ISO/TS 22317: How to Use ISO s Newest BC Standard to Develop Real BC Requirements
|
|
- Matilda Powell
- 6 years ago
- Views:
Transcription
1 ISO/TS 22317: How to Use ISO s Newest BC Standard to Develop Real BC Requirements Jacqueline Rupert Managing Consultant Avalution Consulting
2 Agenda ISO/TS Background Overview BIA Outcomes Process Keys to Success Conclusions and Questions
3 Background Since 2013, ISO technical committee 292 (security and resilience) has been working on developing a business impact analysis standard Lead by the US Delegation Brian Zawada and Jacqueline Rupert Participants from over a dozen countries
4 Background In September 2015, ISO published its newest business continuity standard: ISO/TS 22317: 2015 Societal security Business continuity management systems Guidelines for business impact analysis (BIA)
5 Overview The new technical specification is designed to complement ISO 22301, but also be a stand alone standard Note: This standard is not auditable; instead it provides guidance on how to effectively implement or mature a BIA process
6 Overview ISO sought to re-define ISO s business impact analysis definition, outcomes, and process to be more clear and straight-forward The BIA process analyzes the consequences of a disruptive incident on the organization. The outcome is a statement of justification of business continuity requirements. Note: business continuity requirements has the same meaning as continuity and recovery priorities, objectives, and targets
7 BIA Outcomes Endorsement or modification of the organization s BC program scope Identification of legal, regulatory, and contractual requirements (obligations) and their effect on business continuity requirements Evaluation of impacts on the organization over time, which serves as the justification for business continuity requirements (time and capability) Identification and confirmation of product/service delivery requirements following a disruptive incident, which then sets the prioritized timeframes for activities and resources Identification of, and establishment of, the relationships between products/services, processes, activities, and resources Determination of the resources needed to perform prioritized activities (e.g. facilities; people; equipment; information, communication and technology assets; supplies; and financing) Understanding of the dependencies on other activities, supply chains, partners, and other interested parties Determination of how up to date the information needs to be
8 BIA Process
9 BIA Process Impact Categories Financial Reputational Legal and Regulatory Contractual Business Objectives Examples of Impacts Financial losses due to fines, penalties, lost profits, or diminished market share Negative opinion or brand damage Litigation liability and withdrawal of license to trade Breach of contracts or obligations between organizations Failure to deliver on objectives or take advantage of opportunities
10 Keys to Success Prerequisites identifies prerequisites for organizations to consider implementing before the BIA process These boil down to what management system (ISO 22301) activities are needed to be successful, including: Context and scope Roles and responsibilities Leadership commitment Resource allocation
11 Keys to Success BIA Process Levels breaks down the BIA process into three levels: Product and service prioritization (section 5.3) Process prioritization (section 5.4) Activity prioritization (includes resources and interdependencies) (section 5.5) Complex organizations should use all three levels, but less complex organizations may choose to combine one or two of the levels These levels ensure results are consistent from topdown and bottom-up
12 Keys to Success Section 5 Structure The three levels are explained in Section 5 (Performing the Business Impact Analysis) and broken down by the following: Introduction (Overview) Inputs Outcomes Methods for how to conduct each level are: Explained in Section 5.6 (Analysis and Consolidation) Detailed in Annex C (BIA Information Collecting Methods) Information on how to obtain top management endorsement is in Section 5.7
13 Keys to Success After the BIA Section 5.8 (Business Continuity Strategy Selection) outlines how to use BIA results to select appropriate business continuity strategies Section 6 (BIA Process Monitoring and Review) outlines when the BIA process should be refreshed, including: Frequency considerations Organizational change considerations
14 Conclusions Provides a new, enhanced BIA definition that is more clear with less jargon Offers a BIA value proposition for organizations struggling to gain buy-in Identifies the prerequisites that the organization should have in place before starting the BIA Outlines a detailed process for how to effectively perform the BIA Proposes the outcomes of the BIA (including outcomes of each step of the BIA) Provides options for different information collecting methods, along with a pros and cons analysis of each method Describes other uses for which organizations may choose to use the BIA
