BCMS and understanding the organization
-
Upload
juris-puce -
Category
Leadership & Management
-
view
87 -
download
3
Transcript of BCMS and understanding the organization
Role of understanding the context in Business Continuity Management
Experience from ISO 22301 compliant BCMS implementation
Juris Puce analytica.lv
“Understanding the organization and its context”
• Included in ISO “management system standards” requirements
Assumption: understanding the context AND organization is especially important in cases for
Business Continiuity
Experience• We have experience in implementation of
– Business Process Management– Information Security Management Systems (both ISO 27001 and
alternative)– IT Service Management systems (ISO 20000-1; ITIL, other principles)– Quality Management Systems (ISO 9001 and alternative approaches)– Risk management systems...
All include the idea of “understanding the organization and its context”
Another point of view
• Understanding the organization and its context usually can be done at a “general level”– What services/products– Structure of organization– Basic grasp of “culture”
Not that easy in effective BCP (Business Continuity Planning)
BCMS (Business Continuity Management System)
• Requires much more in-depth understanding of the organization and its context– not arguing: technically any process/management system needs the
understanding too
– But these sometimes can easily be misguided/misunderstood
• BCMS requires in-depth understanding of:– Processes, Functions– Consequences if not done, done partially, or done late– Resources the organization is ready to invest to prevent failures/maintain
processes
Reasonable BCMS implementation?
Minimum effort (just
rebuild everything)
Maximum effort (lets
make it complicated enough so
nobody understand
s it)
Truth is in the
middle?
Conclusion
• Doing Business Continuity (BC) Business Impact Analysis (BIA) properly allow organization to have a “clear head” view on the organization and related risks
• Useful in: risk analysis, information security, quality management, information system planning....