SlideShare uma empresa Scribd logo

ISO 22301 Business Continuity Management

Ramiro Cid
Ramiro Cid

Presentation of ISO 22301 Societal Security - Business Continuity Management Systems, main concepts, basic terms, content of the standard, clauses, mandatory documentation, related standards, comparision with BS25999-2, benefits of ISO 22301 implementation, etc.

TecnologiaNegócios
1 de 17
Baixar para ler offline
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Ramiro Cid | @ramirocid ISO 22301 Societal Security - Business Continuity Management Systems
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 2 Index 1. Introduction Page 3 2. Comparison between ISO 22301 and BS 25999-2 Page 4 3. Basic terms used in the standard Page 6 4. Content of ISO 22301 Page 7 5. ISO 22301 explained Page 8 6. Mandatory documentation Page 12 7. Related standards Page 13 8. Societal security context Page 14 9. Projects under development Page 15 10. Benefits of ISO 22301 business continuity management Page 16
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 3 Introduction The full name of this standard is: “ISO 22301 Societal security - Business continuity management systems - Requirements” This standard was created by leading experts on this area to provide the best framework for business continuity management in an organization. Object: ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. Scope: The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. Who can implement this standard? Any organization, large or small, with or nonprofit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 4 Comparison between ISO 22301 and BS 25999-2 The ISO 22301 has replaced 25999-2. These two standards are quite similar, but the ISO 22301 can be considered as an update of the BS 25999-2 ISO 22301 BS 25999-2 Complete name ISO 22301:2012 Societal security - Business continuity management systems - Requirements BS 25999-2 Business Continuity Management - Part 2: Specification Published by International Organization for Standardization British Standards Institution Published date 15/05/2012 20/11/2007 Total number of pages 24 28 Official recogment Internationally accepted by standards institutes on 163 countries Accepted only in United Kingdom only, but implemented worldwide
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 5 ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard. ISO 22301 places much greater emphasis on understanding requirements, setting objectives and measuring performance. Therefore, it will be more easily accepted by top management, which in turn will contribute to the widespread adoption of this standard like ISO 27001, ISO 9001 or ISO 14001. Comparison between ISO 22301 and BS 25999-2 (continuation)
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 6 Basic terms used in the standard Business Continuity Management System (BCMS) – part of an overall management system that takes care business continuity is planned, implemented, maintained, and continually improved Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD) Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organization needs to produce after resuming its business operations
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 7 Content of ISO 22301 Introduction 5 Leadership 8 Operation 0.1 General 5.1 General 8.1 Operational planning and control 0.2 The Plan-Do-Check-Act (PDCA) model 5.2 Management commitment 8.2 Business impact analysis and risk assessment 0.3 Components of PDCA in this International Standard 5.3 Policy 8.3 Business continuity strategy 1 Scope 5.4 Organizational roles, responsibilities and authorities 8.4 Establish and implement business continuity procedures 2 Normative references 6 Planning 8.5 Exercising and testing 3 Terms and definitions 6.1 Actions to address risks and opportunities 9 Performance evaluation 4 Context of the organization 6.2 Business continuity objectives and plans to achieve them 9.1 Monitoring, measurement, analysis and evaluation 4.1 Understanding of the organization and its context 7 Support 9.2 Internal audit 4.2 Understanding the needs and expectations of interested parties 7.1 Resources 9.3 Management review 4.3 Determining the scope of the management system 7.2 Competence 10 Improvement 4.4 Business continuity management system 7.3 Awareness 10.1 Nonconformity and corrective action 7.4 Communication 10.2 Continual improvement 7.5 Documented information Bibliography
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 8 ISO 22301 explained ISO 22301 is the second published management systems standard that has adopted the new high- level structure and standardized text agreed in ISO. This will ensure consistency with all future and revised management system standards and make integrated use easier with, for example, ISO 9001 (quality), ISO 14001 (environmental) and ISO/IEC 27001 (information security). The standard is divided into 10 main clauses, starting with scope, normative references, and terms and definitions. Following these are the standard’s requirements.