Copyright IT Governance Ltd - v 0.1 BCMS vs BCP – Some features BCMS • Based on analysis • Regularly tested • Requires regular review and management • Awareness organisation-wide, embedded in the culture and deployed throughout the business BCP • Based on guesswork • Untested • Can become outdated • Lack of organisational awareness, deployed in a limited division of the organisation, and not part of the culture
An introduction to ISO 22301 Copyright IT Governance Ltd - v 0.1 • Sets out the requirements for a BCMS • Developed by an internationally representative group of BCM practitioners based on successful practices • The most comprehensive framework for effective BCM in the world • ASIS SPC.1-2009: similar requirements, though generally less detailed • NFPA 1600: some similar requirements but civil emergency focussed • AS/NZS 5050: narrower focus on risk; aligned with ISO 31000 • Replaced previous standard BS 25999-2:2007
Copyright IT Governance Ltd – v 0.1 Common IMS components within the ISO 22301 framework Source: ISO Global Survey 2016 Context (of the organization) • Policy • Planning • Roles & responsibilities • Competence • Awareness/communication • Documented information & control • Performance evaluation • Management review • Internal audit • Improvement Specific processes • BIA • Exercise & test • Procedure review
Copyright IT Governance Ltd - v 0.1 Structure of ISO 22301
Copyright IT Governance Ltd – v 0.1 The nine-step approach to implementing a BCMS Project mandate • Business case • Top management support • Define scope (of the BCMS) • Outline policy • Reflect organisation’s objective(s) Project initiation • Key deliverables • Delivery dates • Resources • Demonstrate project and BCMS are capable of achieving their objectives BCMS initiation • Define project plan • Steering group • Review process • Plan-Do-Check-Act • Project resources • BCMS Process inventory Management framework • BCMS planning • Support • Resources & competence • Awareness & communications • Documentation • Evaluation & improvement BIA and risk assessment • Pivotal to the BCMS • Basis for strategy & plans • Primary outputs • Recovery priorities • Incident scenarios Business continuity strategy • Based on BIA & Risk assessment • Broad intentions for activity recovery (if viable) • Alternatives to recovery Implementation • Plans/procedures • Incident detection • Warning/communication • Incident response • Business continuity • Recovery • Exercises & tests Measure/monitor/review • Performance evaluation • BCM performance • The BCMS • Metrics • Procedure evaluation • Internal audit • Management review Certification audit • Independent capability assessment • International recognition • 2-stage process • 3-year validity
Copyright IT Governance Ltd - v 0.1 Fundamental principles of implementing a BCMS • Business case, consistency with business objectives • Sustainable commitment • Resource allocation • Optimal business continuity plans, arrangements, resources and capabilities • Organisational needs and (BCM) context • Consistent risk appetite • Product and service focus • Activity (business process) basis • Organisational “buy-in” • Communications • Awareness • Steering group
Copyright IT Governance Ltd - v 0.1 Top management support ISO 22301: • demonstrate leadership and commitment with respect to the BCMS • provide evidence... • Ensure responsibilities and authorities for relevant roles… Why?
Copyright IT Governance Ltd - v 0.1 Top management support • Establish policies & objectives • Ensure integration of BCMS processes with (other) business processes • Provide resources • Communicate importance • Ensure BCMS achieves its outcomes • Direct & support • Promote continual improvement
Copyright IT Governance Ltd - v 0.1 How to get top management approval Business case logic Directors’ obligation: To promote the long- success of the company BCM Driver (s) – Objectives Is the objective a corporate one? Need for assurance/certification Cost of doing business/discharging governance obligations Is accredited certification the best value solution to the need? Establish dependence of objective on solution Loss of solution = failure to meet objective Failure to meet objective = failure to meet director’s obligations
IT Governance: one-stop shop • Get started now with these best-selling resources and tools ISO 22301 standard Must-have implementation guidance ISO 22301 training courses Policies and procedures documentation toolkit ISO 22301 gap analysis consultancy FastTrack™ service
Copyright IT Governance Ltd - v 0.1 IT Governance ISO 22301 classroom courses ISO 22301 Certified BCMS Lead Implementer >> ISO 22301 Certified BCMS Foundation >> ISO22301 Certified BCMS Lead Auditor >> Receive 15% off when you book our ISO22301 BCMS Foundation and Lead Implementer Combination Training Course >>
How to get in touch Copyright IT Governance Ltd – v 0.1 Call us toll free at (0)333 800 7000 Email us servicecentre@itgovernance.co.uk Visit our website https://www.itgovernance.co.uk Like us on Facebook /ITGovernanceLtd Follow us on Twitter /itgovernance Join us on LinkedIn /company/it-governance Contact an ISO 22301 specialist https://www.itgovernance.co.uk/speak-to-a-bcm- expert
Questions

