Introducing ISO 22301
|
|
- Barnard McCarthy
- 6 years ago
- Views:
Transcription
1 Introducing ISO
2 2 Background How was the ISO22301 formed?
3 Contributors 3
4 Context 4 Source documents included BS NFPA 1600 ASIS OR standard Singapore standards ISO ISO Guide 73 ISOPAS22399 So ISO is not simply an international version of BS25999
5 Publication Timeline 5 Q Q Q Q Q Q Q Q Q ISO BCM Requirements DIS Public Commenting Period FDIS Development FDIS Published Final ISO Publication ISO BCM Guidelines Document out for public comment Publication???
6 Summary of ISO FDIS 22301: ISO is currently developing a high level structure (Guide 83) and standardised text suitable for all ISO management system standards, ISO is the first to be developed to this new structure. The intention is standardise terminology and requirements for essentially what are the fundamental elements of a management system. As ISO will be the first new ISO management system standard it will be the vanguard for all new and revised versions of existing ISO standards
7 7 ISO Key Points (Societal Security BCMS) "...standardization in the area of societal security, aimed at increasing crisis management and business continuity capabilities, i.e. through improved technical, human, organizational, and functional interoperability as well as shared situational awareness, amongst all interested parties."
8 ISO Introduction 4 Context of the organisation 5 Leadership 1 Scope 6 Planning 2 Normative References -Guide 73: Risk mgmt. vocab. -ISO Terminology 3 Terms and Definitions 7 Support 8 Operation 9 Performance Evaluation 10 Improvement *
9 4 Context of the organisation 5 Leadership 6 Planning BS Planning the BCMS -Scope, Objectives, Policy -Resources -Competency -Embedding -Documentation 9 7 Support 8 Operation 9 Performance Evaluation 10 Improvement * 4 Implementing and Operating the BCMS -BIA -Risk and Risk Choices* -Strategy -Incident response, IMP, BCP -Exercising, Review 5 Monitoring and Reviewing the BCMS Internal Audit Management Review 6 Maintaining and Improving the BCMS -Preventive*, Corrective & Improvement Actions
10 Key Changes / Aspects 10 Notable shifts in emphasis from BS :2007: Change in the way an organisation may be defined. Top Management leadership shall be more demonstrable and active. Preventive action has been replaced with actions to address risks and opportunities and features earlier. ISO puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management strategic thinking.
11 Key Changes / Aspects 11 Strong emphasis on performance evaluation & metrics. Communication elements more demanding and there is a responsibility to the wider community defined. BIA similar but with some changes to terminology. There is a stronger link to the organisations approach to risk. To reflect the Societal security approach some new terminology has been introduced, see ISO
12 Benefit of BCM sudden disruption
13 Benefit of BCM gradual disruption
14 3. Terms & Definitions 14 Business continuity plan Correction Corrective action Interested party Maximum acceptable outage (MAO) Maximum tolerable period of disruption (MTPD) Minimum business continuity objective (MBCO)
15 Context - Interested Parties
16 Context 16 Requirement for documenting: links between the business continuity policy and the organization s objectives and other policies, including its overall risk management strategy; and the organization s risk appetite. The requirement to have procedures which identify legal and regulatory requirements. There is also a requirement to keep this information up to date which must tie in with maintenance.
17 6. Planning 17 Section 6.1 talks about risks and 6.2 about objectives Standardized text but might confuse Having fully understood the context of the organisation, planning activities are introduced to address the risks and opportunities of the business. This proactive approach, if carried out properly, will ensure a resilient BCM system as it will focus on planning for successfully achieving BCM objectives and realising opportunities for improvement. Ownership and accountability of BC objectives will be allocated and a clear direction to accomplishing these objectives will be agreed.
18 7. Support Competence The organisation (generally acknowledged to be through its Top Management) has a responsibility to ensure that sufficient and appropriate resource is available for the BCMS. Appropriateness is often determined through competency analysis It is people who take action when an incident occurs Competence relates both to operating the BCMS AND to performing following an incident Note also 7.3 d) everyone has to be aware of their role during disruptive incidents
19 Communication 19 external communication with customers, partner entities, local community, and other interested parties, including the media, receiving, documenting, and responding to communication from interested parties, adapting and integrating a national or regional threat advisory system, or equivalent, into planning and operational use, if appropriate, ensuring availability of the means of communication during a disruptive incident, facilitating structured communication with appropriate authorities and ensuring the interoperability of multiple responding organizations and personnel, where appropriate, and operating and testing of communications capabilities intended for use during disruption of normal communications.