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 9 ISO 22301 explained Clause 4 – Context of the organization The first step involves getting to know the organization, both internal and external needs, and setting clear boundaries for the scope of the management system. In particular, this requires the organization to understand the requirements of relevant interested parties, such as regulators, customers and staff. It must in particular understand the applicable legal and regulatory requirements. This enables it to determine the scope of the business continuity management system (BCMS). Clause 5 – Leadership ISO 22301 places particular emphasis on the need for appropriate leadership of BCM. This is so that top management ensures appropriate resources are provided, establishes policy and appoints people to implement and maintain the BCMS. Clause 6 – Planning This requires the organization to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 10 ISO 22301 explained Clause 7 – Support Since resources are required for implementation, Clause 7 introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. It is also important that all staff are aware of their own role in responding to incidents and this clause deals with all of these areas. The need for communication about the BCMS – for instance in telling customers that the organization has appropriate BCM in place – and preparedness to communicate following an incident (when normal channels may be disrupted) is also covered here. Clause 8 – Operations This section contains the main body of business continuity-specific expertise. The organization must undertake business impact analysis to understand how its business is affected by disruption and how this changes over time. Risk assessment seeks to understand the risks to the business in a structured way and these inform the development of business continuity strategy. Steps to avoid or reduce the likelihood of incidents are developed alongside steps to be taken when incidents occur. As it is impossible to completely predict and prevent all incidents, the approach of balancing risk reduction and planning for all eventualities is complementary. It might be said, “hope for the best and plan for the worst”.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 11 ISO 22301 explained Clause 9 – Evaluation For any management system, it is essential to evaluate performance against plan. ISO 22301 therefore requires that the organization select and measure itself against appropriate performance metrics. Internal audits must be conducted and there is a requirement that management review the BCMS and act on these reviews. Clause 10 – Improvement No management system is perfect at the outset, and organizations and their environments are constantly changing. Clause 10 defines actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises and so on are addressed.
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 12 Mandatory documentation If an organization wants to implement this standard, the following documentation is mandatory: List of applicable legal, regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication with interested parties Business impact analysis Risk assessment, including risk appetite Incident response structure Business continuity plans Recovery procedures Results of preventive actions Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 13 Related standards Other standards that are helpful in implementation of business continuity are: ISO/IEC 27031 – Guidelines for information and communication technology readiness for business continuity PAS 200 – Crisis management – Guidance and good practice PD 25666 – Guidance on exercising and testing for continuity and contingency programs PD 25111 – Guidance on human aspects of business continuity ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services ISO/PAS 22399 – Guideline for incident preparedness and operational continuity management ISO/IEC 27001 – Information security management systems – Requirements
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 14 Societal security context ISO 22301 has been developed by ISO/TC 223, Societal security The committee has previously published the following standards and other documents: ISO 22300:2012, Societal security – Terminology ISO 22320:2011, Societal security – Emergency management – Requirements for incident response ISO/TR 22312:2011, Societal security – Technological capabilities ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 15 Projects under development ISO 22311, Societal security – Video-surveillance – Export interoperability ISO 22313, Societal security – Business continuity management systems – Guidance ISO 22315, Societal security – Mass evacuation ISO 22322, Societal security – Emergency management – Public warning ISO 22323, Organizational resilience management systems – Requirements with guidance for use ISO 22325, Societal security – Guidelines for emergency capability assessment for organizations ISO 22351, Societal security – Emergency management – Shared situation awareness ISO 22397, Societal security – Public Private Partnership – Guidelines to set up partnership agreements ISO 22398, Societal security – Guidelines for exercises and testing ISO 22324, Societal security – Emergency management – Colour-coded alert
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 16 Benefits of ISO 22301 business continuity management What are the benefits of ISO 22301 business continuity management? Identify and manage current and future threats to your business Take a proactive approach to minimizing the impact of incidents Keep critical functions up and running during times of crises Minimize downtime during incidents and improve recovery time Demonstrate resilience to customers, suppliers and for tender requests
ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Questions? Many thanks! ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/RamiroCid http://www.youtube.com/user/cidramiro Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