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
IT Governance Ltd
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
 
Security Culture
Security CultureSecurity Culture
Security Culture
PLN9 Security Services Pvt. Ltd.
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 

Recommended

Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
Cyber Essentials plays a key role in the Cyber Resilience Strategy for Scotla...
IT Governance Ltd
 
Creating an effective cyber security awareness programme
Creating an effective cyber security awareness programmeCreating an effective cyber security awareness programme
Creating an effective cyber security awareness programme
IT Governance Ltd
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
GDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on boardGDPR compliance: getting everyone in the organisation on board
GDPR compliance: getting everyone in the organisation on board
IT Governance Ltd
 
Staff awareness: developing a security culture
Staff awareness: developing a security cultureStaff awareness: developing a security culture
Staff awareness: developing a security culture
IT Governance Ltd
 
GDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risksGDPR compliance and information security: Reducing data breach risks
GDPR compliance and information security: Reducing data breach risks
IT Governance Ltd
 
Security Culture
Security CultureSecurity Culture
Security Culture
PLN9 Security Services Pvt. Ltd.
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
IT Governance Ltd
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
PECB
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001
Iris Maaß
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
Magda CHELLY, Ph.D, S-CISO, CISSP®
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
William McBorrough
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
Goutama Bachtiar
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
nooralmousa
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
ControlCase
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
IGN MANTRA
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
ShivamSharma909
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
Rahul Neel Mani
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
Prajwal Panchmahalkar
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
PECB
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
Certification Europe
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
PECB
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
goreankush1
 

More Related Content

What's hot

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
PECB
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
PECB
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Ignyte Assurance Platform
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
PECB
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
nooralmousa
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
PECB
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
Prajwal Panchmahalkar
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 

What's hot (20)

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?How to improve resilience and respond better to Cyber Attacks with ISO 22301?
How to improve resilience and respond better to Cyber Attacks with ISO 22301?
 
It security iso 27001
It security iso 27001It security iso 27001
It security iso 27001
 
Iso 27001 2013
Iso 27001 2013Iso 27001 2013
Iso 27001 2013
 
MCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service PresentationMCGlobalTech Consulting Service Presentation
MCGlobalTech Consulting Service Presentation
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...
 
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and SubcontractorsFull Cybersecurity Regulations Overview for DoD Prime and Subcontractors
Full Cybersecurity Regulations Overview for DoD Prime and Subcontractors
 
Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018Information Security Management System with ISO/IEC 27000:2018
Information Security Management System with ISO/IEC 27000:2018
 
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
ISO/IEC 27701, GDPR, and ePrivacy: How Do They Map?
 
Fadi Mutlak - Information security governance
Fadi Mutlak - Information security governanceFadi Mutlak - Information security governance
Fadi Mutlak - Information security governance
 
Continuous Compliance Monitoring
Continuous Compliance MonitoringContinuous Compliance Monitoring
Continuous Compliance Monitoring
 
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
ISO 27001 Awareness IGN Mantra 2nd Day, 2nd Session.
 
CISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of ITCISA DOMAIN 2 Governance & Management of IT
CISA DOMAIN 2 Governance & Management of IT
 
Cyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its AnalysisCyber Security in the Digital Age: A Survey and its Analysis
Cyber Security in the Digital Age: A Survey and its Analysis
 
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
Data Privacy, Information Security, and Cybersecurity: What Your Business Nee...
 
[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi[null] Iso 27001 a business view by Sripathi
[null] Iso 27001 a business view by Sripathi
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
Segregation of Duties
Segregation of DutiesSegregation of Duties
Segregation of Duties
 
ISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and DevelopmentsISO 27001 Information Security Management Systems Trends and Developments
ISO 27001 Information Security Management Systems Trends and Developments
 

Similar to Business Continuity Management: How to get started

G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
HyTrust
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
PECB
 
Business continuity management system overveiw
Business continuity management system overveiwBusiness continuity management system overveiw
Business continuity management system overveiw
Naresh Rao
 
ISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to know
ISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to knowISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to know
ISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to know
PECB
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
Septafiansyah P
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Stephen G. Lynch
 

Similar to Business Continuity Management: How to get started (20)

Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
 
IT Risk assessment and Audit Planning
IT Risk assessment and Audit PlanningIT Risk assessment and Audit Planning
IT Risk assessment and Audit Planning
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
 
G12: Implementation to Business Value
G12: Implementation to Business ValueG12: Implementation to Business Value
G12: Implementation to Business Value
 
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
Integrating ISO 27001, ISO 20000, and Project Management – From Theory to Pra...
 
Iso 9001 2015 iso geek
Iso 9001 2015 iso geekIso 9001 2015 iso geek
Iso 9001 2015 iso geek
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
 
Intro to ISO
Intro to ISOIntro to ISO
Intro to ISO
 
Business continuity management system overveiw
Business continuity management system overveiwBusiness continuity management system overveiw
Business continuity management system overveiw
 
CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016CISA Training - Chapter 2 - 2016
CISA Training - Chapter 2 - 2016
 
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliancePECB Webinar: ISO Internal Audits - A signpost to ISO compliance
PECB Webinar: ISO Internal Audits - A signpost to ISO compliance
 
What are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationWhat are the steps for ISO 22301 certification
What are the steps for ISO 22301 certification
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
AAC Training Presentation 2009
AAC Training Presentation 2009AAC Training Presentation 2009
AAC Training Presentation 2009
 
Control Standards for Information Security
Control Standards for Information SecurityControl Standards for Information Security
Control Standards for Information Security
 
ISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to know
ISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to knowISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to know
ISO/IEC 27001 vs ISO 22301 vs ISO 31000: What you need to know
 
ISO9001-2015 3-25-19
ISO9001-2015 3-25-19ISO9001-2015 3-25-19
ISO9001-2015 3-25-19
 
Integrating sms and isms
Integrating sms and ismsIntegrating sms and isms
Integrating sms and isms
 
Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...Approaches to the development of Integrated Management Systems for modern IT ...
Approaches to the development of Integrated Management Systems for modern IT ...
 
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...Designing Effective Financial Controls - Leveraging the Internal Control Fram...
Designing Effective Financial Controls - Leveraging the Internal Control Fram...
 

More from IT Governance Ltd

NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
IT Governance Ltd
 

More from IT Governance Ltd (20)

Risk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR complianceRisk assessments and applying organisational controls for GDPR compliance
Risk assessments and applying organisational controls for GDPR compliance
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
The first steps towards GDPR compliance 
The first steps towards GDPR compliance The first steps towards GDPR compliance 
The first steps towards GDPR compliance 
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
The GDPR and NIS Directive Risk-Based Security Measures and Incident Notifica...
 
Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...Addressing penetration testing and vulnerabilities, and adding verification m...
Addressing penetration testing and vulnerabilities, and adding verification m...
 
NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...NY State's cybersecurity legislation requirements for risk management, securi...
NY State's cybersecurity legislation requirements for risk management, securi...
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
Privacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failingPrivacy and the GDPR: How Cloud computing could be your failing
Privacy and the GDPR: How Cloud computing could be your failing
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
Data Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPRData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR
 
Appointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPRAppointing a Data Protection Officer under the GDPR
Appointing a Data Protection Officer under the GDPR
 
GDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud ProvidersGDPR: Requirements for Cloud Providers
GDPR: Requirements for Cloud Providers
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer EU GDPR: The role of the data protection officer
EU GDPR: The role of the data protection officer
 
Data Breaches and the EU GDPR
Data Breaches and the EU GDPRData Breaches and the EU GDPR
Data Breaches and the EU GDPR
 
Using international standards to improve US cybersecurity
Using international standards to improve US cybersecurityUsing international standards to improve US cybersecurity
Using international standards to improve US cybersecurity
 

Recently uploaded

Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
dlhescort
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
lizamodels9
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
lizamodels9
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 

Recently uploaded (20)

Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRLMONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
MONA 98765-12871 CALL GIRLS IN LUDHIANA LUDHIANA CALL GIRL
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service NoidaCall Girls In Noida 959961⊹3876 Independent Escort Service Noida
Call Girls In Noida 959961⊹3876 Independent Escort Service Noida
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
Call Girls From Pari Chowk Greater Noida ❤️8448577510 ⊹Best Escorts Service I...
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 

Business Continuity Management: How to get started

  • 1. Presented by: • Tony Drewitt, Managing Director • IT Governance Ltd • 19 April 2018 Business Continuity Management: How to get started
  • 2. • Tony Drewitt - Managing Director: IT Governance UK and EU • One of the first BCM consultants to achieve certification to BS 25999-2:2017, superceded by ISO 22301. • Extensive consultancy experience in delivering ISO 27001 and ISO 22301 implementation projects. • Author of several books, including A Manager’s Guide to ISO22301, ISO22301 - A Pocket Guide, and Everything you want to know about Business Continuity Introduction Copyright IT Governance Ltd – v 0.1
  • 3. IT Governance: GRC one-stop shop Copyright IT Governance Ltd – v 0.1
  • 4. • An overview of what business continuity management (BCM) is • Why organisations choose to deploy a formalised BCM programme (and why others don’t) • The difference between business continuity planning and BCMS • An introduction to ISO 22301, the international standard for BCM • Considerations for implementing a BCMS • How to get approval for your implementation project Today’s discussion Copyright IT Governance Ltd – v 0.1
  • 5. The BCM landscape BCI Horizon Scan 2018 report: • 77% of 657 respondents say their organisations business continuity investment levels are going to either increase or maintain the same compared to 2017. - BCI Horizon Scan Report – 2018 The longer business continuity is implemented for, the more ROI it brings an organisation. – ‘Business Continuity delivers return on investment 2016’, Business Continuity Institute, 2016 Top five disruption threats: • Cyber attack • Data breaches • Unplanned IT outages • Interruption to utility supply • Adverse weather BCI Horizon Scan Report – 2018 Continuity Central survey of 239 business continuity professionals: • 85.3% expect to see revisions to their organisation’s BCM strategies and/or business continuity plans Continuity Central Survey, 2015 BCI Horizon Scan 2018 report: • 657 respondents • No. of organisations implementing relevant BC standards, such as ISO 22301, has risen to 70%. BCI Horizon Scan Report – 2018
  • 6. What is business continuity management (BCM)? Copyright IT Governance Ltd – v 0.1 ISO 22301: “A holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities." 1. Reliable incident response & business continuity plans 2. People who know how to use them 3. Reliable & proven contingency resources 4. Reliable & proven communication arrangements 5. People who know how to use them 6. Exercise an test arrangements 7. Processes to ensure the above remain fit for purpose
  • 7. Copyright IT Governance Ltd - v 0.1 What is a BCMS? • A set of management processes that deliver BCM • Plans and arrangements that are based on analysis of: • Disruption risks • Impact of business process disruption • Business as usual resources • A basis for directors to assure themselves that operation disruption risks continue to be appropriately managed • The best chance of ongoing operational resilience • A key element in aby cyber-resilience strategy
  • 8. Copyright IT Governance Ltd – v 0.1 Why choose to implement BCM? Corporate governance/regulatory requirements • Director’s duties • Corporate social responsibility • Accountability in the event of an incident • Securing information security/networks – NIS Directive Supply chain assurance and competitive advantage • Company reputation • Upstream and downstream assurance • Contractual requirement • Procurement qualifier • Capability (of all suppliers) often assumed “Organizations that have tested BC plans are in a much better place to recover from incidents than those that do not.” - Nick Wildgoose FCA FCIPS, Global Supply Chain Product Leader for Zurich Insurance
  • 9. Copyright IT Governance Ltd - v 0.1 Return on investment • Faster recovery with lower disruption costs • Identification of ineffective and unnecessary risk controls • Catalyst for business process improvement • Optimised insurance premiums and covers “BC significantly contributes towards optimising organisational performance….BC is not just an overhead, it is an investment for a better organisation.” - ‘Business Continuity delivers return on investment 2016’, Business Continuity Institute, 2016
  • 10. Inhibitors to BCM growth • ISO 22301 is not as widely adopted as other international standards. There were only 3,853 recorded certifications in 2016. • BCPs don’t eliminate disruptions or resulting impact • Return on investment difficult to quantify and prove • Common mind set: “it won’t happen…..” • Not about personal assets • Assumed but not requested (by customers/clients)
  • 11. Copyright IT Governance Ltd - v 0.1 Business continuity planning (BCP): a definition ISO 22301: "Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. Typically this covers resources, services and activities required to ensure the continuity of critical business functions." • Assumes activity resumption • Pre-defined level has to be established • What is a ‘critical’ business function?
  • 12. Copyright IT Governance Ltd – v 0.1 Business continuity planning (BCP) • Incident detection, warning and communication • Incident response organisation (people & process) • Incident management plans • Business continuity plans • Recovery (from temporary measures….) • Based on strategy “The organization shall establish documented procedures for responding to a disruptive incident and how it will continue or recover its activities within a predetermined timeframe.” - ISO 22301 standard
  • 13. Copyright IT Governance Ltd - v 0.1 Business continuity planning (BCP) • Specific requirements: • Defined roles and responsibilities • Activation response • Details to manage the immediate consequences of a disruptive incident (welfare of individuals, the organisation’s strategic, tactical and operational response options, and prevention of further loss) • Communication plans for employees, key interested parties and emergency contacts • How the organisation will continue or recover prioritised activities within identified timeframes • Details of the organisation’s media response following an incident • A process for standing down once the incident is over
  • 14. Copyright IT Governance Ltd - v 0.1 Business continuity management system (BCMS): a definition ISO 22301: “Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources. Optimised incident response and business continuity arrangements: • Based on comprehensive analysis Vs. subjective intuition • For all identified unacceptable disruption risk scenarios • Proven competent responders • Continual assurance that all operational disruptions risks are being appropriately managed
  • 15. Copyright IT Governance Ltd - v 0.1 A comprehensive approach to developing organisational resilience • Should utilise a cross functional team, committee or group including: • Senior manager/director(s) • Programme executive • Functional representatives • Resource providers (internal) • Can contain numerous BCPs, based on conducting a risk assessment • Collaboration in various elements, including: • Competencies • Training & awareness programmes • Management review and audits • Documentation management • Most effective when aligned with the international standard, ISO 22301 Business continuity management system (BCMS)
  • 16. Copyright IT Governance Ltd - v 0.1 BCMS vs BCP – Some features BCMS • Based on analysis • Regularly tested • Requires regular review and management • Awareness organisation-wide, embedded in the culture and deployed throughout the business BCP • Based on guesswork • Untested • Can become outdated • Lack of organisational awareness, deployed in a limited division of the organisation, and not part of the culture
  • 17. An introduction to ISO 22301 Copyright IT Governance Ltd - v 0.1 • Sets out the requirements for a BCMS • Developed by an internationally representative group of BCM practitioners based on successful practices • The most comprehensive framework for effective BCM in the world • ASIS SPC.1-2009: similar requirements, though generally less detailed • NFPA 1600: some similar requirements but civil emergency focussed • AS/NZS 5050: narrower focus on risk; aligned with ISO 31000 • Replaced previous standard BS 25999-2:2007
  • 18. Copyright IT Governance Ltd – v 0.1 Common IMS components within the ISO 22301 framework Source: ISO Global Survey 2016 Context (of the organization) • Policy • Planning • Roles & responsibilities • Competence • Awareness/communication • Documented information & control • Performance evaluation • Management review • Internal audit • Improvement Specific processes • BIA • Exercise & test • Procedure review
  • 19. Copyright IT Governance Ltd - v 0.1 Structure of ISO 22301
  • 20. Copyright IT Governance Ltd – v 0.1 The nine-step approach to implementing a BCMS Project mandate • Business case • Top management support • Define scope (of the BCMS) • Outline policy • Reflect organisation’s objective(s) Project initiation • Key deliverables • Delivery dates • Resources • Demonstrate project and BCMS are capable of achieving their objectives BCMS initiation • Define project plan • Steering group • Review process • Plan-Do-Check-Act • Project resources • BCMS Process inventory Management framework • BCMS planning • Support • Resources & competence • Awareness & communications • Documentation • Evaluation & improvement BIA and risk assessment • Pivotal to the BCMS • Basis for strategy & plans • Primary outputs • Recovery priorities • Incident scenarios Business continuity strategy • Based on BIA & Risk assessment • Broad intentions for activity recovery (if viable) • Alternatives to recovery Implementation • Plans/procedures • Incident detection • Warning/communication • Incident response • Business continuity • Recovery • Exercises & tests Measure/monitor/review • Performance evaluation • BCM performance • The BCMS • Metrics • Procedure evaluation • Internal audit • Management review Certification audit • Independent capability assessment • International recognition • 2-stage process • 3-year validity
  • 21. Copyright IT Governance Ltd - v 0.1 Fundamental principles of implementing a BCMS • Business case, consistency with business objectives • Sustainable commitment • Resource allocation • Optimal business continuity plans, arrangements, resources and capabilities • Organisational needs and (BCM) context • Consistent risk appetite • Product and service focus • Activity (business process) basis • Organisational “buy-in” • Communications • Awareness • Steering group
  • 22. Copyright IT Governance Ltd - v 0.1 Top management support ISO 22301: • demonstrate leadership and commitment with respect to the BCMS • provide evidence... • Ensure responsibilities and authorities for relevant roles… Why?
  • 23. Copyright IT Governance Ltd - v 0.1 Top management support • Establish policies & objectives • Ensure integration of BCMS processes with (other) business processes • Provide resources • Communicate importance • Ensure BCMS achieves its outcomes • Direct & support • Promote continual improvement
  • 24. Copyright IT Governance Ltd - v 0.1 How to get top management approval Business case logic Directors’ obligation: To promote the long- success of the company BCM Driver (s) – Objectives Is the objective a corporate one? Need for assurance/certification Cost of doing business/discharging governance obligations Is accredited certification the best value solution to the need? Establish dependence of objective on solution Loss of solution = failure to meet objective Failure to meet objective = failure to meet director’s obligations
  • 25. IT Governance: one-stop shop • Get started now with these best-selling resources and tools ISO 22301 standard Must-have implementation guidance ISO 22301 training courses Policies and procedures documentation toolkit ISO 22301 gap analysis consultancy FastTrack™ service
  • 26. Copyright IT Governance Ltd - v 0.1 IT Governance ISO 22301 classroom courses ISO 22301 Certified BCMS Lead Implementer >> ISO 22301 Certified BCMS Foundation >> ISO22301 Certified BCMS Lead Auditor >> Receive 15% off when you book our ISO22301 BCMS Foundation and Lead Implementer Combination Training Course >>
  • 27. How to get in touch Copyright IT Governance Ltd – v 0.1 Call us toll free at (0)333 800 7000 Email us servicecentre@itgovernance.co.uk Visit our website https://www.itgovernance.co.uk Like us on Facebook /ITGovernanceLtd Follow us on Twitter /itgovernance Join us on LinkedIn /company/it-governance Contact an ISO 22301 specialist https://www.itgovernance.co.uk/speak-to-a-bcm- expert