20 BIA a) identifying activities that support the provision of products and services; b) assessing the impacts over time of not performing these activities; c) setting prioritized timeframes for resuming these activities at a specified minimum acceptable level, taking into consideration the time within which the impacts of not resuming them would become unacceptable; and d) identifying dependencies and supporting resources for these activities, including suppliers, outsource partners and other relevant interested parties.
21 Risk Assessment The organization shall establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyses, and evaluates the risk of disruptive incidents to the organization NOTE This process could be made in accordance with ISO The organization shall identify risks of disruption to the organization s prioritized activities and the processes, systems, information, people, assets, outsource partners and other resources that support them, analyse them, evaluate and treat them.
22 Strategy 22 BS had Determining Choices and 4.2 Determining business continuity strategy ISO better defined Decide what you are going to do to reduce the likelihood and impact as well as how to respond (these are not alternative approaches) Set RTOs Work out the resource requirements Act on the protection and mitigation needed Evaluate business continuity capability of suppliers
23 Incident Response Structure broadly equivalent to in BS25999 Impact thresholds is new Personnel to assess the incident Communication mentions authorities and media explicitly External communications a new requirement. Life safety explicitly mentioned.
24 Warning and Communication 24 The organization shall establish, implement and maintain procedures for a) detecting an incident, b) regular monitoring of an incident, c) internal communication within the organization d) receiving, documenting and responding to any national or regional risk advisory system or equivalent, e) assuring availability of the means of communication during a disruptive incident, f) facilitating structured communication with emergency responders, g) recording of vital information about the incident, actions taken and decisions made,
25 Recovery 25 The organization shall have documented procedures to restore and return business activities from the temporary measures adopted to support normal business requirements after an incident
26 Exercising and Testing 26 Covers pretty much the same ground as BS It talks about exercises and tests. Expect to see a programme point is that over time these should provide objective assurance that the arrangements made will work as anticipated and when required: so does the programme really do this?
27 Performance Evaluation 27 As with all management system standards there is a need to look back at what has been achieved. ISO also requires that this analysis is evaluated and conclusions drawn by the organisation. Performance metrics (to be selected by the business) are required in ISO Whilst this is a new requirement it is likely that organisations will already produce certain metrics and these may be able to be tailored to cover the BCMS performance.
28 Performance Evaluation 28 Internal audits and management review continue to be key methods of reviewing the performance of the BCMS and tools for its continual improvement.
29 Transition Organizations who are currently certified to BS :2007 will be provided with: A transition guideline A transition timescale Widely expected that transitions will be conducted during a CAV visit. Guidelines and timescales dependent upon UKAS. Certified organisations have 12 to 18 months to transition although could be up to 3 years
30 30 3 0
Moving from BS to ISO The new international standard for business continuity management systems
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationISO Business Continuity Management. Your implementation guide
ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY 1 AUTHOR/ APPROVAL DETAILS Document Author Written By: Phil Hartwell Authorised Signature Authorised By: Helen Shields Date: 06
More informationHow to to transition to ISO One year on. Rob Acker Business Continuity Lead Assessor LRQA Ltd
How to to transition to ISO 22301... One year on Rob Acker Business Continuity Lead Assessor LRQA Ltd Agenda Structure of ISO22301 Detailed review a walk through. Section 4 understanding Section 5 leadership
More informationISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE
Version 1b: September 5, 2009 ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE Draft Version 1b: September 5, 2009 Abstract A comprehensive management systems approach to prevent,
More informationCity of Saskatoon Business Continuity Internal Audit Report
www.pwc.com/ca City of Saskatoon Business Continuity Internal Audit Report June 2018 Executive Summary The City of Saskatoon s (the City ) Strategic Risk Register identifies Business Continuity as a high