Recomendados

Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...Mart Rovers
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Iso 22301
Iso 22301Iso 22301
Iso 22301Craig Willetts ISO Expert
 
ISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS AwarenessISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS AwarenessAli Fuad R
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 

Recomendados

Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryoDanang suryo Wardhono
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeMissionMode
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301IT Governance Ltd
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...Mart Rovers
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1barbytee
 
Iso 22301
Iso 22301Iso 22301
Iso 22301Craig Willetts ISO Expert
 
ISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS AwarenessISO 22301:2019 BCMS Awareness
ISO 22301:2019 BCMS AwarenessAli Fuad R
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Business Impact Analysis module 3.ppt
Business Impact Analysis module 3.pptBusiness Impact Analysis module 3.ppt
Business Impact Analysis module 3.pptMohamedMoustafa91763
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRCTranscendent Group
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Global Risk Forum GRFDavos
 
ISO 31000
ISO 31000ISO 31000
ISO 31000yeganehmajidi
 
Risk Management
Risk ManagementRisk Management
Risk ManagementStefan Csosz
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015Muhamad Bustaman Abdul Manaf
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsIntegration Technologies Group Inc
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 

Mais conteúdo relacionado

Mais procurados

ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesSlideTeam
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop FinalBill Lisse
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929Andy Willams
 
Business Impact Analysis module 3.ppt
Business Impact Analysis module 3.pptBusiness Impact Analysis module 3.ppt
Business Impact Analysis module 3.pptMohamedMoustafa91763
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAnand Subramaniam
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Global Risk Forum GRFDavos
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveMax Neira Schliemann
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationAlvin Integrated Services [AIS]
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Goutama Bachtiar
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 

Mais procurados (20)

ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
Business Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation SlidesBusiness Continuity Management PowerPoint Presentation Slides
Business Continuity Management PowerPoint Presentation Slides
 
Business Continuity Workshop Final
Business Continuity Workshop FinalBusiness Continuity Workshop Final
Business Continuity Workshop Final
 
business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929business-continuity-management-awareness-presentation-for-mampu2929
business-continuity-management-awareness-presentation-for-mampu2929
 
Business Impact Analysis module 3.ppt
Business Impact Analysis module 3.pptBusiness Impact Analysis module 3.ppt
Business Impact Analysis module 3.ppt
 
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organizationPECB Webinar: ISO 31000 – Risk Management and how it can help an organization
PECB Webinar: ISO 31000 – Risk Management and how it can help an organization
 
Integrated GRC
Integrated GRCIntegrated GRC
Integrated GRC
 
Assess Your Business Continuity Management Process
Assess Your Business Continuity Management ProcessAssess Your Business Continuity Management Process
Assess Your Business Continuity Management Process
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
 
ISO 31000
ISO 31000ISO 31000
ISO 31000
 
Risk Management
Risk ManagementRisk Management
Risk Management
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015
 
GRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance ExecutiveGRC Governance, Risk mgmt. & Compliance Executive
GRC Governance, Risk mgmt. & Compliance Executive
 
ISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and ImplementationISO 31000:2018 Risk Management System, Framework and Implementation
ISO 31000:2018 Risk Management System, Framework and Implementation
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation Steps
 
Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009Implementing Enterprise Risk Management with ISO 31000:2009
Implementing Enterprise Risk Management with ISO 31000:2009
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
 

Destaque

Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Narudom Roongsiriwong, CISSP
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewAhmed Riad .
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoverySirius
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IThhuihhui
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningNEBizRecovery
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planningalanlund
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery PresentationTimSchaefer
 
Business Continuity Management System ISO 22301:2012 Mind Map
Business Continuity Management System ISO 22301:2012 Mind Map Business Continuity Management System ISO 22301:2012 Mind Map
Business Continuity Management System ISO 22301:2012 Mind Map Ahmed Riad .
 
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de UreñaAuditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de UreñaMaricarmen García de Ureña
 
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.PECB
 
ISO 22301 Seguridad de las sociedades- Continuidad del negocio
ISO 22301 Seguridad de las sociedades- Continuidad del negocioISO 22301 Seguridad de las sociedades- Continuidad del negocio
ISO 22301 Seguridad de las sociedades- Continuidad del negocioMaricarmen García de Ureña
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity ManagementDiane Christina
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintluweinet
 
Estructura iso 45001
Estructura iso 45001Estructura iso 45001
Estructura iso 45001sipama76
 
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012Ahmed Riad .
 