15 Questions? Thank you!
16 Contact Information Jacqueline Rupert Managing Consultant, Avalution Consulting avalution.com bccatalyst.com
This document is a preview generated by EVS
TECHNICAL SPECIFICATION ISO/TS 22317 First edition 2015-09-15 Societal security Business continuity management systems Guidelines for business impact analysis (BIA) Sécurité sociétale Systèmes de management
More informationThe Best Offense. Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management
The Best Offense Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management Agenda Welcome and Introduction Governance and Compliance Liability Issues BC Standards Requirements
More informationEnthusiasm? Skepticism? ISO Has Arrived Now What? Brian Zawada & Robert Giffin Avalution Consulting
ISO 22301 Has Arrived Now What? Brian Zawada & Robert Giffin Avalution Consulting Enthusiasm? Skepticism? 2 Unsure? 3 Raise your hand if: 4 4 Today s Agenda: ISO 22301 Value What is it? Why and how to
More informationISO Technical Committee 223 on Societal security EMForum April 11, 2012 Dean Larson Orlando Hernandez Brian Zawada
ISO Technical Committee 223 on Societal security EMForum April 11, 2012 Dean Larson Orlando Hernandez Brian Zawada 2012 Avalution Consulting, LLC All Rights Reserved ISO TC 223 Organized in 2001 under
More informationBusiness Continuity. Building a Program Fit for Purpose
Business Continuity. Building a Program Fit for Purpose Tim Janes. Director Fulcrum Risk Services Tuesday 2 September. 11.30-12.45 T Janes. BC SLIDES. RIMS Risk Forum Aust 2014 v1.0 Building a BC Program
More informationIntroducing ISO 22301
Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399
More informationIntroduction to Business
ANALYSIS DESIGN IMPLEMENTATION Introduction to Business Continuity course This course is an introduction to the world of business continuity (BC). It is designed as a first step for newcomers to the subject
More informationNFPA Edition: What you need to know
NFPA 1600 2010 Edition: What you need to know NFPA 1600 is a Disaster / Emergency Management and Business Continuity standard published by the National Fire Protection Association that was originally released
More informationMapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013
Mapping ISO/IEC 27001:2005 -> ISO/IEC 27001:2013 Carlos Bachmaier http://excelente.tk/ - 20140218 2005 2013 In 2005 0 Introduction 0 Process approach PDCA In 2013 0 No explicit process approach ISMS part
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationMeet Our Presenter. Equipping You For Success: An ISO Certification Case Study
Equipping You For Success: An ISO 22301 Certification Case Study March 28, 2017 10:45 11:45 am Maureen Roskoski, Corporate Sustainability Officer, Facility Engineering Associates, PC Meet Our Presenter
More informationWIC 104 RISK MANAGEMENT AND BUSINESS CONTINUITY PLANNING FOR LOCAL WIC AGENCIES. Peg Jackson, DPA, CPCU National WIC Association
WIC 104 RISK MANAGEMENT AND BUSINESS CONTINUITY PLANNING FOR LOCAL WIC AGENCIES Peg Jackson, DPA, CPCU National WIC Association Learning Agenda Week 1 Risk Management and its role in WIC offices What is
More informationWhat is ISO 30300? Who, when, where, why and how to implement
What is ISO 30300? Who, when, where, why and how to implement Barcelona, October 28th 2011 Carlota Bustelo Judith Ellis Index 1. What is ISO 30300: MSR? a) Background of MSR initiative b) What is a MSR?
More informationWhen Recognition Matters TRAINING AND CERTIFICATION CATALOGUE
When Recognition Matters TRAINING AND CERTIFICATION CATALOGUE 2017 www.pecb.com Table of Contents THE IMPORTANCE OF PECB TRAINING COURSES IN YOUR EVERYDAY LIFE... 5 CHOOSE WHICH COURSE IS RIGHT FOR YOU...
