iso 22301 briefing

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 1/26

Conversion FromBS25999-2 to ISO 22301

www.emergencyplanningsolutions.com 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 2/26

BCM Trends 

Systems

Based

BCM 

2

IT disaster

Recovery 

1

British

Standard

BS25999 

3

ISO

22301

4

Crisis

Management

Supply Chain

Resilience

Exercise &

Testing

Humanitarian

Issues

1970s 

1990s  2000s

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 3/26

Disaster Trends 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 4/26

Disaster Trends 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 5/26

Recently

Issued ISO

22301 

Copyright EPS Ltd 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 6/26

The Final Countdown 

Jun 12 

ISO issued  Nov 12 

BS25999Withdrawn Jun 14 

TransitionComplete 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 7/26

Question Time 

•  In your opinion what

needed strengthenedor clarified in

BS25999? 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 8/26

PossibleAnswers

•  UK centric; 

• 

Resource detail; 

•  Recovery Plan detail; 

•  Management Engagement; 

•  Supporting Implementation

of the plan; 

•  BCMS clarification in clauses

of part 2. 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 9/26

What is New? 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 10/26

(1) Assessing the Context ofthe Organisation 

• 

Define measureableoutcomes for theBCMS;

• More focus onmetrics;

• 

Take into accountexternal and internalfactors and objectives – strategic directionfor BCMS;

• 

Requirements ofinterested partiesmapped;

• Legal and regulatoryrequirementsmapped.

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 11/26

(2) Leadership & Planning 

• 

Demonstrable TopManagementengagement anddirection providedto staff;

• 

Measureableobjectives set

throughout - BCMSimplementation/

maintenance; 

• 

Top managementinvolvement inexercises andreviews;

• 

BCM Policycommunicated

including tointerested parties;

• 

Plan to managerisks andopportunities fromstep 1.

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 12/26

(3) SupportingStructures 

• 

All competenciesunderstood and

addressed; 

• 

BCMcommunicatedinternally andexternally;

• 

System formanaging

information,communicationsand interoperabilityin place.

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 13/26

(4) Analysis andStrategy 

• 

Formal analysis

process laid downand linked toservices andproducts;

• 

Supply Chain

ContinuityManagementundertaken;

• 

Links to corporate

risk strategyunderstood. 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 14/26

(5) Operational Planning 

• 

Specific requirementsfor individual plan

contents; 

• 

Enhanced resourceplanning;

• 

Documentedprocedures in place to

return to normalservice levels fromthose recovered tounder BCMarrangements;

• 

Define circumstancesunder which

communications willbe initiated.

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 15/26

(6) Evaluation andImprovement 

• Evaluatetechniques,products orprocedures whichcould be used toimprove theBCMS; 

• Emerging BCMgood practice andguidancereviewed. 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 16/26

So what is out? 

1.  No requirement to appoint a senior manager as BCM

champion – still god practice however. 

2.  No specified need to carry out Training Needs Analysis – but

you do need to train people.

3. 

Term Recovery Time Objective not used – but concept

retained. 

4.  Term Maximum Tolerable Period of Disruption defined but not

used – but concept retained.

5. 

No requirement to name plan owners and authors – still a goodidea however. 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 17/26

So what is out? 

6. 

No requirement to include meeting locations in plan - still a

good idea however. 

7.  No requirement defined for incident logs – but you are still

required to record and manage information. 

8. 

No requirement for an approved exercise programme – butexercises are required and PD25666 Exercising and Testing

requires a programme to be in place. 

9.  Management review no longer needs to take input from

interested parties or consider the results of training andawareness programme – but they will be considered at audit. 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 18/26

Three Pillars for ISO

Success 

Interpretation 

Integration 

Implementation 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 19/26

Interpretation Incident 

“situation that might be,

or could lead to, abusiness disruption, loss,

emergency or crisis” 

 ISO 22301 

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 20/26

Integration 

“ensure the integration

of the businesscontinuity management

system requirements into

the organization's

business

 processes.” (Clause 5.2) 

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 21/26

Implementation 

“This International

Standard specifies

requirements for settingup and managing an

effective business

continuity managementsystem (BCMS)”. 

(Clause 0.1) 

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 22/26

So what will the ISO do? 

30% 

25% 

25% 

20% 

Increase Uptake of BCM? 

Capability in place 

Lip service or immature 

Aspiration 

No need for BCM 

Copyright EPS Ltd

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 23/26

So what will the ISO do? 

Copyright EPS Ltd

Interoperability in continuity

terms: 

1. 

Everyone speaking the samelanguage. 

2.  Everyone adhering to the

same standard. 

3.  Everyone employing the

same broad processes. 

4.  Everyone able to be judge

against common criteria. 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 24/26

•  85% of survey respondents felt the primary benefit of the

ISO would be to provide a common language for

international working with customers, suppliers and within

their organisations.

•  Respondents in Asia, Middle East and Africa were

particularly enthusiastic about the new ISO standard.

•  Certification levels are expected to treble over the next

three years, as 67% of respondents seek to at least align tothe new ISO in the next three years.

BCI & LRQA Survey 2012 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 25/26

So what will the ISO do? 

Copyright EPS Ltd

When asked about the significance of the

French revolution of 1789 Zhou Enlai,

Chinese diplomat, replied 

“It is too soon to say”

1898 - 1976 

7/23/2019 ISO 22301 Briefing

http://slidepdf.com/reader/full/iso-22301-briefing 26/26

Questions? 

Copyright EPS Ltd

www.emergencyplanningsolutions.com