Indicadores gestion
Indicadores gestionIndicadores gestion
Indicadores gestiondelosaga72
 
Bsi el papel del liderazgo en la continuidad del negocio
Bsi el papel del liderazgo en la continuidad del negocioBsi el papel del liderazgo en la continuidad del negocio
Bsi el papel del liderazgo en la continuidad del negocioMaricarmen García de Ureña
 
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...Mario Ureña
 

Destaque (20)

Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)Business continuity & disaster recovery planning (BCP & DRP)
Business continuity & disaster recovery planning (BCP & DRP)
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
The A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster RecoveryThe A to Z Guide to Business Continuity and Disaster Recovery
The A to Z Guide to Business Continuity and Disaster Recovery
 
Disaster Recovery Plan for IT
Disaster Recovery Plan for ITDisaster Recovery Plan for IT
Disaster Recovery Plan for IT
 
An Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery PlanningAn Introduction to Disaster Recovery Planning
An Introduction to Disaster Recovery Planning
 
Business Continuity Planning
Business Continuity PlanningBusiness Continuity Planning
Business Continuity Planning
 
Disaster Recovery Presentation
Disaster Recovery PresentationDisaster Recovery Presentation
Disaster Recovery Presentation
 
Business Continuity Management System ISO 22301:2012 Mind Map
Business Continuity Management System ISO 22301:2012 Mind Map Business Continuity Management System ISO 22301:2012 Mind Map
Business Continuity Management System ISO 22301:2012 Mind Map
 
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de UreñaAuditando un SGCN en ISO 22301 Maricarmen García de Ureña
Auditando un SGCN en ISO 22301 Maricarmen García de Ureña
 
SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301
SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301
SISTEMAS DE GETION DE CONTINUIDAD DEL NEGOCIO ISO 22301
 
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
PECB Webinar: Estructura de la norma ISO 22301:2012. Un enfoque estratégico.
 
ISO 22301 Seguridad de las sociedades- Continuidad del negocio
ISO 22301 Seguridad de las sociedades- Continuidad del negocioISO 22301 Seguridad de las sociedades- Continuidad del negocio
ISO 22301 Seguridad de las sociedades- Continuidad del negocio
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
Building a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprintBuilding a business impact analysis (bia) process a hands on blueprint
Building a business impact analysis (bia) process a hands on blueprint
 
Estructura iso 45001
Estructura iso 45001Estructura iso 45001
Estructura iso 45001
 
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
نظرة عامة على نظام إدارة استمرارية الأعمال الأيزو 22301:2012
 
Indicadores gestion
Indicadores gestionIndicadores gestion
Indicadores gestion
 
Bsi el papel del liderazgo en la continuidad del negocio
Bsi el papel del liderazgo en la continuidad del negocioBsi el papel del liderazgo en la continuidad del negocio
Bsi el papel del liderazgo en la continuidad del negocio
 
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
Latin CACS 2013 - Caso práctico para la ejecución de un análisis de impacto a...
 
Auditoría del SGCN según ISO 22301
Auditoría del SGCN según ISO 22301Auditoría del SGCN según ISO 22301
Auditoría del SGCN según ISO 22301
 

Semelhante a ISO 22301 Business Continuity Management

Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcmfaisal_ss
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?Ascent World
 
What are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationWhat are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationhimalya sharma
 
tuvsud-ISO-9001-2015-guidance.pdf
tuvsud-ISO-9001-2015-guidance.pdftuvsud-ISO-9001-2015-guidance.pdf
tuvsud-ISO-9001-2015-guidance.pdfHalaGhaziAyoub
 
ISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxSunil Arora
 
Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Steelhenge
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPDian Hermawan
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPDian Hermawan
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...PECB
 
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.Robert Clements
 
Upload iso 9001 2015 presentation
Upload iso 9001 2015 presentationUpload iso 9001 2015 presentation
Upload iso 9001 2015 presentationRajeesh Thumpayil
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301PECB
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationVISTA InfoSec
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityMike Lemire
 
Awareness session on iatf 16949 2016 standard
Awareness session on iatf 16949 2016 standardAwareness session on iatf 16949 2016 standard
Awareness session on iatf 16949 2016 standardAmit Mishra
 

Semelhante a ISO 22301 Business Continuity Management (20)

Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcm
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity Audit
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
 
what is Business Continuity Management System?
what is Business Continuity Management System?what is Business Continuity Management System?
what is Business Continuity Management System?
 
