ISO 22301 Briefing
Transcript of ISO 22301 Briefing
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 1/26
Conversion FromBS25999-2 to ISO 22301
www.emergencyplanningsolutions.com
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 2/26
BCM Trends
Systems
Based
BCM
2
IT disaster
Recovery
1
British
Standard
BS25999
3
ISO
22301
4
Crisis
Management
Supply Chain
Resilience
Exercise &
Testing
Humanitarian
Issues
1970s
1990s 2000s
Copyright EPS Ltd
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 3/26
Disaster Trends
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 4/26
Disaster Trends
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 5/26
Recently
Issued ISO
22301
Copyright EPS Ltd
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 6/26
The Final Countdown
Jun 12
ISO issued Nov 12
BS25999Withdrawn Jun 14
TransitionComplete
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 7/26
Question Time
• In your opinion what
needed strengthenedor clarified in
BS25999?
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 8/26
PossibleAnswers
• UK centric;
•
Resource detail;
• Recovery Plan detail;
• Management Engagement;
• Supporting Implementation
of the plan;
• BCMS clarification in clauses
of part 2.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 9/26
What is New?
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 10/26
(1) Assessing the Context ofthe Organisation
•
Define measureableoutcomes for theBCMS;
• More focus onmetrics;
•
Take into accountexternal and internalfactors and objectives – strategic directionfor BCMS;
•
Requirements ofinterested partiesmapped;
• Legal and regulatoryrequirementsmapped.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 11/26
(2) Leadership & Planning
•
Demonstrable TopManagementengagement anddirection providedto staff;
•
Measureableobjectives set
throughout - BCMSimplementation/
maintenance;
•
Top managementinvolvement inexercises andreviews;
•
BCM Policycommunicated
including tointerested parties;
•
Plan to managerisks andopportunities fromstep 1.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 12/26
(3) SupportingStructures
•
All competenciesunderstood and
addressed;
•
BCMcommunicatedinternally andexternally;
•
System formanaging
information,communicationsand interoperabilityin place.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 13/26
(4) Analysis andStrategy
•
Formal analysis
process laid downand linked toservices andproducts;
•
Supply Chain
ContinuityManagementundertaken;
•
Links to corporate
risk strategyunderstood.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 14/26
(5) Operational Planning
•
Specific requirementsfor individual plan
contents;
•
Enhanced resourceplanning;
•
Documentedprocedures in place to
return to normalservice levels fromthose recovered tounder BCMarrangements;
•
Define circumstancesunder which
communications willbe initiated.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 15/26
(6) Evaluation andImprovement
• Evaluatetechniques,products orprocedures whichcould be used toimprove theBCMS;
• Emerging BCMgood practice andguidancereviewed.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 16/26
So what is out?
1. No requirement to appoint a senior manager as BCM
champion – still god practice however.
2. No specified need to carry out Training Needs Analysis – but
you do need to train people.
3.
Term Recovery Time Objective not used – but concept
retained.
4. Term Maximum Tolerable Period of Disruption defined but not
used – but concept retained.
5.
No requirement to name plan owners and authors – still a goodidea however.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 17/26
So what is out?
6.
No requirement to include meeting locations in plan - still a
good idea however.
7. No requirement defined for incident logs – but you are still
required to record and manage information.
8.
No requirement for an approved exercise programme – butexercises are required and PD25666 Exercising and Testing
requires a programme to be in place.
9. Management review no longer needs to take input from
interested parties or consider the results of training andawareness programme – but they will be considered at audit.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 18/26
Three Pillars for ISO
Success
Interpretation
Integration
Implementation
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 19/26
Interpretation Incident
“situation that might be,
or could lead to, abusiness disruption, loss,
emergency or crisis”
ISO 22301
Copyright EPS Ltd
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 20/26
Integration
“ensure the integration
of the businesscontinuity management
system requirements into
the organization's
business
processes.” (Clause 5.2)
Copyright EPS Ltd
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 21/26
Implementation
“This International
Standard specifies
requirements for settingup and managing an
effective business
continuity managementsystem (BCMS)”.
(Clause 0.1)
Copyright EPS Ltd
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 22/26
So what will the ISO do?
30%
25%
25%
20%
Increase Uptake of BCM?
Capability in place
Lip service or immature
Aspiration
No need for BCM
Copyright EPS Ltd
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 23/26
So what will the ISO do?
Copyright EPS Ltd
Interoperability in continuity
terms:
1.
Everyone speaking the samelanguage.
2. Everyone adhering to the
same standard.
3. Everyone employing the
same broad processes.
4. Everyone able to be judge
against common criteria.
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 24/26
• 85% of survey respondents felt the primary benefit of the
ISO would be to provide a common language for
international working with customers, suppliers and within
their organisations.
• Respondents in Asia, Middle East and Africa were
particularly enthusiastic about the new ISO standard.
• Certification levels are expected to treble over the next
three years, as 67% of respondents seek to at least align tothe new ISO in the next three years.
BCI & LRQA Survey 2012
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 25/26
So what will the ISO do?
Copyright EPS Ltd
When asked about the significance of the
French revolution of 1789 Zhou Enlai,
Chinese diplomat, replied
“It is too soon to say”
1898 - 1976
7/23/2019 ISO 22301 Briefing
http://slidepdf.com/reader/full/iso-22301-briefing 26/26
Questions?
Copyright EPS Ltd
www.emergencyplanningsolutions.com