ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the...
Transcript of ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the...
![Page 1: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/1.jpg)
ISO 22301: An Overview ofBCM Implementation Process
Presenter: Dejan Kosutic
![Page 2: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/2.jpg)
©2015 27001Academy www.advisera.com/27001academy
GoToWebinar Control Panel
2
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions –they will be addressed throughout the session
• Raise your hand
![Page 3: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/3.jpg)
©2015 27001Academy www.advisera.com/27001academy 3
Which are the mandatory steps in ISO 22301 implementation
If you’re planning to implement business continuity…
… you need to know all the necessary elements for successful business continuity implementation
![Page 4: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/4.jpg)
©2015 27001Academy www.advisera.com/27001academy 4
ISO 22301 is the framework that is the easiest to adopt, and is the only one that
is truly international
![Page 5: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/5.jpg)
©2015 27001Academy www.advisera.com/27001academy
Agenda
5
• ISO 22301/BS 25999 family of standards
• Business continuity vs. disaster recovery
• 17 steps for ISO 22301 implementation
• Mandatory documents
• How get management commitment
• Biggest challenges in implementation
![Page 6: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/6.jpg)
©2015 27001Academy www.advisera.com/27001academy
ISO 22301 & BS 25999 family of standards
6
• BS 25999-1:2006 – Code of practice
• BS 25999-2:2007 – Specification
• ISO 22301:2012 – Specification
• ISO 22313:2012 – Guidance
Other standards/frameworks:
• ISO 27001, A.17
• BCI – Good Practice Guidelines
• DRII – Professional Practices
![Page 7: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/7.jpg)
©2015 27001Academy www.advisera.com/27001academy
Business continuity vs. disaster recovery
7
Business continuity (ISO
22301)
Disaster recovery
(ISO 27031)
![Page 8: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/8.jpg)
©2015 27001Academy www.advisera.com/27001academy
17 implementation steps…
8
Su textoObjectives and scope
Management support
Identification of
requirementsList of
requirements
Budget,
Project plan
BCM Policy
![Page 9: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/9.jpg)
©2015 27001Academy www.advisera.com/27001academy
17 implementation steps…
9
Su texto
Su texto
Su textoManagement
framework
Risk assessment &
treatment
Define RTO, RPO,
resources
Methodology
& report
3 procedures
Business
Impact
Analysis
![Page 10: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/10.jpg)
©2015 27001Academy www.advisera.com/27001academy
17 implementation steps…
10
Su texto
Su texto
Su textoResources needed &
how to provide them
How to react & recover
Implement training &
awareness programs
Incident
response plans;
Recovery plans
Business
continuity
strategy
Records
![Page 11: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/11.jpg)
©2015 27001Academy www.advisera.com/27001academy
17 implementation steps…
11
Su texto
Su texto
Su textoDocumentation
maintenance
Exercising & testing
Learning from
experience
Reports;
Corrective
actions
Records
Post-
incident reviews
![Page 12: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/12.jpg)
©2015 27001Academy www.advisera.com/27001academy
17 implementation steps…
12
Su texto
Su texto
Su textoCommunication with
interested parties
Measurement and
evaluation
Internal audit
Records
Records
Report
![Page 13: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/13.jpg)
©2015 27001Academy www.advisera.com/27001academy
17 implementation steps…
13
Su texto
Su textoImprovement
Management review Minutes of the
meeting
Corrective
actions
![Page 14: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/14.jpg)
©2015 27001Academy www.advisera.com/27001academy
Mandatory documents…
14
• List of regulatory and other requirements
• Scope of the BCMS
• Business Continuity Policy
• Business continuity objectives
• Evidence of personnel competences
• Records of communication
• Business impact analysis
• Risk assessment, including risk appetite
![Page 15: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/15.jpg)
©2015 27001Academy www.advisera.com/27001academy
… Mandatory documents
15
• Incident response structure
• Business continuity plans
• Recovery procedures
• Results of monitoring and measurement
• Results of internal audit
• Results of management review
• Results of corrective actions
![Page 16: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/16.jpg)
©2015 27001Academy www.advisera.com/27001academy
How to sell the idea to management?
16
Benefits!
ComplianceMarketing
edge
Reduce dependence
on individuals
Prevent large-scale damage
![Page 17: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/17.jpg)
©2015 27001Academy www.advisera.com/27001academy
Biggest challenges in ISO 22301implementation
17
• Ability to justify to upper mgmt. the need to implement versus costs to implement
• The budget required
• Not enough emphasis on protecting assets in a corporation
• Explaining the importance of business continuity
• Finding the time to implement with all the competing priorities
![Page 18: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/18.jpg)
©2015 27001Academy www.advisera.com/27001academy
Conclusions
18
Unless you have specific requirement to implement some other business continuity framework, ISO 22301 is most probably the
best solution
![Page 19: ISO 22301: An Overview of BCM Implementation Process · ©2015 27001Academy 4 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international](https://reader030.fdocuments.in/reader030/viewer/2022040409/5ec6a97c5e6e930851278f8d/html5/thumbnails/19.jpg)
Q & A
Dejan Kosutic