Bcm in oil&gas industry
Bcm in oil&gas industryBcm in oil&gas industry
Bcm in oil&gas industry
 
What are the steps for ISO 22301 certification
What are the steps for ISO 22301 certificationWhat are the steps for ISO 22301 certification
What are the steps for ISO 22301 certification
 
tuvsud-ISO-9001-2015-guidance.pdf
tuvsud-ISO-9001-2015-guidance.pdftuvsud-ISO-9001-2015-guidance.pdf
tuvsud-ISO-9001-2015-guidance.pdf
 
ISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docxISO9001_2015_Frequently_Asked_Questions.docx
ISO9001_2015_Frequently_Asked_Questions.docx
 
Transition bs25999-to-iso22301
Transition bs25999-to-iso22301Transition bs25999-to-iso22301
Transition bs25999-to-iso22301
 
9001-2015
9001-20159001-2015
9001-2015
 
Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999Comparison of ISO 22301 with BS 25999
Comparison of ISO 22301 with BS 25999
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
 
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIPISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
ISO 9000 AND TOTAL QUALITY MANAGEMENT: THE RELATIONSHIP
 
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...Assessing the Impact of a Disruption: Building an Effective Business Impact A...
Assessing the Impact of a Disruption: Building an Effective Business Impact A...
 
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
Annex SL Training for ISO 9001:2015. & ISO 14001:2015.
 
Upload iso 9001 2015 presentation
Upload iso 9001 2015 presentationUpload iso 9001 2015 presentation
Upload iso 9001 2015 presentation
 
Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301Building a strong BC programme with ISO 22301
Building a strong BC programme with ISO 22301
 
Soc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organizationSoc 2 attestation or ISO 27001 certification - Which is better for organization
Soc 2 attestation or ISO 27001 certification - Which is better for organization
 
Leveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on securityLeveraging compliance to raise the bar on security
Leveraging compliance to raise the bar on security
 
Awareness session on iatf 16949 2016 standard
Awareness session on iatf 16949 2016 standardAwareness session on iatf 16949 2016 standard
Awareness session on iatf 16949 2016 standard
 

Mais de Ramiro Cid

Seminario sobre ciberseguridad
Seminario sobre ciberseguridadSeminario sobre ciberseguridad
Seminario sobre ciberseguridadRamiro Cid
 
Captación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenCaptación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenRamiro Cid
 
Passwords for sale
Passwords for salePasswords for sale
Passwords for saleRamiro Cid
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017Ramiro Cid
 
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?Ramiro Cid
 
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Ramiro Cid
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodologyRamiro Cid
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500Ramiro Cid
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationRamiro Cid
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection RegulationRamiro Cid
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacksRamiro Cid
 
Thinking on risk analysis
Thinking on risk analysisThinking on risk analysis
Thinking on risk analysisRamiro Cid
 
Drones and their use on critical infrastructure
Drones and their use on critical infrastructureDrones and their use on critical infrastructure
Drones and their use on critical infrastructureRamiro Cid
 
Internet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyInternet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyRamiro Cid
 
Space computing
Space computingSpace computing
Space computingRamiro Cid
 
The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...Ramiro Cid
 
Internet of things
Internet of thingsInternet of things
Internet of thingsRamiro Cid
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityRamiro Cid
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security AwarenessRamiro Cid
 

Mais de Ramiro Cid (20)

Seminario sobre ciberseguridad
Seminario sobre ciberseguridadSeminario sobre ciberseguridad
Seminario sobre ciberseguridad
 
Captación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagenCaptación y registro de comunicaciones orales y de imagen
Captación y registro de comunicaciones orales y de imagen
 
Passwords for sale
Passwords for salePasswords for sale
Passwords for sale
 
Cyber security threats for 2017
Cyber security threats for 2017Cyber security threats for 2017
Cyber security threats for 2017
 
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?¿Cuáles son los peligros a los que se enfrenta su sistema informático?
¿Cuáles son los peligros a los que se enfrenta su sistema informático?
 
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
Cloud Computing, IoT, BYOD Ha muerto el perímetro corporativo. ¿y ahora qué?
 
Lean Six Sigma methodology
Lean Six Sigma methodologyLean Six Sigma methodology
Lean Six Sigma methodology
 
IT Governance & ISO 38500
IT Governance & ISO 38500IT Governance & ISO 38500
IT Governance & ISO 38500
 
Cyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk AggregationCyber Security Resilience & Risk Aggregation
Cyber Security Resilience & Risk Aggregation
 
EU General Data Protection Regulation
EU General Data Protection RegulationEU General Data Protection Regulation
EU General Data Protection Regulation
 
Payment fraud
Payment fraudPayment fraud
Payment fraud
 
Social engineering attacks
Social engineering attacksSocial engineering attacks
Social engineering attacks
 
Thinking on risk analysis
Thinking on risk analysisThinking on risk analysis
Thinking on risk analysis
 
Drones and their use on critical infrastructure
Drones and their use on critical infrastructureDrones and their use on critical infrastructure
Drones and their use on critical infrastructure
 
Internet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacyInternet of things, big data & mobility vs privacy
Internet of things, big data & mobility vs privacy
 
Space computing
Space computingSpace computing
Space computing
 
The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...The relation between internet of things, critical infrastructure and cyber se...
The relation between internet of things, critical infrastructure and cyber se...
 
