ISO 22301 Briefing

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 1/26

Conversion FromBS25999-2 to ISO 22301

www.emergencyplanningsolutions.com

7/23/2019 ISO 22301 Briefing


BCM Trends

Systems

Based

BCM

2

IT disaster

Recovery

1

British

Standard

BS25999

3

ISO

22301

4

Crisis

Management

Supply Chain

Resilience

Exercise &

Testing

Humanitarian

Issues

1970s

1990s 2000s

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing


Disaster Trends

7/23/2019 ISO 22301 Briefing


Recently

Issued ISO

22301

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing


The Final Countdown

Jun 12

ISO issued Nov 12

BS25999Withdrawn Jun 14

TransitionComplete

7/23/2019 ISO 22301 Briefing


Question Time

• In your opinion what

needed strengthenedor clarified in

BS25999?

7/23/2019 ISO 22301 Briefing


PossibleAnswers

• UK centric;

•

Resource detail;

• Recovery Plan detail;

• Management Engagement;

• Supporting Implementation

of the plan;

• BCMS clarification in clauses

of part 2.

7/23/2019 ISO 22301 Briefing


What is New?

7/23/2019 ISO 22301 Briefing


(1) Assessing the Context ofthe Organisation

•

Define measureableoutcomes for theBCMS;

• More focus onmetrics;

•

Take into accountexternal and internalfactors and objectives – strategic directionfor BCMS;

•

Requirements ofinterested partiesmapped;

• Legal and regulatoryrequirementsmapped.

7/23/2019 ISO 22301 Briefing


(2) Leadership & Planning

•

Demonstrable TopManagementengagement anddirection providedto staff;

•

Measureableobjectives set

throughout - BCMSimplementation/

maintenance;

•

Top managementinvolvement inexercises andreviews;

•

BCM Policycommunicated

including tointerested parties;

•

Plan to managerisks andopportunities fromstep 1.

7/23/2019 ISO 22301 Briefing


(3) SupportingStructures

•

All competenciesunderstood and

addressed;

•

BCMcommunicatedinternally andexternally;

•

System formanaging

information,communicationsand interoperabilityin place.

7/23/2019 ISO 22301 Briefing


(4) Analysis andStrategy

•

Formal analysis

process laid downand linked toservices andproducts;

•

Supply Chain

ContinuityManagementundertaken;

•

Links to corporate

risk strategyunderstood.

7/23/2019 ISO 22301 Briefing


(5) Operational Planning

•

Specific requirementsfor individual plan

contents;

•

Enhanced resourceplanning;

•

Documentedprocedures in place to

return to normalservice levels fromthose recovered tounder BCMarrangements;

•

Define circumstancesunder which

communications willbe initiated.

7/23/2019 ISO 22301 Briefing


(6) Evaluation andImprovement

• Evaluatetechniques,products orprocedures whichcould be used toimprove theBCMS;

• Emerging BCMgood practice andguidancereviewed.

7/23/2019 ISO 22301 Briefing


So what is out?

1. No requirement to appoint a senior manager as BCM

champion – still god practice however.

2. No specified need to carry out Training Needs Analysis – but

you do need to train people.

3.

Term Recovery Time Objective not used – but concept

retained.

4. Term Maximum Tolerable Period of Disruption defined but not

used – but concept retained.

5.

No requirement to name plan owners and authors – still a goodidea however.

7/23/2019 ISO 22301 Briefing


So what is out?

6.

No requirement to include meeting locations in plan - still a

good idea however.

7. No requirement defined for incident logs – but you are still

required to record and manage information.

8.

No requirement for an approved exercise programme – butexercises are required and PD25666 Exercising and Testing

requires a programme to be in place.

9. Management review no longer needs to take input from

interested parties or consider the results of training andawareness programme – but they will be considered at audit.

7/23/2019 ISO 22301 Briefing


Three Pillars for ISO

Success

Interpretation

Integration

Implementation

7/23/2019 ISO 22301 Briefing


Interpretation Incident

“situation that might be,

or could lead to, abusiness disruption, loss,

emergency or crisis”

ISO 22301

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing


Integration

“ensure the integration

of the businesscontinuity management

system requirements into

the organization's

business

processes.” (Clause 5.2)

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing


Implementation

“This International

Standard specifies

requirements for settingup and managing an

effective business

continuity managementsystem (BCMS)”.

(Clause 0.1)

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing


So what will the ISO do?

30%

25%

25%

20%

Increase Uptake of BCM?

Capability in place

Lip service or immature

Aspiration

No need for BCM

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing



Copyright EPS Ltd

Interoperability in continuity

terms:

1.

Everyone speaking the samelanguage.

2. Everyone adhering to the

same standard.

3. Everyone employing the

same broad processes.

4. Everyone able to be judge

against common criteria.

7/23/2019 ISO 22301 Briefing


• 85% of survey respondents felt the primary benefit of the

ISO would be to provide a common language for

international working with customers, suppliers and within

their organisations.

• Respondents in Asia, Middle East and Africa were

particularly enthusiastic about the new ISO standard.

• Certification levels are expected to treble over the next

three years, as 67% of respondents seek to at least align tothe new ISO in the next three years.

BCI & LRQA Survey 2012

7/23/2019 ISO 22301 Briefing



Copyright EPS Ltd

When asked about the significance of the

French revolution of 1789 Zhou Enlai,

Chinese diplomat, replied

“It is too soon to say”

1898 - 1976

7/23/2019 ISO 22301 Briefing


Questions?

Copyright EPS Ltd

www.emergencyplanningsolutions.com

ISO 22301 Briefing

Documents

Transcript of ISO 22301 Briefing