ISO 22301: An Overview of BCM Implementation Process. Presenter: Dejan Kosutic

Transcription

1 ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic

2 GoToWebinar Control Panel Open and close your Panel View, Select, and Test your audio Submit text questions they will be addressed throughout the session Raise your hand 6

3 Which are the mandatory steps in ISO implementation If you re planning to implement business continuity you need to know all the necessary elements for successful business continuity implementation 3

4 ISO is the framework that is the easiest to adopt, and is the only one that is truly international 4

5 Agenda ISO 22301/BS family of standards Business continuity vs. disaster recovery 17 steps for ISO implementation Mandatory documents How get management commitment Biggest challenges in implementation 5

6 ISO & BS family of standards BS :2006 Code of practice BS :2007 Specification ISO 22301:2012 Specification ISO 22313:2012 Guidance Other standards/frameworks: ISO 27001, A.17 BCI Good Practice Guidelines DRII Professional Practices 6

7 Business continuity vs. disaster recovery Business continuity (ISO 22301) Disaster recovery (ISO 27031) 7

8 17 implementation steps Management support Budget, Project plan Identification of requirements List of requirements Su texto Objectives and scope BCM Policy 8

9 17 implementation steps Su texto Management framework 3 procedures Risk Su texto assessment & treatment Methodology & report Define Su texto RTO, RPO, resources Business Impact Analysis 9

10 17 implementation steps Su texto Resources needed & how to provide them Business continuity strategy Su texto How to react & recover Incident response plans; Recovery plans Implement Su texto training & awareness programs Records 10

11 17 implementation steps Su texto Documentation maintenance Records Su texto Exercising & testing Reports; Corrective actions Su Learning texto from experience Postincident reviews 11

12 17 implementation steps Su texto Communication with interested parties Records Measurement Su texto and evaluation Records Su texto Internal audit Report 12

13 17 implementation steps Su texto Improvement Corrective actions Su texto Management review Minutes of the meeting 13

14 Mandatory documents List of regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication Business impact analysis Risk assessment, including risk appetite 14

15 Mandatory documents Incident response structure Business continuity plans Recovery procedures Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions 15

16 How to sell the idea to management? Benefits! Compliance Marketing edge Reduce dependence on individuals Prevent largescale damage 16

17 Biggest challenges in ISO implementation Management buy in and providing the necessary resources Making the program easy to understand clause by clause, and then sell it to the business Link between risk assessment and business impact analysis Difficult to get key process owners to participate in the business impact analysis Making sure that everything is covered in the risk assessment and business impact analysis 17

18 Conclusions Unless you have specific requirement to implement some other business continuity framework, ISO is most probably the best solution 18

19 Q & A Dejan Kosutic

20 Thank you! advisera.com/27001academy/webinars