More informationBusiness Continuity Management and Resilience Framework
Business Continuity Management and Resilience Framework Approving authority University Council Approval date 3 December 2018 Advisor Next scheduled review 2021 Peter Bryant Vice President (Corporate Services)
More informationMeet Our Presenter. Equipping You For Success: An ISO Certification Case Study
Equipping You For Success: An ISO 22301 Certification Case Study March 28, 2017 10:45 11:45 am Maureen Roskoski, Corporate Sustainability Officer, Facility Engineering Associates, PC Meet Our Presenter
More informationHead of Security and Business Continuity
Services Security and Business Continuity Ser-Sec-003 07/11/2017 Author Name Author Job Title Alan Cain Head of Security and Business Continuity Version No. 1.1 EIA Approval Date 28/06/2017 Committee Recommend
More informationBusiness Continuity Management Policy. Guidance
Management Guidance Document Type: Guidance Parent Policy: Management Policy Policy Owner: Chief Supt Department: Document Writer: Co-ordinator Effective Date: 12 th March 2015 Review Date: 12 th March
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO 22313 First edition 2012-12-15 Societal security Business continuity management systems Guidance Sécurité sociétale Systèmes de management de la continuité d activité Lignes
More informationLeading Change: Building Organisational Resilience. Jean D. Rowe, MBCI, CDCP May 1, 2017
Leading Change: Building Organisational Resilience Jean D. Rowe, MBCI, CDCP May 1, 2017 Jean.Rowe@ae.ey.com Agenda What is Organizational Resilience? Why Should You Care? Are You Prepared? What Do You
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: 9 Produced by: University Manager with the assistance of the Operational Group Date Produced: 11 th March 2010 Approved by: Steering Group (14 December 2010) Updated:
More informationBusiness Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA
Business Continuity Management PHILIPPINES :: MALAYSIA :: VIETNAM :: INDONESIA :: INDIA :: CHINA Learning Bites Understand the context and relevance of BCM A Philippine & Telco Perspective Comprehend how
More information18 Business Continuity Management
18 Business Continuity Management Business Continuity is the strategic and tactical capability of the organisation to plan for and respond to incidents and business disruptions in order to continue business
More informationEquipping You For Success
Equipping You For Success Maureen Roskoski, CFM, SFP, LEED AP O+M, Senior Professional Corporate Sustainability Officer Identify Benefits Implement System Engage Team Evaluate Performance Identify Benefits
More informationAgenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)
The Intersection of Enterprise-wide Risk (ERM) and Business Continuity (BCM) Marc Dominus 2005 Protiviti Inc. EOE Agenda Terminology and Process Introductions ERM Process Overview BCM Process Overview
More informationNHS England Emergency Preparedness, Resilience and Response (EPRR) Business Continuity Workshop Delegate Book
NHS England Emergency Preparedness, Resilience and Response (EPRR) Business Continuity Workshop Delegate Book This is published as part of a suite of documents published under Gateway Reference 04416.
More informationEffectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders. October 7, 2014
Effectively Communicating Enterprise-Wide Business Continuity to Senior Management and Stakeholders October 7, 2014 Agenda Background Program Elements What Makes it Enterprise-wide Recommended Strategies
More informationMission Essential Functions
Texas Emergency Management Conference 2017 Mission Essential Functions Identification and Prioritization Continuity of Operations (COOP) Program Management Lifecycle Alan Sowell, TDEM COOP Unit Supervisor
More informationExternal Supplier Control Obligations
External Supplier Control Obligations Resilience Control Title Control Description Why this is important 1.Resilience and recovery governance Supplier must establish effective governance to maintain resilience
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationSCRLC April Supply Chain Risk Leadership Council
SCRLC April Supply Chain Risk Leadership Council April 2009 Meeting Supply Chain Risk Leadership Council 1 Contents Founding Members Council Objectives Council Structure CISCO SCRM Team The ISO System
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Learning Objectives To understand the concept of Business Continuity Management; To understand the key phases and components of a Business
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Version FINAL 1.0 Ratified by Dudley CCG Audit Committee Date ratified 17/03/16 Name of originator(s) / author(s) David Morris, Midlands and Lancashire CSU/ Sue Johnson,
More informationRisk Management at Statistics Canada