Internet of things
Internet of thingsInternet of things
Internet of things
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Cyber Security Awareness
Cyber Security AwarenessCyber Security Awareness
Cyber Security Awareness
 

Último

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 

Último (20)

Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 

ISO 22301 Business Continuity Management

  • 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Ramiro Cid | @ramirocid ISO 22301 Societal Security - Business Continuity Management Systems
  • 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 2 Index 1. Introduction Page 3 2. Comparison between ISO 22301 and BS 25999-2 Page 4 3. Basic terms used in the standard Page 6 4. Content of ISO 22301 Page 7 5. ISO 22301 explained Page 8 6. Mandatory documentation Page 12 7. Related standards Page 13 8. Societal security context Page 14 9. Projects under development Page 15 10. Benefits of ISO 22301 business continuity management Page 16
  • 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 3 Introduction The full name of this standard is: “ISO 22301 Societal security - Business continuity management systems - Requirements” This standard was created by leading experts on this area to provide the best framework for business continuity management in an organization. Object: ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. Scope: The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity. Who can implement this standard? Any organization, large or small, with or nonprofit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
  • 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 4 Comparison between ISO 22301 and BS 25999-2 The ISO 22301 has replaced 25999-2. These two standards are quite similar, but the ISO 22301 can be considered as an update of the BS 25999-2 ISO 22301 BS 25999-2 Complete name ISO 22301:2012 Societal security - Business continuity management systems - Requirements BS 25999-2 Business Continuity Management - Part 2: Specification Published by International Organization for Standardization British Standards Institution Published date 15/05/2012 20/11/2007 Total number of pages 24 28 Official recogment Internationally accepted by standards institutes on 163 countries Accepted only in United Kingdom only, but implemented worldwide
  • 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 5 ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard. ISO 22301 places much greater emphasis on understanding requirements, setting objectives and measuring performance. Therefore, it will be more easily accepted by top management, which in turn will contribute to the widespread adoption of this standard like ISO 27001, ISO 9001 or ISO 14001. Comparison between ISO 22301 and BS 25999-2 (continuation)
  • 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 6 Basic terms used in the standard Business Continuity Management System (BCMS) – part of an overall management system that takes care business continuity is planned, implemented, maintained, and continually improved Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD) Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organization needs to produce after resuming its business operations
  • 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 7 Content of ISO 22301 Introduction 5 Leadership 8 Operation 0.1 General 5.1 General 8.1 Operational planning and control 0.2 The Plan-Do-Check-Act (PDCA) model 5.2 Management commitment 8.2 Business impact analysis and risk assessment 0.3 Components of PDCA in this International Standard 5.3 Policy 8.3 Business continuity strategy 1 Scope 5.4 Organizational roles, responsibilities and authorities 8.4 Establish and implement business continuity procedures 2 Normative references 6 Planning 8.5 Exercising and testing 3 Terms and definitions 6.1 Actions to address risks and opportunities 9 Performance evaluation 4 Context of the organization 6.2 Business continuity objectives and plans to achieve them 9.1 Monitoring, measurement, analysis and evaluation 4.1 Understanding of the organization and its context 7 Support 9.2 Internal audit 4.2 Understanding the needs and expectations of interested parties 7.1 Resources 9.3 Management review 4.3 Determining the scope of the management system 7.2 Competence 10 Improvement 4.4 Business continuity management system 7.3 Awareness 10.1 Nonconformity and corrective action 7.4 Communication 10.2 Continual improvement 7.5 Documented information Bibliography
  • 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 8 ISO 22301 explained ISO 22301 is the second published management systems standard that has adopted the new high- level structure and standardized text agreed in ISO. This will ensure consistency with all future and revised management system standards and make integrated use easier with, for example, ISO 9001 (quality), ISO 14001 (environmental) and ISO/IEC 27001 (information security). The standard is divided into 10 main clauses, starting with scope, normative references, and terms and definitions. Following these are the standard’s requirements.
  • 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 9 ISO 22301 explained Clause 4 – Context of the organization The first step involves getting to know the organization, both internal and external needs, and setting clear boundaries for the scope of the management system. In particular, this requires the organization to understand the requirements of relevant interested parties, such as regulators, customers and staff. It must in particular understand the applicable legal and regulatory requirements. This enables it to determine the scope of the business continuity management system (BCMS). Clause 5 – Leadership ISO 22301 places particular emphasis on the need for appropriate leadership of BCM. This is so that top management ensures appropriate resources are provided, establishes policy and appoints people to implement and maintain the BCMS. Clause 6 – Planning This requires the organization to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.