More informationCity of Saskatoon Business Continuity Internal Audit Report
www.pwc.com/ca City of Saskatoon Business Continuity Internal Audit Report June 2018 Executive Summary The City of Saskatoon s (the City ) Strategic Risk Register identifies Business Continuity as a high
More informationThe Role of ISO Standards in Governance, Risk and Compliance Management for Today s Business
The Role of ISO Standards in Governance, Risk and Compliance Management for Today s Business HKQAA Symposium 2017 Dr Nigel H Croft May 2017 (C) Nigel H Croft 2017 - All rights reserved 1 Governance The
More informationBusiness Continuity 101. Fairchild Resiliency Systems
Business Continuity 101 Fairchild Resiliency Systems Business Continuity Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Version FINAL 1.0 Ratified by Dudley CCG Audit Committee Date ratified 17/03/16 Name of originator(s) / author(s) David Morris, Midlands and Lancashire CSU/ Sue Johnson,
More informationWHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY
WHITE PAPER KEY PRINCIPLES OF INTEGRATED BUSINESS RESILIENCY It s hard to find an organization not impacted by at least one natural, man-made or cyber disruption in 2017. From earthquakes in Mexico, to
More informationA robust and systematic review.
Principal risks and uncertainties A robust and systematic review. The Board considers these to be the most significant risks faced by the Group that may impact the achievement of our six strategic drivers.
More informationBusiness Continuity Management and Resilience Framework
Business Continuity Management and Resilience Framework Approving authority University Council Approval date 3 December 2018 Advisor Next scheduled review 2021 Peter Bryant Vice President (Corporate Services)
More informationBC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP
BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP WHY THE CONVERGENCE OF BUSINESS CONTINUITY & RISK MANAGEMENT? The convergence of BC and RM
More information1. OBJECTIVE 1.1 This Charter outlines the roles and responsibilities of the Board.
Board Charter Table of Contents 1. OBJECTIVE... 1 2. SCOPE... 1 3. DEFINITIONS AND INTERPRETATION... 1 4. POLICY STATEMENT... 2 Director Responsibilities... 2 Size and Composition of the Board... 4 Criteria
More informationAgenda. Best Practices for Marketing Your Business Continuity Program Outside the Organization. Introduction
Best Practices for Marketing Your Business Continuity Program Outside the Organization Joanna D Aquanni SAS Brian Zawada Avalution Consulting Agenda Introduction Who Might Be Interested in Your Program
More information18 Business Continuity Management
18 Business Continuity Management Business Continuity is the strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business
More informationSuccessful Public-Private Partnerships in the Caribbean Region. Consolidated Water Co. Ltd. Ramjeet Jerrybandan, Vice President Overseas Operations
Successful Public-Private Partnerships in the Caribbean Region Consolidated Water Co. Ltd. Ramjeet Jerrybandan, Vice President Overseas Operations Introduction Definition of PPPs A contractual agreement
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationA Risk Management Framework for the CGIAR System
Agenda Item 10 For Decision Issued: 25 October 2017 A Risk Management Framework for the CGIAR System Purpose Building on core principles presented at SC4 for early input, this paper summarizes the main
More informationBEGINNER S GUIDE TO ISO : Information Security Management System Requirements Explained
BEGINNER S GUIDE TO ISO 27001 : 2013 Information Security Management System Requirements Explained What is ISO 27001 : 2013? Why use it? ISO 27001 : 2013 is an internationally recognised Certification
More informationBusiness Impact Management Moving Beyond the Traditional BIA THINK DIFFERENT. THINK SUCCESS.
Business Impact Management Moving Beyond the Traditional BIA 1 Change can be challenging! 2 Discussion Topics Impact Assessment Concepts Effective Data Gathering Creating Actionable Information Impact
More informationProject, programme and portfolio management Guidance on portfolio management
BS ISO 21504:2015 BSI Standards Publication Project, programme and portfolio management Guidance on portfolio management BS ISO 21504:2015 BRITISH STANDARD National foreword This British Standard is the
More informationBusiness Continuity Policy
Business Continuity Policy To ensure the effective availability of essential products and services, BCQ has raised this Business Continuity Policy in support of a comprehensive program for business continuity,
More informationCorporate policy. Business Continuity Management Policy. Issue sheet
Corporate policy Business Continuity Management Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop
More informationElements of a Successful Compliance Management System and Vendor Management Rules of the Road
Elements of a Successful Compliance Management System and Vendor Management Rules of the Road Jonathan L. Pompan Partner, Venable LLP jlpompan@venable.com 202.344.4383 Katherine M. Lamberth Associate,
More informationHow to to transition to ISO One year on. Rob Acker Business Continuity Lead Assessor LRQA Ltd
How to to transition to ISO 22301... One year on Rob Acker Business Continuity Lead Assessor LRQA Ltd Agenda Structure of ISO22301 Detailed review a walk through. Section 4 understanding Section 5 leadership
More informationFISHERIES COMPLIANCE POLICY
FISHERIES COMPLIANCE POLICY Table of Contents 1. Background... 2 2. Policy Statement... 2 3. Policy Application... 2 4. Compliance Outcomes... 2 5. Policy Detail... 2 6. Compliance Obligations... 3 7.
