Mike Anzis Anzis Consulting - chapters.acp...

Association of Contingency Planners Los Angeles Chapter

August 11, 2015

Mike Anzis Anzis Consulting

Why should you care about ISO 22301?

(Brief) Recent history of BC standards

What are ISO Standards? 22301 Content - What’s in it; what’s not?

ISO Certification / 22301 Certification - Who, why, how?

Q & A

© 2015 Anzis Consulting

Would you like executives and management more involved with your BC

program? Would you like them to really support it with adequate resources?

THEN YOU SHOULD CARE

Would you like to assure that regular testing, training, and updates to BC plans take place in your organization?


Would you like to see BC integrated into your organization’s business processes?


Would you like to easily respond to queries from customers and other business partners about your BC program in a way that assures and satisfies them?


Would you like your BC program to add demonstrated value to your organization?



2007 – Federal legislation established PS Prep (Private Sector Preparedness) program under Dept. of Homeland Security

2009 – DHS declared three BC programs qualify for PS Prep certification:

o British Standard BS 25999 – United Kingdom

o NFPA 1600 (National Fire Protection Association) – North America

o ANSI/ASIS SPC.1 – North America

2012 - ISO 22301:2012, "Societal Security -- Business Continuity” Management Systems” and supporting “guidance” ISO 22313

2012 -BS 25999 withdrawn

2015 – ISO 22317, BIA Technical Specifications


ISO – International Standards Organization is a standards setting body with 163 national members out of 206 world countries, including: United States - ANSI Botswana - BOBS

United Kingdom - BSI Sri Lanka SLSI

France - AFNOR Uzbekistan - UZSTANDARD

Australia - SA

ISO 9001 “Quality Management” first published in 1987. BC related standards include:

ISO 27001 – Information Security

ISO 1401 – Environmental Management

ISO standards prescribe Management Systems



ISO 22316

Organizational Resilience – Principles

and Guidelines

ISO 22301

Business Continuity Management Systems –

Requirements

ISO 22313


Guidance

ISO 22317


Business Impact Analysis

ISO 22318


Supply Chain Continuity

ISO 22398

Guidelines for Exercises

Connect a discipline to organizational strategy through executive management. They are about the organization, not its programs.

Require formalized procedures including

Policy Executive support

Formal documentation Training and awareness

Regular, periodic review Etc.

Prescribe a continuous improvement cycle


Plan

Do

Check

Act

The Standard specifies “what” not “how”.

Written for many audiences internationally

Not designed to build BC competencies

The Standard does not specify strategies or substance of the BCMS and BC Program

States only that the BCMS must be appropriate to the risks and impacts identified in the RA and BIA

Organization management determines strategy and substance

Program specifics (methods and frequency of testing, updates, training, etc.) also determined and regularly reviewed and improved by management.

It may not be the only standard to which an organization wishes to align.



• Clause 1: Scope

• Clause 2: Normative References

• Clause 3: Terms and Definitions

Introduction

• Clause 4: Context of the Organization

• Clause 5: Leadership

• Clause 6: Planning

• Clause 7: Support

• Clause 8: Operations

• Clause 9: Performance Evaluation

• Clause 10: Improvement

Requirements


Would you like executives and management more involved with your BC

program? Would you like them to really support it with adequate resources? Clause 5: LEADERSHIP

Clause 7.1: SUPPORT - Resources Would you like to assure that regular testing, training, and updates to BC plans

take place in your organization? Clause 8.5: OPERATION – Exercising & Testing

Clause 7.3 : SUPPORT – Awareness Clause 10.2: IMPROVEMENT – Continual Improvement

Would you like to see BC integrated into your organization’s business processes? Clause 5.2 b: LEADERSHIP – Management Commitment

Would you like to easily respond to queries from customers and other business partners about your BC program in a way that assures and satisfies them?

ISO 22301 INTERNATIONAL CERTIFICATION Would you like your BC program to add demonstrated value to your

organization? BIDS, PROPOSALS, RFP’s


Granted by a accredited certification body following an audit using certified auditors (Veritas, Lloyds, BSI, NQA) Surveillance audit in years 2 and 3 to audit minor non-conformities and

observe changes in the organization Re-certification in year 4 (required every 3 years)

May not make sense for organizations that are heavily regulated or have their own industry standard, to try seek 22301 certification. Financial institutions, health care providers, insurance companies Alignment can still provide benefits and add business value

An organization may wish to align to the standard but not seek certification Self audit (Internal Audit), second party audit (customer, vendor, etc.)

First step: Qualified third party Gap Assessment

Where you stand vis-à-vis Certification Recommend changes and improvements to your program Relatively short process



Because ISO 22301 has been adopted as an ISO international standard, conformity

brings a BC program up to a credible and recognizable industry standard.

ISO standards are Management Systems, and as such are about an organization’s

processes, not about its programs.

A BC program gains many benefits from alignment with 22301

management support resources

integration with the organization ability to recover

added business value less time responding to inquiries

22301 may not be for everyone

Financial institutions, healthcare, insurance

May choose alignment rather than certification

A qualified Gap Assessment may be your first step.

Tells you where you stand vis-à-vis conformity

Relatively short process


Q & A


Date post:	16-Feb-2018
Category:	Documents
Upload:	dangxuyen
View:	235 times
Download:	4 times

Mike Anzis Anzis Consulting - chapters.acp...

Documents