PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
This topic covered an overview of ISO 22301:2012 requirements regarding Business Impact Analysis, the importance of BIA, and how to avoid most common mistakes.
Main points covered:
• Overview of ISO 22301:2012 requirements regarding Business Impact Analysis
• How to avoid most common mistakes and obtain reliable data from the BIA?
• The significance of the BIA
Presenter:
Renata Davidson works in the Business Continuity Management area since 1998. She was the first professional in Central and Eastern Europe to be certified by Disaster Recovery Institute International. During the course of her career, she's lead tens of projects for "Blue Chip companies in Poland, in all sectors of the economy. She is the founder and CEO of Davidson Consulting &Partners LLC, a partnership of experts specializing in business continuity, operational risk management and process management.
Link of the recorded session published on YouTube: https://youtu.be/3rVhrGQk8cE
This handout was provided at the OCNC Business Emergency Preparedness Series workshop hosted by the Orange County Emergency Services and The Chamber on April 11, 2019.
PECB Webinar: Introduction to ISO 22317 – Business Impact Analysis (BIA)PECB
We will cover:
• Importance of Business Impact Analysis (BIA)
• What does new standard ISO 22317 cover?
• Elaborating ISO 22317
Presenter:
This session will be hosted by our partner Dr. Wolfgang H. Mahr, M.Sc., MBCI, the Managing Director of governance & continuity gmbh with more than 20 years of experience.
Business Impact Analysis - The Most Important Step during BCMS ImplementationPECB
This topic covered an overview of ISO 22301:2012 requirements regarding Business Impact Analysis, the importance of BIA, and how to avoid most common mistakes.
Main points covered:
• Overview of ISO 22301:2012 requirements regarding Business Impact Analysis
• How to avoid most common mistakes and obtain reliable data from the BIA?
• The significance of the BIA
Presenter:
Renata Davidson works in the Business Continuity Management area since 1998. She was the first professional in Central and Eastern Europe to be certified by Disaster Recovery Institute International. During the course of her career, she's lead tens of projects for "Blue Chip companies in Poland, in all sectors of the economy. She is the founder and CEO of Davidson Consulting &Partners LLC, a partnership of experts specializing in business continuity, operational risk management and process management.
Link of the recorded session published on YouTube: https://youtu.be/3rVhrGQk8cE
This handout was provided at the OCNC Business Emergency Preparedness Series workshop hosted by the Orange County Emergency Services and The Chamber on April 11, 2019.
The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India.
http://www.ifour-consultancy.com
A small section of the course ECP-901, Business Continuity & Resiliency Management, by the Institute for Business Continuity Training, https://www.ibct.com
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
The webinar covers:
• ISO 31000 as the adopted standard, for ISO standards that have risk components, such as ISO 27005 and OHSAS 18001
• Description of Management of Risk (MoR) – how organizations can benefit
• Complementary values that ISO 31000 and MoR bring to each other
• How Risk Managers can evolve a practical approach to carrying out Risk Processes
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, an experienced Enterprise Architect and Chief Trainer for Training Heights Limited.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
The presentation is about information risk management. It covers information threats, risks, vulnerabilities and importance of risk assessment for information security for software companies in India.
http://www.ifour-consultancy.com
A small section of the course ECP-901, Business Continuity & Resiliency Management, by the Institute for Business Continuity Training, https://www.ibct.com
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
To protect your organization from cyber attacks, you need to implement a robust information security management system (ISMS) and business continuity management system (BCMS) based on international standards, such as ISO/IEC 27001 and ISO 22301.
Amongst others, the webinar covers:
• Why we need a cyber response plan to protect business operations
• Introduction to ISO/IEC 27001 and ISO 22301
• What do we need for a cyber security response plan?
• How do we develop a cyber security response plan?
Presenters:
Nick Frost
Nick Frost is Co-founder and Lead Consultant at CRMG.
Nick’s career in cyber security spanning nearly 20 years. Most recently Nick has held leadership roles at PwC as Group Head of Information Risk and at the Information Security Forum (ISF) as Principal Consultant.
In particular Nick was Group Head of Information Risk for PwC designing and implementing best practice solutions that made good business sense, that prioritise key risks to the organisation and helped minimise disruption to ongoing operations. Whilst at the ISF Nick led their information risk projects and delivered many of the consultancy engagements to help organisations implement leading thinking in information risk management.
