Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Iso 22301

617 vues

Publié le

Business Continuity ISO 22301

Publié dans : Business
  • I pasted a website that might be helpful to you: ⇒ www.WritePaper.info ⇐ Good luck!
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici
  • One of the key benefits of HelpWriting.net clients is that you communicate with writer directly and manage your order personally.
    Voulez-vous vraiment ?  Oui  Non
    Votre message apparaîtra ici

Iso 22301

  1. 1. ISO 22301 Societal Security – Business Continuity Management Systems CAW CONSULTANCY BUSINESS SOLUTIONS LTD
  2. 2. Contents  Introduction  Comparison between ISO 22301 and BS 25999-2  Basic terms used in the standard  Content of ISO 22301  ISO 22301 explained  Mandatory documentation  Related standards  Societal security content  Projects under development  Benefits of ISO 22301 business continuity management Copyrighted by CAW Consultancy Business Soltions Ltd
  3. 3. Introduction  The full name of the standard is: “ISO 22301 Societal security – Business continuity management systems – Requirements”  The standard was fashioned by leading experts on this area to deliver the best framework for business continuity management in an organisation.  Object: ISO 22301 :2012 specifies requirements to plan, establish, operate, monitor, implement, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from the disruptive incidents when they arise.  Scope: The requirements identified in ISO 22301 :2012 are generic and projected to be appropriate for all organisations, or parts thereof, regardless of type, size and nature of the organisation. The extent of application of these requirements depends on the organisation’s operating environment and complexity.  Who can implement this standard? Any organisation, with or non-profit, big or small, private or public. The standard is formulated in such a was that it is applicable to any size or type of organisation. Copyrighted by CAW Consultancy Business Soltions Ltd
  4. 4. Comparison between ISO 22301 and BS 2599-2 The ISO 22301 has replaces 25999-2. These are quite similar standards, but the ISO 22301 is often regarded as an update. Copyrighted by CAW Consultancy Business Soltions Ltd ISO 22301 BS 25999-2 Complete name ISO 22301:2012 Societal security – Business continuity management systems – Requirements BS 25999-2 Business Continuity Management – Part 2: Specification Published by International Organisation for standardisation British standards Institution Published date 15/05/2012 20/11/2007 Total number of minimum pages 24 28 Official recommendations Internationally accepted by standards institutes on 163 countries Accepted only in the United Kingdom, but implemented worldwide
  5. 5.  ISO 22301 is not that different from BS 25990-2 in most businesses continuity sections such as business impact, analysis, strategy or planning; the greatest changes are in the management areas of the standard  ISO 22301 places particular emphasis on understanding requirements, constructing objectives and measuring performance. Therefore, it will be more easily accepted by top management. In turn this will contribute to the widespread adoption of this standard like ISO 27001, ISO 9001 or ISO 14001. Copyrighted by CAW Consultancy Business Soltions Ltd Comparison between ISO 22301 and BS 2599-2 (continuation)
  6. 6. Basic terms used within the standard  Business Continuity Management System (BCMS) – part of an overall management system that ensures business continuity is planned, implemented, maintained, and continually improved  Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD)  Recovery Time Objective (RTO) – the specified time at which an activity must be resumed, or resources must me recovered  Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored  Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organisation needs to produce after resuming it business operations. Copyrighted by CAW Consultancy Business Soltions Ltd
  7. 7. Content of ISO 22301  Introduction  0.1 General  0.2 The Plan-Do-Check-Act (PDCA) model  0.3 Components of PDCA in this International Standard  1. Scope  2. Normative references  3. Terms and definitions  4. Context of the organisation  4.1 Understanding of the organisation and its context  4.2 Understanding the needs and expectations of the interested parties  4.3 Determining the scope of the management system  4.4 Business continuity management system Copyrighted by CAW Consultancy Business Soltions Ltd  5. Leadership  5.1 General  5.2 Management commitment  5.3 Policy  5.4 Organisational roles, responsibility and authorities  6. Planning  6.1 Actions to address risks and opportunities  6.2 Business continuity objectives and plans to achieve them  7. Support  7.1 Resources  7.2 Competence  7.3 Awareness  7.4 Communication  7.5 Documented information  8. Operation  8.1 Operational planning and control  8.2 Business impact analysis and risk assessment  8.3 Business continuity strategy  8.4 Establish and implement business continuity procedures  8.5 Exercising and testing  9. Performance evaluation  9.1 Monitoring, measurement, analysis and evaluation  9.2 Internal audit  9.3 Management review  10. Improvement  10.1 Non conformity and corrective action  10.2 Continual improvement  Bibliography
  8. 8. ISO 22301 explained  ISO 22301 is the second published management system standard that has recognised the new high-level structure and standardised text agreed in ISO  This will guarantee consistency with all future and revamped management system standards and make integrated use easier, for example, ISO 9001 (quality), ISO 1400 (environmental) and ISO/IEC 27001 (information security).  The standard is separated into main clauses, starting with scope, typical references, and terms and definitions. Following these are the standard’s requirements. Copyrighted by CAW Consultancy Business Soltions Ltd