More informationISO 22000:2018 Understanding the changes to the food safety management systems standard
Latest update June 2018 FINAL STANDARD Understanding the changes to the food safety management systems standard Includes Mapping Guide Food safety management systems Used by organizations across the food
More informationManagement Systems Update TURP Conference April 14, 2016
Management Systems Update TURP Conference April 14, 2016 What Will We Cover? Management systems TURA EMS ISO 14001 ISO 14001:2015 Highlights of the Revision Preparing to conform Preparing to certify Update
More informationBusiness Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017
Business Continuity Management Policy Document Code PtHB / CGP 001 Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017 Document Owner Approved by Date Civil Contingencies Executive Team 08/10/2014
More informationEX0-114_Wins_Exam. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0
EX0-114_Wins_Exam Number: 000-000 Passing Score: 800 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ 20000 IT Service Management Foundation Bridge based on ISO/IEC Total Questions: 78
More informationIT Service Management Foundation based on ISO/IEC20000
IT Service Management Foundation based on ISO/IEC20000 Number: EX0-115 Passing Score: 60 Time Limit: 90 min File Version: 4.0 http://www.gratisexam.com/ Exin EX0-115 IT Service Management Foundation based
More informationExternal Supplier Control Obligations
External Supplier Control Obligations Resilience Control Title Control Description Why this is important 1.Resilience and recovery governance Supplier must establish effective governance to maintain resilience
More informationHead of Security and Business Continuity
Services Security and Business Continuity Ser-Sec-003 07/11/2017 Author Name Author Job Title Alan Cain Head of Security and Business Continuity Version No. 1.1 EIA Approval Date 28/06/2017 Committee Recommend
More informationISO Environmental Management PROVE YOUR ENVIRONMENTAL LEADERSHIP PRODUCT GUIDE
ISO 14001 Environmental Management PROVE YOUR ENVIRONMENTAL LEADERSHIP PRODUCT GUIDE WHAT IS ISO 14001? An Environmental Management System (EMS) is a framework that allows your organization to consistently
More informationCapacity Market Cost Allocation initial discussion Depal Consulting Limited July 25, 2017
+ Capacity Market Cost Allocation initial discussion Depal Consulting Limited July 25, 2017 + Cost Recovery Discussion Agenda Key principles (cost recovery/ equity) Review of other markets Alternatives
More informationHigh Performance Crisis/Incident Management A Roundtable Discussion Regarding Best Practices
High Performance Crisis/Incident Management A Roundtable Discussion Regarding Best Practices Brian Zawada (MBCP, MBCI) Avalution Consulting 2011 Avalution Consulting, LLC All Rights Reserved Introductions
More informationGDPR The role of the Internal Audit Function
www.pwc.com/mt GDPR The role of the Internal Audit Function What should the Internal Auditor do? 24 MAY 2017 it s not your problem yet 2 How does GDPR feature in your 2017 audit plan? much of 2017 will
More informationDRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationPoints of Discussion
Business Continuity Planning Considerations for Business Process Offshoring Todd Litman, CBCP DRJ Spring World March 18, 2013 1 Points of Discussion Business Process Offshoring Benefits & Risks Business
More informationSUBJECT AREA 3 - BUSINESS IMPACT ANALYSIS
SUBJECT AREA 3 - BUSINESS IMPACT ANALYSIS Identify the impacts resulting from business interruptions that can affect the organization and techniques that can be used to quantify and qualify such impacts.