Nicks combined experience as a cyber risk researcher and practitioner designing and implementing risk based solutions places him as a leading cyber risk expert. Prior to cyber security and after graduating from UCNW and Oxford Brookes Nick was a geophysicst in the Oil and Gas Industry.
Simon Lacey
Simon is a resourceful, creative Information & Cyber Security professional with a proven track record of instigating change, disrupting the status quo, influencing stakeholders and developing ‘big picture’ vision across business populations. Multiple industry experience; excels in building stakeholder engagement & consensus; and suporting organisations to make sustainable change.
Simon also has considerable experience of risk management, education and awareness, strategy development and consulting to senior management and is a confident and engaging public speaker.
Simon has previously worked within the NHS, Bank of England and BUPA, before setting out as an independent consultan forming Oliver Lacey Limited, supporting clients in multiple business sectors.
When not working, Simon loves to run – currently training for the Berlin Marathon, a Director of Aylesbury United Football Club, records vlogs and is an experienced standup comic.
Date: April 26, 2023
Find out more about ISO training and certification services
Training: https://bit.ly/3AyoyYF
https://bit.ly/3LbBVTx
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
YouTube video: https://youtu.be/i4qx5mjEqio
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
The webinar covers:
• ISO 31000 as the adopted standard, for ISO standards that have risk components, such as ISO 27005 and OHSAS 18001
• Description of Management of Risk (MoR) – how organizations can benefit
• Complementary values that ISO 31000 and MoR bring to each other
• How Risk Managers can evolve a practical approach to carrying out Risk Processes
Presenter:
This webinar was presented by PECB Trainer Orlando Olumide Odejide, an experienced Enterprise Architect and Chief Trainer for Training Heights Limited.
Let’s understand the concepts of business continuity and Disaster Recovery in brief. To know more, visit: www.eccouncil.org/business-continuity-and-disaster-recovery
Module 4.1 - Operation management
The SENSES project co-funded by the European Union funds (ERDF and IPA)
For more information check the official website: http://www.interreg-danube.eu/senses
Bill Baylis of Medical Account Solutions, Christine Ippolito, SPHR of Compass Workforce Solutions and Armando D'Accordo of CMIT Solutions South Nassau team up to share their knowledge with Medical interns on the subjects of Medical Billing Outsourcing, Employer Obligations and IT Disaster Recovery.
Performance Engineering: Strategies, Analysis and Management meet your busine...The Digital Group
Performance Engineering helps to manage system performance, meet your customer expectations, improve user satisfaction, reduce costs and succeed so that you can focus on your business.
Ambition PMO Focus Group
Sandra Arps, Agile PMO & Agile Transformation Consultant provides a step by step guide for evaluating and implementing a new Project & Portfolio Management Tool.
Ambition PMO Focus Group
Sandra Arps, Agile PMO & Agile Transformation Consultant provides a step by step guide for evaluating and implementing a new Project & Portfolio Management Tool.
Ambition PMO Focus Group
Sandra Arps, Agile PMO & Agile Transformation Consultant provides a step by step guide for evaluating and implementing a new Project & Portfolio Management Tool.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
1.
BUSINESS IMPACT ASSESSMENT (BIA)
1. List your organization’s Key Functionsin priority order.
Key Affected Functions
1.Pending Orders
2.Tracking in Stock Items
3.Transportation of the product
4.Credit Card Processing
5.Online assistance
6. Website Product Search Database
1. Using the guidance set out below undertake a Business Impact Analysis of your department, filling in your answers to the following
questions on the blank BIA Proforma sheet under the relevant headings:
2. PEOPLE PREMISES PROCESSES PROVIDERS PROFILE
Key Staff:
Software Engineer
System Analyst Technical
Support Database
Administrator Technical
consultant Web developer
Database Administrator
System Engineer
Business Analyst
Buildings:
Off Eastern Express
Highway,
Sion (East) Mumbai, South
Yorkshire
IT:
Communication Data
Management Marketing
Process Improvement
Enterprise Resource
Planning
Reciprocal
Arrangements:
BCP Partners with
Synstar International
Reputation:
Employees
Customers
Shareholders
Supplier
Distributor
Skills / Expertise /
Training:
Specialised IT specific
Training
Facilities:
● Building
Manufacturing
● Plant Hardware
Inspection and
Management
● Space Management
& Migration
● Business Continuity
Documentation:
● Customer's Information
(Online)
● Supplier Information
(Online)
● Distributor Information
(Online)
● Company bylaws for
corporations
● Employment agreement
Online terms of use
● Online privacy policy
Non-disclosure
agreement
Contractors / External
Providers:
● Glen Dimplex
Group Morphy
Richards,
● EIO Morphy
Richards,
Dimplex,
● Aqua Vac,
● Belling EWT,
● Goblin,
● Electromode,
Faber,
● AKO,
● Glen, Stoves, New
World & Riedel.