  • 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 10 ISO 22301 explained Clause 7 – Support Since resources are required for implementation, Clause 7 introduces the important concept of competence. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. It is also important that all staff are aware of their own role in responding to incidents and this clause deals with all of these areas. The need for communication about the BCMS – for instance in telling customers that the organization has appropriate BCM in place – and preparedness to communicate following an incident (when normal channels may be disrupted) is also covered here. Clause 8 – Operations This section contains the main body of business continuity-specific expertise. The organization must undertake business impact analysis to understand how its business is affected by disruption and how this changes over time. Risk assessment seeks to understand the risks to the business in a structured way and these inform the development of business continuity strategy. Steps to avoid or reduce the likelihood of incidents are developed alongside steps to be taken when incidents occur. As it is impossible to completely predict and prevent all incidents, the approach of balancing risk reduction and planning for all eventualities is complementary. It might be said, “hope for the best and plan for the worst”.
  • 11. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 11 ISO 22301 explained Clause 9 – Evaluation For any management system, it is essential to evaluate performance against plan. ISO 22301 therefore requires that the organization select and measure itself against appropriate performance metrics. Internal audits must be conducted and there is a requirement that management review the BCMS and act on these reviews. Clause 10 – Improvement No management system is perfect at the outset, and organizations and their environments are constantly changing. Clause 10 defines actions to take to improve the BCMS over time and ensure that corrective actions arising from audits, reviews, exercises and so on are addressed.
  • 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 12 Mandatory documentation If an organization wants to implement this standard, the following documentation is mandatory: List of applicable legal, regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication with interested parties Business impact analysis Risk assessment, including risk appetite Incident response structure Business continuity plans Recovery procedures Results of preventive actions Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions
  • 13. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 13 Related standards Other standards that are helpful in implementation of business continuity are: ISO/IEC 27031 – Guidelines for information and communication technology readiness for business continuity PAS 200 – Crisis management – Guidance and good practice PD 25666 – Guidance on exercising and testing for continuity and contingency programs PD 25111 – Guidance on human aspects of business continuity ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services ISO/PAS 22399 – Guideline for incident preparedness and operational continuity management ISO/IEC 27001 – Information security management systems – Requirements
  • 14. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 14 Societal security context ISO 22301 has been developed by ISO/TC 223, Societal security The committee has previously published the following standards and other documents: ISO 22300:2012, Societal security – Terminology ISO 22320:2011, Societal security – Emergency management – Requirements for incident response ISO/TR 22312:2011, Societal security – Technological capabilities ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management
  • 15. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 15 Projects under development ISO 22311, Societal security – Video-surveillance – Export interoperability ISO 22313, Societal security – Business continuity management systems – Guidance ISO 22315, Societal security – Mass evacuation ISO 22322, Societal security – Emergency management – Public warning ISO 22323, Organizational resilience management systems – Requirements with guidance for use ISO 22325, Societal security – Guidelines for emergency capability assessment for organizations ISO 22351, Societal security – Emergency management – Shared situation awareness ISO 22397, Societal security – Public Private Partnership – Guidelines to set up partnership agreements ISO 22398, Societal security – Guidelines for exercises and testing ISO 22324, Societal security – Emergency management – Colour-coded alert
  • 16. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems 16 Benefits of ISO 22301 business continuity management What are the benefits of ISO 22301 business continuity management? Identify and manage current and future threats to your business Take a proactive approach to minimizing the impact of incidents Keep critical functions up and running during times of crises Minimize downtime during incidents and improve recovery time Demonstrate resilience to customers, suppliers and for tender requests
  • 17. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO 22301 Societal security - Business continuity management systems Questions? Many thanks! ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/RamiroCid http://www.youtube.com/user/cidramiro Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL