You are on page 1of 37

ISO 22301

The New Standard for Business Continuity Best Practice


Sponsored By

Emergency Notification | Incident Management

Agenda
1 2 3 4

So what is ISO 22301? The Benefits of ISO 22301 BS 25999 compared to ISO 22301 Planning to comply with ISO 22301

5
6

The Certification Process Q & A


ISO 22301
2

Reputation Combat: Protecting Your Companys Online Reputation

Copyright 2011, Jonathan Bernstein

Sponsored by

Smarter Crisis Management


Emergency Notification Incident Management Mobile Crisis Communications

www.missionmode.com/mobile
ISO 22301 3

Reputation Combat: Protecting Your Companys Online Reputation

Copyright 2011, Jonathan Bernstein

This presentation is from a recorded webinar. To view and listen to the video presentation, visit: www.missionmode.com/webinars

Reputation Combat: Protecting Your Companys Online Reputation

ISO 22301

Copyright 2011, Jonathan Bernstein

John McGill
Managing Partner, ISO 22301 Ltd.

Reputation Combat: Protecting Your Companys Online Reputation

ISO 22301

Copyright 2011, Jonathan Bernstein

So What Is ISO 22301?

ISO 22301 has sprung from a need for global standardisation.


I couldnt help with the spill, I couldnt do anything about getting the ship off the rocks.
Statement 10 days after the Exxon Valdez incident by Lawrence Rawl, CEO Exxon Mobile

ISO 22301

ISO 22301 was developed by the International Organization for Standardization (ISO), the worlds largest developer of international standards.
ISO 22301 8

ISO 22301 identifies the fundamentals of best practice business continuity. 107 Steps to excellence

ISO 22301

4
Understanding The Business Terms and Definitions

5
Leadership

The Automata

6
Planning

7
9 Evaluation
Operation Support

3
Scope and References

Introduction

Fortress Model Improvement 1/2 of 10

B u s iness
10

ISO 22301

The Benefits of ISO 22301

Establish, implement, maintain and improve business continuity. Meet the requirements of your business continuity policy. Give key stakeholders confidence. Save time and money

ISO 22301

12

So why will an organisations leaders decide they want to align with ISO 22301, or even become certified in it?
"I think the environmental impact of this disaster is likely to have been very, very modest."
Tony Hayward, BP CEO
ISO 22301 13

BS 25999 vs. ISO 22301

All core 25999 business continuity requirements are in ISO 22301.

ISO 22301

15

ISO 22301 puts emphasis on: Interested Parties Understanding the organisation Monitoring performance and metrics Legal and regulatory requirements Crisis Communications

ISO 22301

16

BS 25999 vs. ISO 22301


BS 25999 and ISO 22301 Area of change Understand the organisation Understanding the needs and expectations of interested parties Management commitment Communication & warning system Monitoring, measurement, analysis and evaluation Determine the scope S Business continuity objectives O Business continuity policy P Document information Risk assessment BS 25999 ISO 22301 Magnitude 4.1 4.1 5.2 7.4, 8.4.2, 8.4.3 9.1 4.3 6.2 5.3 7.5 8.2.1, 8.2.3

4.3.3.3 4.4.3 3.2.1 3.2.1.1 3.2.2 3.4 4.1.2

Full chart will be available for download.


ISO 22301 17

Planning to comply with ISO 22301

ISO 22301 specifically requires you to define your approach for measurement and monitoring.

ISO 22301

19

ISO 22301

20

ISO 22301

21

Business Continuity Management System (BCMS)

ISO 22301

22

The key aspects of your ISO 22301 project: 1. Scope of business continuity 2. Business continuity Policy 3. Business continuity Objectives 4. Strategy for meeting the objectives
ISO 22301 23

The Business Impact Analysis (BIA)

Develop the BIA into a risk log and then create Business Continuity Plans Evaluate the Recovery Timeframes

Identify Priority Activities (PA)

Review the needs of interested parties Review the initial impact and then the impact were the disruption to continue Consider the impact were the resources upon which the PAs depend are unavailable

ISO 22301

25

Develop Incident Management Train Test

ISO 22301

26

Resource requirements:
BCMS project leader .1,000 Hours Project team members 36 Hours Project board chairman .. 130 Hours Incident Management team members 20 Hours Executive .. 20 Hours Staff ............... 1 Hour

ISO 22301

27

The Certification Process

Certification process:
Identify accredited certification companies Meet a shortlist of companies Appoint a certification company Agree schedule with chosen company Schedule audit and pre-audit meetings
ISO 22301 29

ISO 22301 outlines BCMS requirements, but does not dictate how to plan in a prescriptive manner.

Heads Up: The auditor cannot act as a consultant and advise you.
ISO 22301 30

Phase 1 audit: one day Focuses on a review of your documents

ISO 22301

31

Phase 1 non-conformities must be resolved before the Phase 2 audit. Phase 2 will last two days and will comprise some further review of documents. The outcomes are as per the Phase 1 audit, plus the option for certification.
ISO 22301 32

The project to obtain certification should not be self serving.


Proof that your business continuity planning is following best practice.
ISO 22301 33

The ISO 22301 Standard can be downloaded at a cost of CHF 116 ($124 /94). Additional guidance can be downloaded in ISO 22313 at a cost of CHF 154 ($165/126).
ISO 22301 34

Sponsored by

Smarter Crisis Management


Emergency Notification Incident Management Mobile Crisis Communications

info@missionmode.com www.missionmode.com/mobile
Reputation Combat: Protecting Your Companys Online Reputation

ISO 22301

35

Copyright 2011, Jonathan Bernstein

John McGill
ISO22301@btinternet.com

ISO 22301

36

This presentation is from a recorded webinar. To view and listen to the video presentation, visit: www.missionmode.com/webinars

Reputation Combat: Protecting Your Companys Online Reputation

ISO 22301

37

Copyright 2011, Jonathan Bernstein

You might also like