More informationWHITE PAPER ISO 14001:2015. Environment Management System. The impact in international standard for environment management system
WHITE PAPER Ultimate transition guide ISO 14001:2015 Environment Management System The impact in international standard for environment management system Success through management excellence Global Standards
More informationISO Food Safety Management Systems Your implementation guide
ISO 22000 Food Safety Management Systems Your implementation guide ISO 22000 Food safety management systems How ISO 22000 works The World Health Organization estimates that one in ten people fall ill and
More informationOversight by Board, Risk Management & Audit Committee (RMAC) and other committees. Second line of defense
47 In the business environment that we live in, doing nothing might be the biggest risk of all. At Cim, the Board plays a crucial role in risk oversight; it is bringing more diverse viewpoints into the
More informationActive Essex Risk Management Strategy
Active Essex Risk Management Strategy 2017-2021 November 2017 Contents 1. Policy Statement 2. Statement of Commitment 3. Risk Management Framework 4. Risk Appetite 5. Risk Maturity 6. Risk Management Levels
More informationINTERNAL AUDIT DIVISION
INTERNAL AUDIT DIVISION REPORT 2015/057 Audit of the Omgeo system in the Investment Management Division of the United Nations Joint Staff Pension Fund Overall results relating to the effective and efficient
More informationIndigenous and Northern Affairs Canada. Internal Audit Report. Audit of Business Continuity Planning. Prepared by: Audit and Assurance Services Branch
Indigenous and Northern Affairs Canada Internal Audit Report Audit of Business Continuity Planning Prepared by: Audit and Assurance Services Branch August 2017 TABLE OF CONTENTS TABLE OF CONTENTS... i
More informationKey Takeaways. Course Requirements. Delegates must meet the following criteria to be eligible for certificate of completion:
111 Program Overview In today s ever-changing world, organizations are continuously faced with risks. These risks can have catastrophic impacts on an organization s success, reputation, and future. Unmanaged
More informationSpecimen induction pack for academy trustees/directors
Guidance note Specimen induction pack for Contents: Introduction Overall purpose Induction design Specimen induction pack April 2015 Introduction This ICSA guidance note is aimed at trustees/directors/governors
More informationGearing up for GDPR Compliance - Practical steps to ensure compliance with the revised data protection regulation. Chris Bernau.
Gearing up for GDPR Compliance - Practical steps to ensure compliance with the revised data protection regulation. Chris Bernau October 2016 Agenda 1. What do we know about GDPR? 2. How should we approach
More informationProven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations
Proven Strategies for Overcoming Business Continuity Challenges for Healthcare Organizations Kathy Lee Patterson, CBCP Business Continuity & Disaster Recovery Manager Children's Hospital of Philadelphia
More informationSD General Standard Disclosure
3M 2016 Sustainability Report Index 159 About Report Global Reporting Initiative () Content Index and UN Global Compact Report on Progress Element SD General Standard G4-1 Statement from the most senior
More informationA Risk Management Framework for the CGIAR System
Agenda Item 11 Cover Paper Issued: 29 November 2017 A Risk Management Framework for the CGIAR System Purpose This paper summarizes the main elements of the Risk Management Framework for the CGIAR System.
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationPRIVACY 101 SETTING UP THE FUNCTION
PRIVACY 101 SETTING UP THE FUNCTION Evie Kyriakides, Mars, Incorporated Heather Egan Sussman, McDermott Will & Emery LLP Mac Macmillan, Hogan Lovells International LLP March 5, 2014 INTRODUCTION Making
More informationFinancial Management
Financial Management PUBLISHED BY IAITAM Publishing, LLC 1137 State Route 43 Suffield, Ohio 44260 Copyright 2008 by IAITAM Publishing, LLC All rights reserved. No part of the contents of this book may
More informationPOL:10:EP:003:03:NIBT PAGE 1 of 7
POL:10:EP:003:03:NIBT PAGE 1 of 7 Northern Ireland Blood Transfusion Service POLICY DOCUMENT Document Details Document Number: POL:10:EP:003:03:NIBT No. of Appendices: 2 Supersedes Number: POL:10:EP:003:02:NIBT
More informationISO 9001:2015 Revision overview
ISO 9001:2015 Revision overview - General users July 2014 ISO/TC 176/SC 2/N1219 1 Disclaimers verbal statements made by the presenter may represent personal opinions and/or interpretations the presentation
More informationAsset management Management systems Guidelines for the application of ISO 55001
INTERNATIONAL STANDARD ISO 55002 First edition 2014-01-15 Asset management Management systems Guidelines for the application of ISO 55001 Gestion d actifs Systèmes de management Lignes directrices relatives
More informationLoch Lomond & The Trossachs National Park Authority and Cairngorms National Park Authority
Loch Lomond & The Trossachs National Park Authority and Cairngorms National Park Authority Internal audit report 2013 Carbon management and internal sustainability reporting 23 January 2014 Contents This
More informationRSA Archer Compliance Management 5.2 Webcast
RSA Archer Compliance Management 5.2 Webcast Marshall Toburen egrc Risk Solutions Manager RSA Archer 1 Agenda Introductory Comments 5.2 Enhancements Overview RSA Archer approach to Compliance Management
More informationHow Can Trustees Learn to Trust?