Legal Considerations:
● Basic legal
requirements
Trademarks,
copyrights & patents
● Trades Description
Act
● Sale of Goods Act
Insurances Taxes
Minimum Staffing
Levels:
6 to 7
● Equipment /
Resources:
● Servers Hardware
(networks, servers
Software Application
desktop and laptop
computers, wireless
Systems &
Communications
● Database Systems,
● Computers,
● Laptops,
● Printers
Suppliers:
● Computer
Hardware
providers.
● Software Service
Providers
Vulnerable Groups:
● Prospective
Customers
● Customers seeking
service
● New Customer
4. CONSIDERATIONS FOR INCREASING YOUR ORGANISATION’S RESILIENCE
PEOPLE PREMISES PROCESSES PROVIDERS PROFILE
Key Staff:
Can staff be contacted out
of hours?YES
Could extra capacity be
built into your staffing to
assist you in coping during
an incident?
MAYBE
Buildings:
Could you operate from
more than one
premise?YES
Could you relocate
operations in the event of a
premise being lost or if
access to the premise was
denied?
MAYBE, BUT
TEMPORARY
IT:
Is data backed-up and
are back-ups kept off
site?
YES
Do you have any
disaster recovery
arrangements in
place?YES
Reciprocal
Arrangements: Do you
have agreements with
other organisations
regarding staffing, use of
facilities in the event of an
incident?MAYBE
Reputational Damage:
How could reputational
damage to your
organisation be
reduced?BY MAKING
PEOPLE MORE AWARE
ABOUT PRODUCT
How could you provide
information to staff and
stakeholders in an
emergency (e.g. press
release)?
LOCAL MEDIA,
NEWSLETTER
Skills / Expertise /
Training: Could staff be
trained in other roles?YES
Could other members of
staff undertake other
non-specialist roles, in the
event of an incident?YES
Facilities:
Are any of your facilities
multi- purpose?YES
Are alternative facilities
available in the event of
an incident?YES
Documentation:
Is essential documentation
stored securely (e.g. fire
proof safe,
backed-up)?YES
Do you keep copies of
essential documentation
elsewhere?YES
Contractors / External
Providers:
Do you know of
alternative contractors or
are you reliant on a single
contractor?NO
Do your contractors
have contingency plans
in place?YES
Could contractors be
contacted in the event of an
incident?MAYBE
Legal Considerations:
Do you have systems to
log decisions; actions; and
costs, in the event of an
incident?YES
5.
Minimum Staffing
Levels: What is the
minimal staffing level
required to continue to
deliver your key functions
at an acceptable level?20
What measures could be
taken to minimise impacts of
staff
shortfalls?FREELANCER
Equipment / Resources:
Could alternative
equipment / resources be
acquired in the event of an
incident /
disruption?MAYBE
Could key equipment
be replicated or do
manual procedures
exist?NO
Systems &
Communications:
Are your systems
flexible?YES
Do you have
alternative systems in
place (manual
processes)?YES
What alternative means
of communication
exist?YES
Suppliers:
Do you know of
suitable alternative
suppliers?YES
Could key suppliers be
contacted in an
emergency?YES
Vulnerable Groups:
How could vulnerable
groups be contacted /
accommodated in the event
of an incident?YES
6. USING BUSINESS IMPACT ANALYSIS TO BUILD A PLAN
BIA
Identifies your requirements
for continuing Your key functions
DETAILS Business Continuity Plan
Documents how your requirements identified in
the BIA can be achieved
PEOPLE
Key Staff Top level executives; Electrical engineers;
Marketers; Ground level staff; Database managers;
Software developers
Notification / invocation procedure / protocol
Information and advice to staff (response
procedures)
Expertise / competence required Having competitive knowledge of electrical
engineering and electrical appliances
Key staff / contact list (including out of hours
details
Multi skill training in key areas
Minimum staffing levels required
to continue / recover key functions
In order to provide minimum required services, we
would be needing at least 11.2 hrpd
ReciprocaL Arrangements to cover staff short falls
Home working
Staff welfare
issues
PREMISES
Key facilities R&D Lab; Distribution Centre; Assembling plant Loss / damage assessment
Site security
Key Equipment , Key Resources Autonomous modelling tool; Project Management
softwares
Inventories of equipment/ resources and details of
how to recover these
Copies / Back-ups / safe storage (recovery
procedure)
Checklists
Data recovery procedures
Buildings South Yorkshire Headquarters; Mexborough;
Rotherham
Salvage, site clearance and cleaning arrangements
PROFILE
Key stakeholders Employees; Customers; Distributors; Shareholders Stakeholder liaison (regulator, clients, unions)
Notification of at risk groups / alternative
care arrangements
Legal / statutory /
regulatory requirements
LLC Operating Agreement; Privacy Policy; Stock
Certificate; Trademark assignment agreement
Public information / advice
7.