Risk Management at Statistics Canada Presentation to Workshop on Risk Management Practices in Statistical Organizations J. Mayda April 25 th, 2016 Introduction Statistics Canada has had a formal Integrated
More informationBusiness Continuity 101. Fairchild Resiliency Systems
Business Continuity 101 Fairchild Resiliency Systems Business Continuity Business Continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable
More informationUsing a Standards-Based Management-System Approach to Increasing Resilience
Using a Standards-Based Management-System Approach to Increasing Resilience The Need is Real The world is becoming turbulent faster than organizations are becoming resilient. Gary Hamel Harvard Business
More informationBusiness Continuity Policy
Business Continuity Policy To ensure the effective availability of essential products and services, BCQ has raised this Business Continuity Policy in support of a comprehensive program for business continuity,
More informationISO What to expect from the new standard. Andy Morley IOSH East Midlands Branch 19 th November 2015
ISO 45001 What to expect from the new standard Andy Morley IOSH East Midlands Branch 19 th November 2015 Introduction Annex SL ISO 45001 Preparing for the new standard Questions Introduction 1985 Started
More informationISO/DIS 9001:2014 Analysis and Transition Guide
Improving performance, reducing risk ISO/DIS 9001:2014 Analysis and Transition Guide An LRQA perspective Introduction The publication of the Draft International Standard (DIS) of the International Quality
More informationIntroduction to Business
ANALYSIS DESIGN IMPLEMENTATION Introduction to Business Continuity course This course is an introduction to the world of business continuity (BC). It is designed as a first step for newcomers to the subject
More informationISO 14001:2015 Transition Presentation. Presented by Fredric Leung
ISO 14001:2015 Transition Presentation Presented by Fredric Leung 1 2 ISO Technical Committees TC 207 ISO = International Organization for Standardization Standards development work is done by Technical
More informationBusiness Continuity Planning. LGMA Conference October 27, 2011 Presented by Lisa Benini
Business Continuity Planning LGMA Conference October 27, 2011 Presented by Lisa Benini What is it? Business Continuity Planning Definition: Process of developing and documenting advance arrangements and
More informationBP3: Decomposing the Crisis/ Incident Management Timeline
BP3: Decomposing the Crisis/ Incident Management Timeline Eric Staffin, MBCI, CISSP VP and Global Head, Product & Infrastructure Risk Management Investment & Advisory 646 223 6980 eric.staffin@thomsonreuters.com
More informationISO22313: Your Ultimate Guide for Establishing a Business Continuity Management System
ISO22313: Your Ultimate Guide for Establishing a Business Continuity Management System By Mr Peck Eing Seng Senior Consultant, Business Continuity Planning Asia Pte. Ltd. Peck Eing Seng Senior Consultant
More informationThe 13th Annual Continuity Insights Management Conference
The 13th Annual Continuity Insights Management Conference Presented by: Continuity Insights What Enterprise-Wide Business Continuity Really Means Communicating the value of BC to management and embedding
More informationBC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP
BC & RISK MANAGEMENT: CONVERGENCE IS REAL David Halford Forsythe Solutions Group Frank Perlmutter Strategic BCP WHY THE CONVERGENCE OF BUSINESS CONTINUITY & RISK MANAGEMENT? The convergence of BC and RM
More informationHB A Practitioners Guide to Business Continuity Management
HB 292 2006 A Practitioners Guide to Business Continuity Management HB HB 292 2006 Handbook A practitioners guide to business continuity management First published as HB 292 2006. COPYRIGHT Standards Australia
More informationAsset Management Policy
Asset Management Policy January 2018 Introduction Our Asset Management Policy was last published in 2014. It is being updated to reflect our commitment to regularly review and improve all of our Asset
More informationBusiness Continuity Planning for Major Disruptions Checklist 255
Business Continuity Planning for Major Disruptions Checklist 255 Introduction Major disruptions to organisations come in many forms. Extreme weather conditions, technical failure, people related factors
More informationEY s Africa Resilience Survey 2016
EY s Africa Resilience Survey 2016 For more information, please visit: ey.com/za Follow us on Twitter: @EY_Africa B EY s Africa Resilience Survey 2016 Foreword Welcome to EY s Africa Resilience Survey
More informationDifferences between ISO 9001:2008 and ISO 9001:2015
Differences between ISO 9001:2008 and ISO 9001:2015 ISO 9001:2015 HAS TEN CLAUSES INSTEAD OF EIGHT ISO 9001:2015 has ten clauses instead of eight. The following table shows the relationship of the ISO
More informationThis policy establishes the approach to risk management at Sunshine Coast Council (Council) and outlines the guiding principles and framework.