How Can Trustees Learn to Trust? Achieving the Right Balance in Decision-Making between the Board and Executive Management By Rick Funston and Randy Miller, March 31, 2015 Trust, like reputation, is gained
More informationCARNEGIE MELLON UNIVERSITY
CARNEGIE MELLON UNIVERSITY 1 Integrated Risk Management for the Enterprise Brett Tucker December 2018 Carnegie Mellon University Software Engineering Institute Carnegie Mellon University Pittsburgh, PA
More informationAn Overview of the AWS Cloud Adoption Framework
An Overview of the AWS Cloud Adoption Framework Version 2 February 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes
More informationEquipping You For Success
Equipping You For Success Maureen Roskoski, CFM, SFP, LEED AP O+M, Senior Professional Corporate Sustainability Officer Identify Benefits Implement System Engage Team Evaluate Performance Identify Benefits
More informationBusiness Continuity Management
Business Continuity Management Who Should Read This Policy Target Audience All Trust Staff Version 2.1 April 2018 Ref. Contents Page 1.0 Introduction 4 2.0 Purpose 4 3.0 Objectives 4 4.0 Process 5 4.1
More informationQuick Guide: Meeting ISO Requirements for Asset Management
Please visit the NAMS.org.nz website for downloading the digital version of this quick guide. Supplement to the IIMM 2011 Quick Guide: Meeting ISO 55001 Requirements for Asset Management Using the International
More informationAnnex 1 (Integrated frameworks on Business/IT alignment) Annex 2 Goals Cascade, adapted from COBIT5
Annex (Integrated frameworks on Business/IT alignment) Annex 2 Goals Cascade, adapted from COBIT5 Annex 2 RACI chart for EDM0, Retrieved from COBIT5 Description: R Responsible The one(s) who performs the
More informationBusiness Continuity Maturity Model (BCMM) Overview & Standards Compliance Assessment v2.5
Business Continuity Maturity Model (BCMM) Overview & Standards Compliance Assessment v2.5 Virtual Corporation, Inc. 100 Enterprise Drive Suite 301 Rockaway, NJ 07866 973-426-1444 virtual-corp.com/business-continuity
More informationMoving from BS to ISO The new international standard for business continuity management systems
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationISMS AUDIT CHECKLIST
4.1 REQUIREMENT REFER TO BS ISO / IEC 27001 : 2005 Has the organisation developed a documented ISMS based on the PDCA model? Checked at Stage 1 for development and Stage 2/surveillance for implementation,
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: 9 Produced by: University Manager with the assistance of the Operational Group Date Produced: 11 th March 2010 Approved by: Steering Group (14 December 2010) Updated:
More informationEHS Management Systems
EHS Management Systems Note: This document is an excerpt from Pfizer s Global EHS Management System manual and is intended to provide an overview of the manual itself. Overview: Pfizer s Environment, Health
More informationSTANDARD OPERATING PROCEDURE FOR. Safeguarding Impartiality
Page 1 of 4 STANDARD OPERATING PROCEDURE FOR Safeguarding Impartiality Page 2 of 4 1.0 Purpose of the procedure: To lay down guidelines for establishment and operation of Committee for Safeguarding Impartiality
More informationInternational Standard on Auditing (UK) 600 (Revised June 2016)
Standard Audit and Assurance Financial Reporting Council June 2016 International Standard on Auditing (UK) 600 (Revised June 2016) Special Considerations Audits of Group Financial Statements (Including
More informationCERT Resilience Management Model, Version 1.2
CERT Resilience Management Model, Organizational Process Focus (OPF) Richard A. Caralli Julia H. Allen David W. White Lisa R. Young Nader Mehravari Pamela D. Curtis February 2016 CERT Program Unlimited
More informationCOMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY
COMPLIANCE MANAGEMENT FRAMEWORK FOR VICTORIA UNIVERSITY July 2018 Prepared by: Policy Services (Compliance) Portfolio of the Vice-President (Planning) and Registrar Contents 1. BACKGROUND... 2 2. COMMITMENT
More informationInformation Security Policy
Information Security Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSARM001 NHS Business Services Authority Information Security policy Head of Security
More informationProcedures on Management System Certification
1. Purpose Procedure PR-005 describes the roles, responsibilities and processes in a certification body according to ISO 17021 involved in the certification of management systems (MS). The certification
More informationISACA San Francisco Chapter
ISACA San Francisco Chapter The 2007 Privacy Panel Rena Mears, CISSP, CIPP, CPA, CISA Partner, Deloitte & Touche LLP March 23, 2007 San Francisco 0 What is Privacy and Why Now? Definition of PII The definition
More information12.0 Business Continuity Management
Number 12.0 Policy Owner Information Security and Technology Policy Business Continuity Management Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 12. Business Continuity
More informationAppendix A - Service Provider RACI Model
Portfolio es: R A C / I P.1 Portfolio Strategy Centralized management of one or more portfolios (major programs), which includes identifying, prioritizing, authorizing, managing, and controlling projects,
More informationBusiness Continuity vs. Operational Risk Management vs. Business Resiliency. Karen Dye Oakley, CBCP, MBCI
Business Continuity vs. Operational Risk Management vs. Business Resiliency Karen Dye Oakley, CBCP, MBCI www.karendyeconsulting.com Background Most recently with Sun Microsystems, Inc. Director, Global
More informationSUCCESSFUL PLANNING ORGANISING & DELEGATING Successful Planning, Organising & Delegating
SUCCESSFUL PLANNING ORGANISING & DELEGATING Successful Planning, Organising & Delegating SECTOR / MANAGEMENT AND LEADERSHIP NON-TECHNICAL & CERTIFIED TRAINING COURSE The training course content addresses
More informationTECHNOLOGY POLICY SUMMARY FOR THIRD PARTY SUPPLIERS
TECHNOLOGY POLICY SUMMARY FOR THIRD PARTY SUPPLIERS RATIONALE Group Policy Rationale This Policy has been designed to assist in managing the risk that Lloyds Banking Group (the Group) fails to simultaneously
More informationStatement of Work Contract Management Advisory Project Submitted on May 29, 2018 for SPC on Finance on June 5, 2018
www.pwc.com/ca Statement of Work Contract Management Advisory Project Submitted on May 29, 2018 for SPC on Finance on June 5, 2018 May 29, 2018 City of Saskatoon SPC on Finance 222 Third Avenue North Saskatoon,
More informationPMI Southern Ontario Chapter PDD Ralph Dunham May 26, 2012
PMI Southern Ontario Chapter PDD Ralph Dunham May 26, 2012 Future of Risk Resiliency Pervasive Readiness Effective Governance What s Next? High Medium Risk High Risk I M P A C T Share Low Risk Mitigate
More informationAligning and Integrating ERM and Business Process. Federal ERM Summit September 9, :00-12:00
Aligning and Integrating ERM and Business Process Federal ERM Summit September 9, 2013 11:00-12:00 1 Agenda Defining Risk and ERM The ERM Value Proposition An Integrated ERM Framework Aligning ERM with
More informationHighlights and Insights February Christine Moorman
Highlights and Insights February 2010 About The CMO Survey Mission - The CMO Survey collects and disseminates the opinions of top marketers in order to predict the future of markets, track marketing excellence,
More informationAdministrative Response Business Continuity Internal Audit Report
Administrative Business Continuity Internal Audit Report Recommendation That the report of the CFO/General Manager, Asset and Financial Management Department, dated August 7, 2018, be received as information.
More information