Business Impact Analysis Worksheet
Department / Function / Process IT DEPARTMENT Operational & Financial Impacts
Timing / Duration Operation Impact (Cumulative) Financial
Impact
● < 1 hour(None) None
0
• >1 hr. < 8 hours(Insignificant) • Customer dissatisfaction
• Lost sales and income
10
• > 8 hrs. <24 hours(Minor) • Increased expenses (e.g., overtime labor, outsourcing,
expediting costs, etc.)
11 to 50
• > 24 hrs. < 72 hrs(Moderate) • Regulatory fines
• Customer dissatisfaction or defection
51 to 100
• > 72 hrs|(Moderate) • Customer dissatisfaction and defection 51 to 100
• > 1 week(Major) • Negative cash flow resulting from delayed sales or income
• Contractual penalties or loss of contractual bonuses
101 to 150
• > 1 month(Catastrophic) • Delay executing business plan or strategic initiative 151 or more
8.
Timing: Identify point in time when interruption would
have greater impact (e.g., season, end of
month/quarter, etc.)
Duration: Identify the duration of the interruption or
point in time when the operational and or financial
impact(s) will occur.
• < 1 hour
• >1 hr. < 8 hours
• > 8 hrs. <24 hours
• > 24 hrs. < 72 hrs.
• > 72 hrs.
• > 1 week
• > 1 month
Considerations (customize for your business)
Operational Impacts
• Lost sales and income
• Negative cash flow resulting from delayed sales
or income
• Increased expenses (e.g., overtime labor,
outsourcing, expediting costs, etc.)
• Regulatory fines
• Contractual penalties or loss of contractual
bonuses
• Customer dissatisfaction or defection
• Delay executing business plan or strategic initiative
9. ready.gov/business
Business Continuity Resource
Requirements
Resource Category
Resource Details
Normal
Quantity
24 hours 72 hours 1 week Later (specify)
Managers
Plant managers, Product
Managers, Production
Manager, Logistics and
Supply Chain managers,
Finance managers,
Procurement Manager
4
✓
Staff
Primary site, relocation site
and recovery site
100 ✓
Office space
Area for office setup for the
different managers and
stations for work
500 Sqm
✓
Office equipment
Furniture, phone, fax, LAN
System, Boards, Stationary
Lumpsum
✓
Office technology
Desktops and laptops (with
software), printers with
connectivity; wireless
devices (with email
access)
10 – Desktops
3 – Laptops
2 – Printers
1 _WLAN
device
✓
Vital records, data,
information
Location, backups, and
media type
✓
Production
Facilities
Owned, leased, or
reciprocal agreement
10000 SQM
✓
Production machinery &
Equipment
Especially custom
equipment with long
replacement time
Lumpsum
✓
10.
Dies, patterns,
molds, etc. for
machinery
& equipment
Specialized R&D machinery and
Inventory
Lumpsum
✓
Raw Materials
Single or sole source
suppliers and possible
alternatives
Lumpsum
✓
Third party
services
3rd Party Logistics Provider
✓
Instructions: Identify the resources required to restore business operations following a disaster. Estimate the resources needed in the days and weeks following the
disaster. Also review information technology disaster recovery plan for restoration of hardware and software.