Organisational policy Risk Management Policy Corporate Plan reference: Endorsed by Chief Executive Officer: Manager responsible for policy: A strong community In all our communitites, people are included,
More informationThe Best Offense. Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management
The Best Offense Presented by: Kimberly Hirsch MBCP, MBCI, ISO22301 Lead Auditor Fusion Risk Management Agenda Welcome and Introduction Governance and Compliance Liability Issues BC Standards Requirements
More informationCorporate policy. Business Continuity Management Policy. Issue sheet
Corporate policy Business Continuity Management Policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop
More informationBusiness Continuity Framework
Business Continuity Framework A definition to the Components of Resiliency March, 1 Business Continuity Framework 1. INTRODUCTION... 3 2. PURPOSE... 3 3. THE FRAMEWORK... 4 4. STEERING COMMITTEE... 5 5.
More informationBusiness Continuity Management Policy. Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017
Business Continuity Management Policy Document Code PtHB / CGP 001 Date Version Number Planned Review Date Oct 2014 Issue 1 Oct 2017 Document Owner Approved by Date Civil Contingencies Executive Team 08/10/2014
More informationISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change
ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject
More informationChapter 10 Strategy Evaluation and Control
Chapter 10 Strategy Evaluation and Control 1 Learning Objective To understand the strategic control process To understand the clear definition of what needs to be controlled To learn the process of setting
More informationBCP Methodology Benefits realisation
www.pwc.com.cy BCP Methodology Benefits realisation Risk Assurance Consulting (RAC) Risk Assurance Consulting (RAC) helps management to make well informed decisions. The insight and independent assurance
More informationISO BCMS audit results and what they tell us
ISO 22301 BCMS audit results and what they tell us Hilary Estall MBCI, IRCA BCMS Lead Auditor takes a look at how organisations are faring with their BCMS audits and what, if any, trends are appearing.
More informationJCU Business Continuity Management Plan
JCU Business Continuity Management Plan 1 P age 1. Business Continuity Management... 4 1.1 What is Business Continuity (BC)?... 4 1.2 Business Continuity and Risk Management... 4 1.3 Business Continuity
More informationCORROSION MANAGEMENT MATURITY MODEL
CORROSION MANAGEMENT MATURITY MODEL CMMM Model Definition AUTHOR Jeff Varney Executive Director APQC Page 1 of 35 TABLE OF CONTENTS OVERVIEW... 5 I. INTRODUCTION... 6 1.1 The Need... 6 1.2 The Corrosion
More informationAdvantage Audit, Consult & Train (Pty) Ltd
Advantage Audit, Consult & Train (Pty) Ltd Tel +27 12 807 3503 Fax +27 12 807 1539 Joep Joubert 31 May 2017 E-mail: sheq@advantageact.co.za www.advantageact.co.za ISO 45001: SO WHAT IS ALL THE NOISE ABOUT??
