Transcription
ISO 22301: An Overview ofBCM Implementation ProcessPresenter: Dejan Kosutic
GoToWebinar Control Panel Open and close yourPanel View, Select, and Testyour audio Submit text questions –they will be addressedthroughout the session Raise your hand 2016 27001Academywww.advisera.com/27001academy2
Which are the mandatory steps in ISO 22301implementationIf you’re planning to implement businesscontinuity you need to know all the necessaryelements for successful business continuityimplementation 2016 27001Academywww.advisera.com/27001academy3
ISO 22301 is the framework that is theeasiest to adopt, and is the only one thatis truly international 2016 27001Academywww.advisera.com/27001academy4
Agenda ISO 22301/BS 25999 family of standards Business continuity vs. disaster recovery 17 steps for ISO 22301 implementation Mandatory documents How get management commitment Biggest challenges in implementation 2016 27001Academywww.advisera.com/27001academy5
ISO 22301 & BS 25999 family ofstandards BS 25999-1:2006 – Code of practice BS 25999-2:2007 – Specification ISO 22301:2012 – Specification ISO 22313:2012 – GuidanceOther standards/frameworks: ISO 27001, A.17 BCI – Good Practice Guidelines DRII – Professional Practices 2016 27001Academywww.advisera.com/27001academy6
Business continuity vs. disasterrecoveryBusinesscontinuity (ISO22301)Disasterrecovery(ISO27031) 2016 27001Academywww.advisera.com/27001academy7
17 implementation steps Management supportBudget,Project planIdentification ofrequirementsList ofrequirementsSu textoObjectives and scope 2016 27001AcademyBCM Policywww.advisera.com/27001academy8
17 implementation steps SutextoManagementframework3 proceduresSu textoRiskassessment &treatmentMethodology& reportSu textoDefineRTO, RPO,resourcesBusinessImpactAnalysis 2016 27001Academywww.advisera.com/27001academy9
17 implementation steps BusinesscontinuitystrategySu texto needed &Resourceshow to provide themHow to react & recoverIncidentresponse plans;Recovery plansSu texto training &Implementawareness programsRecordsSu texto 2016 27001Academywww.advisera.com/27001academy10
17 implementation steps ectiveactionsSu textoExercising & testingSutexto fromLearningexperience 2016 27001AcademyPostincident reviewswww.advisera.com/27001academy11
17 implementation steps Su textoCommunicationwithinterested partiesRecordsSu textoMeasurementandevaluationRecordsSu textoInternal audit 2016 27001Academywww.advisera.com/27001academyReport12
17 implementation steps Su textoCorrectiveactionsSu textoMinutes of themeetingImprovementManagement review 2016 27001Academywww.advisera.com/27001academy13
Mandatory documents List of regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication Business impact analysis Risk assessment, including risk appetite 2016 27001Academywww.advisera.com/27001academy14
Mandatory documents Incident response structure Business continuity plans Recovery procedures Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions 2016 27001Academywww.advisera.com/27001academy15
How to sell the idea edependenceon individualsPrevent largescale damage 2016 27001Academywww.advisera.com/27001academy16
Biggest challenges in ISO 22301implementation The board doesn't want to waste resources onsomething that is unlikely to happen Without a regulatory driver continuity is oftengiven less attention and delegated to lesssenior oversight Risk evaluation, potential threats identification Getting the right people in place to acceptresponsibility and attend meetings Training all the employees to perform theirpart during the emergency situation 2016 27001Academywww.advisera.com/27001academy17
ConclusionsUnless you have specific requirement toimplement some other business continuityframework, ISO 22301 is most probably thebest solution 2016 27001Academywww.advisera.com/27001academy18
Q&ADejan Kosutic
Thank you!advisera.com/27001academy/webinars
Biggest challenges in ISO 22301 implementation 17 The board doesn't want to waste resources on something that is unlikely to happen Without a regulatory driver continuity is often given less attention and delegated to less senior oversight Risk evaluation, potential threats identification Getting the right people in place to accept responsibility and attend meetings Training all .