  9. 9. ISO 22301 explained  Clause 4 – Context of the organisation The first step involves an understanding of the organisation, both the internal and external needs, and setting clear guidelines for the scope of the management system. In particular, this requires the organisation to understand the obligations of the relevant interested parties, such as regulators, customers and staff. It must in particular understand the appropriate legal and regulatory requirements. This enables it to determine the scope of the business continuity management system (BCMS).  Clause 5 – Leadership ISO 22301 places specific emphasis on the need for suitable leadership of BCM. This is so that top management ensures appropriate resources are provided, establishes policy and appoints people to implement and maintain the BCMS.  Clause 6 – Planning This requires the organisation to identify risks to the implementation of the management system and set clear objectives, goals and criteria that can be used to measure its success. Copyrighted by CAW Consultancy Business Soltions Ltd
  10. 10. ISO 22301 explained  Clause 7 – Support Resources are compulsory for implementation, Clause 7 introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both aid the BCMS and respond to incidents when they occur. It is also essential that all staff are aware of their own role in reacting to incidents and this clause deals with all of these areas. The need for communication about the BCMS – for instance in telling customers that the organisation has suitable BCM in place – and preparedness to communicate subsequent an incident (when normal channels may be disrupted) is also covered here.  Clause 8 – Operations This section contains the main body of business continuity-specific expertise. The organisation must assume business impact analysis to comprehend how its business is affected by disruption and how this changes over time. Risk assessment sorts to understand the risks to the business in a structured way and these form the progress and expansion of business continuity strategy. Steps to avoid or reduce the likelihood of incidents are advanced alongside a guideline of steps to be taken when incidents occur. As it is impossible to completely predict and prevent all incidents, the approach of balancing risk reduction and planning for all eventualities is complementary. It might be said “hope for the best, plan for the worst” Copyrighted by CAW Consultancy Business Soltions Ltd
  11. 11. ISO 22301 explained  Clause 9 – Evaluation For any management system, it is crucial to evaluate performance against plan. ISO 22301 therefore involves the organisation selecting and measuring itself against appropriate performance metrics. Internal audits must be carried out and there is a requirement that management review the BCMS and act upon these reviews.  Clause 10 – Improvement No management system is perfect initially, organisations and their environments are constantly transforming. Clause 10 defines actions to take to improve the BCMS over time and confirm that corrective actions arising from audits, reviews, exercise and so on are tackled. Copyrighted by CAW Consultancy Business Soltions Ltd
  12. 12. Mandatory documentation If an organisation wants to implement this standard, the following documentation is mandatory: Copyrighted by CAW Consultancy Business Soltions Ltd  List of applicable legal, regulatory and other requirements  Scope of the BCMS  Business Continuity Policy  Business continuity objectives Evidence of personnel competences  Records of communication with interested parties  Business impact analysis  Risk assessment, including risk appetite  Incident response structure  Business continuity plan  Recovery procedures  Results of preventative actions  Results of monitoring and measurement  Results of internal audit  Results of Management review  Results of corrective actions
  13. 13. Related standards Other standards that are helpful in implementation of business continuity are:  ISO/IEC 27031 – Guidelines for information and communication technology readiness for business continuity  PAS 200 – Crisis management – guidance and good practice  PD 25666 – Guidance on exercising and testing for continuity and contingency programs  PD 25111 – Guidance on human aspects of business continuity  ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services  ISO/PAS 22399 – Guidelines for incident preparedness and operational continuity management  ISO/IEC 27001 – Information security management systems - Requirements Copyrighted by CAW Consultancy Business Soltions Ltd
  14. 14. Societal security context ISO 22301 has been developed by ISO/TC 223, societal security The committee has previously published the following standards and other documents:  ISO 22300:2012, Societal security – Terminology  ISO 22300:2012, Societal security – Emergency management – requirements for incident response  ISO/TR 22312:2011, Societal security – Technological capabilities  ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management Copyrighted by CAW Consultancy Business Soltions Ltd
  15. 15. Projects under development  ISO 22311, Societal security – Video-surveillance – Export interoperability  ISO 22313, Societal security – Business continuity management systems - Guidance  ISO 22315, Societal security – Mass evacuation  ISO 22322, Societal security – Emergency management – Public warning  ISO 22323, Organisational resilience management systems – Requirements with guidance for use  ISO 22325, Societal security – Guidelines for emergency capability assessment for organisations  ISO 22351, Societal security – Emergency management – Shared situation awareness  ISO 22397, Societal security – Public Private Partnership – Guidelines to set up partnership agreements  ISO 22398, Societal security – Guidelines for exercising and testing  ISO 22324, Societal security – Emergency management – Color-coded alert. Copyrighted by CAW Consultancy Business Soltions Ltd
  16. 16. The benefits of ISO 22301 business continuity management What are the benefits of ISO 22301 business continuity management?  Identify and manage current and future threats to your business  Take a proactive approach to minimizing the impact of incidents  Keep critical sections of the business up and running during times of crisis  Minimise interruption during incidents and improve recovery time  Exhibit resilience to customers, suppliers and for tender requests Copyrighted by CAW Consultancy Business Soltions Ltd
  17. 17. Do you have any questions? Thank you for listening Get in touch now on 07427535662 or email craig@cawconsultancy.co.uk Copyrighted by CAW Consultancy Business Soltions Ltd