More informationOctober WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience
October 2018 WFE Response to the BoE-FCA-PRA Discussion Paper: Operational Resilience Background The World Federation of Exchanges (WFE) is the global trade association for exchanges and clearing houses,
More informationCORESafety Safety and Health Principles
CORESafety Safety and Health Principles Principle 1 Leadership Development Identifying and developing employees in leadership positions who can: Influence safety and health performance improvement. Positively
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationWILTSHIRE POLICE FORCE POLICY
Template v4 WILTSHIRE POLICE FORCE POLICY BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS) Date of Publication: January 2017 Version: 3.0 Next Review Date: January 2019 POLICY STATEMENT Wiltshire Police has
More informationProtecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning MIS5206 Week 9 Case study discussion Business Continuity Planning (BCP) and Disaster Recovery (DR) Planning Test
More informationBusiness Continuity. Building a Program Fit for Purpose
Business Continuity. Building a Program Fit for Purpose Tim Janes. Director Fulcrum Risk Services Tuesday 2 September. 11.30-12.45 T Janes. BC SLIDES. RIMS Risk Forum Aust 2014 v1.0 Building a BC Program
More informationWhy BSI? Our products and services. To find out more visit: bsigroup.com/en-au. Conclusion
Conclusion Risk-based thinking is not new Risk-based thinking is something you do already Risk-based thinking is continuous Risk-based thinking ensures greater knowledge and preparedness Risk-based thinking
More informationISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices
INTERNATIONAL STANDARD ISO 31000 First edition 2009-11-15 Risk management Principles and guidelines Management du risque Principes et lignes directrices http://mahdi.hashemitabar.com Reference number ISO
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationThe Business Continuity Blueprint. A practical guide to. business continuity planning. PART 2 Your Programme
The Business Continuity Blueprint A practical guide to business continuity planning PART 2 Your Programme CONTENTS FOREWORD A practical guide to Business Continuity Planning Experience tells us there are
More informationRISK ENGINEERING GUIDELINE
RISK ENGINEERING GUIDELINE BUSINESS CONTINUITY MANAGEMENT (BCM) HDI Risk Consulting Business Interruption www.hdi.global Development and Implementation of a Business Continuity Management System (BCMS)
More informationThe Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector
The Sector Skills Council for the Financial Services Industry National Occupational Standards Risk Management for the Financial Sector Final version approved April 2009 IMPORTANT NOTES These National Occupational
More information12.0 Business Continuity Management
Number 12.0 Policy Owner Information Security and Technology Policy Business Continuity Management Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 12. Business Continuity
More informationBusiness Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association
Business Continuity Management for Singapore s Logistics Sector By Singapore Business Federation and Singapore Logistics Association Are You Ready? In today s highly connected business landscape, disruptions
More informationSocietal security Business continuity management systems Guidance
ISO 22313:2012 AS ISO 22313:2017 Societal security Business continuity management systems Guidance This Australian Standard was prepared by Committee MB-025, Security and Resilience. It was approved on
More informationFraud Risk Management
Fraud Risk Management Fraud Risk Management Overview 2017 Association of Certified Fraud Examiners, Inc. Discussion Questions 1. Does your organization follow a specific risk management model? If so, which
More informationEDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK
EDINBURGH NAPIER UNIVERSITY BUSINESS CONTINUITY POLICY AND FRAMEWORK Purpose This policy sets out the University s approach to maintaining and developing business continuity plans on an on-going basis
More informationBusiness Continuity Management Strategy
Business Continuity Management Strategy September 2018 Version:1.0 NHS fraud. Spot it. Report it. Together we stop it. 1 Version control Version Name Date Comment V 1.0 Trevor Duplessis January 2018 Review
More informationA Guide to Business Continuity
A Guide to Business Continuity Getting Started Business Continuity Management is a process driven from the top of the organisation. The first stage has to be an acceptance by the Board or the Executive
More informationBusiness Continuity Policy
Business Continuity Policy 1. Scope and Aims... 1 2. Objectives... 1 3. Delivery... 1 4. Governance... 2 5. Roles and Responsibilities... 2 6. Outcomes and Reviews... 4 7. Links to other policies / procedures...
More informationHSE Integrated Risk Management Policy. Part 1. Managing Risk in Everyday Practice Guidance for Managers
HSE Integrated Risk Management Policy Part 1 Managing Risk in Everyday Practice Guidance for Managers HSE Integrated Risk Management Policy Part 1 Managing Risk in Everyday Practice Guidance for Managers
More informationGlobal Crises: What We Really Need to Do to Be Prepared. Day One / Session C5
Global Crises: What We Really Need to Do to Be Prepared Day One / Session C5 April 12, 2010 Clyde Berger Adam Chusid 0 Today s Objectives Present practical solutions for building a viable sustainable program
More informationBCP Methodology Benefits realisation
www.pwc.com.cy/technology-consulting BCP Methodology Benefits realisation BCP Methodology Our BCP methodology incorporates five (5) phases. The phases take an organisation from prioritising core business
More informationImplementing a Security Management System: An Outline
Implementing a Security Management System: An Outline CAP 1273 Civil Aviation Authority 2018 All rights reserved. Copies of this publication may be reproduced for personal use, or for use within a company
More informationCISSP Certified Information Systems Security Professional (CISSP)
QUESTION 1 CISSP Certified Information Systems Security Professional (CISSP) During a recovery procedure, one important step is to maintain records of important events that happen during the procedure.
