Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator...

Writing a business continuity plan according to ISO 22301

Presenter: Dejan Kosutic

©2017 27001Academy www.advisera.com/27001academy

• Open and close your Panel

• View, Select, and Test your audio

• Submit text questions – they will be addressed throughout the session

• Raise your hand

GoToWebinar Control Panel

2

©2017 27001Academy www.advisera.com/27001academy 3

Elements of the business continuity plan required by ISO 22301

If you’re starting to develop the BCP…

… make sure you didn’t forget anything

©2017 27001Academy www.advisera.com/27001academy 4

BCP is used in case of a real emergency – if you want it to be useful, make sure you prepare it

properly!


Agenda

5

• BCP in the BCM process

• Business continuity plan elements

• ISO 22301 requirements for BCP

• ISO 22301 requirements for incident response

• Main elements of recovery plans

• Specifics for disaster recovery plans

• Roles in the BCP development

• Biggest challenges with BCP


BCP in the BCM process

6

6

Analysis

Risk assessm

ent

Business impact

analysis

BCM Strategy

BC Plans

Testing Excerci

sing

BCM Policy


Business continuity plan elements

7

Business continuity plan

Incident

response

plan

Disaster

recovery

plan

Recovery

plans

Incident


ISO 22301 requirements for BCP…

8

Plans must collectively contain:

• defined roles and responsibilities

• process for activating the response

• details to manage immediate consequences

• details on how and with whom to communicate, including media response

• how to continue or recover activities within the RTOs

• process for standing down


…ISO 22301 requirements for BCP

9

Additionally, each plan must define:

• purpose and scope

• objectives

• internal and external interdependencies and interactions

• resource requirements

• information flow and documentation processes


ISO 22301 requirements for Incident response

10

• define impact thresholds for plan initiation

• assess nature, extent and impact of an incident

• define how to activate appropriate response

• define processes for handling the response

• have available resources

• communication with interested parties


Main elements of recovery plans

11

• Recovery time objective

• Responsibilities / authorizations

• Key tasks

• Minimum acceptable capacity

• Resources

• Who must be notified

• Contact information – all parties involved

• Recovery steps for critical activity – to be developed by each recovery team


Specifics for disaster recovery plans

12

• Recovery plans for IT infrastructure

• Usually the shortest RTO

• The same plan template

• Much more detailed for each IT system –appendices

• Each step in recovery is determined by RTO of other critical activities


Roles in the BCP development

13

• BCM Coordinator develops the plans templates

• BCM Coordinator writes/coordinates the main part of the plan

• BCM Coordinator writes/coordinates Incident response plan

• Department heads develop recovery plans and disaster recovery plans; BCM Coordinator coordinates them

• Final approval by top management


Biggest challenges with the business continuity plans

14

• Top management involvement and budget

• How big a BCP needs to be? What details/components to cover?

• How to ensure a BCP can cater to most of the worst case scenarios

• How can the BCP be automated, what are the possible tools?

• Get BCP to the staff for education, trainings and exercising


Conclusion

15

Business continuity plans require careful preparation

If you skip some of the steps, you’ll produce plans that won’t be usable

when you need them

Q & A

Dejan Kosutic

www.advisera.com/27001academy/webinars

Thank you!

http://www.advisera.com/27001academy/webinars



Date post:	12-Aug-2020
Category:	Documents
Upload:	others
View:	0 times
Download:	0 times

Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator...

Documents