Comparison of ISO 22301 with BS 25999
19
Comparison of ISO 22301 and BS 25999-2 Business Continuity Management Standards Headline Differences [email protected] | @Steelhenge | www.crisisthinking.co.uk | 0845 094 2117
-
Upload
steelhenge -
Category
Business
-
view
458 -
download
2
description
The International Standard for Business Continuity Management Systems is well and truly here, and we at Steelhenge have been busy assisting clients with their ISO 22301 implementation. Here we take you on a whistle-stop tour of the headline differences between the requirements of BS 25999-2 and ISO 22301. Visit us at www.steelhenge.co.uk to find out more!
Transcript of Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 and BS 25999-2Business Continuity Management Standards
Headline Differences
[email protected] | @Steelhenge | www.crisisthinking.co.uk | 0845 094 2117
What is in this Slide Pack?
What is ISO 22301?
Key features of ISO 22301
How does it compare with BS 25999-2?
What’s new in ISO 22301 vs BS 25999-2
Support in implementing ISO 22301
What is ISO 22301?
• ISO 22301 is the International Standard for Business Continuity Management Systems – Requirements
• It encapsulates international business continuity best practice into a specification of requirements for planning and implementing a business continuity management system (BCMS)
• Organisations wishing to certify their BCMS will be externally audited against the requirements in ISO 22301
What is ISO 22301?
• ISO 22301 is supported by a Guidance document published as a separate Standard, ISO 22313
• Both Standards were developed by Technical Committee 223 – Societal Security (ISO TC 223) of the International Standards Organisation
• ISO 22301 was published May 2012• ISO 22313 was published December 2012
Key Features of ISO 22301
[email protected] | @Steelhenge | www.crisisthinking.co.uk | 0845 094 2117
Performance Evaluation
Support
Context of the Organisation
Planning
Operation
Leadership
Improvement
4
5
6
7
8
9
10
Key Features of ISO 22301• Amalgamation of National BC Standards• Enables global organisations to apply one Standard• Conforms to ISO’s new Management Systems 10 clause structure
(Annex SL) which will guide all future Standards:
Scope, References, Definitions1,23
How does ISO 22301 compare to BS 25999-2?
BS 25999-2 – Withdrawn; transition period to June 2014
BS 25999-1 – Withdrawn
[email protected] | @Steelhenge | www.crisisthinking.co.uk | 0845 094 2117
ISO 22301 vs BS 25999-2
• BS 25999 was the key reference for the business continuity content of ISO 22301
• The BC-specific requirements are mainly in Clause 8; the other clauses relate to operational planning and management of the system
• The BC requirements eg BIA/RA are largely the same as in BS 25999 but with some some changes in terminology and emphasis, such as supply chain continuity
• 105 shall’s in 22301 vs 56 in 25999
ISO 22301 vs BS 25999-2
The next slide maps the clauses of ISO 22301 against the Business Continuity Lifecycle in BS 25999-2
8.2BIA and RA
8.3BC StrategyRisk Treatment
8.4Plans
8.5Exercising & Testing
7.2 Competence7.3 Awareness
Clauses 4, 5, 6, 7, 8.1, 9 & 10
What’s New in ISO 22301 vs BS 25999-2?
[email protected] | @Steelhenge | www.crisisthinking.co.uk | 0845 094 2117
What’s New in ISO 22301?
• Formal requirements (Clause 4) to define and document the context of the organisation to ensure the BCMS is relevant to it
• Context considers such things as defining what the organisation does, its strategic objectives, what are the risks and opportunities it faces, what’s its risk appetite, what is it dependent on, who does it influence, what regulatory requirements does it have to meet
What’s New in ISO 22301?
• More specific requirements (Clause 5) for leadership and ongoing commitment to implementation of the BCMS by senior management
• More clarity around setting realistic and measurable BC objectives and how they will be achieved
• Much of the ‘embedding’ part of BS 25999 is met by the competency and awareness requirements in clause 7.
What’s New in ISO 22301?
• A new clause (7.4) on communication with internal and external interested parties during disruption: who, what, when, how (testing of communication capability and interoperability required)?
• A new clause (8.4.3) on Warning and Communication throughout the incident lifecycle. How will an incident be detected and monitored, how will people be told about it, how will information and decisions be recorded
What’s New in ISO 22301?
• A short but significant new requirement for recovery plans (8.4.5) detailing how activities will return from their temporary state post-incident to normal (or new normal) eg movement back from a recovery site to the office
• A new clause (9) on Performance Evaluation of the whole BCMS – are we doing what we said we would do, is it doing what we want it to do, how do we know, does anything need updating, changing? Includes the Internal Audit and Management Reviews requirements from BS 25999
The New ISO BCM Lifecycle
source ISO 22313
What Steelhenge can do to assist you
• Advice and support in implementing ISO 22301
• Transitioning from BS 25999-2 to ISO 22301
• Gap analysis and reviews of your BCMS requirements
• Implementing a full BCMS
• Assisting you with parts of the BCMS such as BIAs, training and exercising
[email protected] | @Steelhenge | www.crisisthinking.co.uk | 0845 094 2117
