I would argue implementation of an effective Business Continuity Management System gives one of the best insights in organization and its context if done properly.
1. Role of understanding the context in
Business Continuity Management
Experience from ISO 22301 compliant
BCMS implementation
Juris Puce
analytica.lv
2. “Understanding the organization and
its context”
• Included in ISO “management system
standards” requirements
Assumption: understanding the context AND
organization is especially important in cases for
Business Continiuity
3. Experience
• We have experience in implementation of
– Business Process Management
– Information Security Management Systems (both ISO 27001 and
alternative)
– IT Service Management systems (ISO 20000-1; ITIL, other principles)
– Quality Management Systems (ISO 9001 and alternative approaches)
– Risk management systems...
All include the idea of
“understanding the organization and its
context”
4. Another point of view
• Understanding the organization and its context
usually can be done at a “general level”
– What services/products
– Structure of organization
– Basic grasp of “culture”
Not that easy in effective BCP (Business Continuity
Planning)
5. BCMS (Business Continuity
Management System)
• Requires much more in-depth understanding of the
organization and its context
– not arguing: technically any process/management system needs
the understanding too
– But these sometimes can easily be misguided/misunderstood
• BCMS requires in-depth understanding of:
– Processes, Functions
– Consequences if not done, done partially, or done late
– Resources the organization is ready to invest to prevent
failures/maintain processes
7. Conclusion
• Doing Business Continuity (BC) Business
Impact Analysis (BIA) properly allow
organization to have a “clear head” view on
the organization and related risks
• Useful in: risk analysis, information security,
quality management, information system
planning....