More informationISO 9001:2015 Revision overview
ISO 9001:2015 Revision overview - General users July 2014 ISO/TC 176/SC 2/N1219 1 Disclaimers verbal statements made by the presenter may represent personal opinions and/or interpretations the presentation
More informationOHSAS TO ISO MIGRATION TERRY FISHER, OHSMS ASSESSOR
OHSAS 18001 TO ISO 45001 MIGRATION TERRY FISHER, OHSMS ASSESSOR ISO 45001 This is a completely new standard not just a refreshed 18001 as 18001 was not an ISO standard previously. This is a migration BS
More informationISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationISO 45001: 10th April 2018
ISO 45001: 10 th April 2018 ISO 45001: A new international standard for OH&S management systems Rob Pugh, Senior Consultant Audit and consultancy. A new international standard for OH&S management systems
More informationISO Revision Launch Event
ISO Revision Launch Event ISO 14001: 2015 Stanley Wright Environmentalist Copyright 2014 BSI. All rights reserved. 1 Background to the requirements of environmental compliance An overall umbrella called
More informationCOSO ERM: Integrating with Strategy and Performance. Michael Parkinson
COSO ERM: Integrating with Strategy and Performance Michael Parkinson Content The COSO Frameworks Risk (Enterprise) Risk Management The COSO risk management framework A few highlights Questions for management
More informationBusiness Impact Analysis in the process of business continuity management
Business Impact Analysis in the process of business continuity management Josef Krahulec, Ing. Miroslav Jurenka, Ing. PhD University of Defence, Brno, Czech Republic Introduction The article deals with
More informationWe are a global classification, certification, technical assurance and advisory company Ungraded
We are a global classification, certification, technical assurance and advisory company 1 Global reach local competence 150 300 100 15,000 years offices countries employees 2 DNV GL :: Focused on your
More informationEnterprise Risk Management: Developing a Model for Organizational Success. White Paper
Enterprise Risk Management: Developing a Model for Organizational Success White Paper January 2009 Overview Less than a decade ago, Enterprise Risk Management (ERM) was an unfamiliar concept. Today, the
More informationMs. Michael C. Redmond, MBCP,FBCI,CEM, PhDc
Ms. Michael C. Redmond, MBCP,FBCI,CEM, PhDc www.redmondworldwide.com BP31: Developing Enterprise Risk Management (300 L) Michael C. Redmond, Redmond Worldwide To proactively approach enterprise risk management
More informationTexas Tech University System
Texas Tech University System October 31, 2017 ERM Overview Evolution of Risk Management Risk Traditional Definition The possibility that something bad or unpleasant will happen. Merriam-Webster Minimizing
More informationPOLICY ON RISK MANAGEMENT
POLICY ON RISK MANAGEMENT This Policy was approved by the Board of Trustees on March 14, 2017. Table of Contents 1. INTRODUCTION... 1 2. OBJECTIVE... 1 3. APPLICATION... 1 4. POLICY... 1 5. ROLES AND RESPONSIBILITIES...
More informationAdvanced Audit Techniques
Advanced Audit Techniques Who should attend? Senior Auditors Audit Managers and those about to be appointed to that role Auditors that need to audit technical or complex business areas Assurance professionals
More informationBUSINESS CONTINUITY & STRATEGY POLICY
BUSINESS CONTINUITY & STRATEGY POLICY Authorship: Chris Wallace, Information Governance Manager Committee Approved: Integrated Audit and Governance Committee Approved date: 11th March 2014 Review Date:
More informationFor a leader to be effective in today s uncertain world, they have to. understand the nature of complexity and adapt their leadership role in a
Exercise and Testing IDRC 2010 Emergent Leadership For a leader to be effective in today s uncertain world, they have to understand the nature of complexity and adapt their leadership role in a manner
More informationPOL:10:EP:003:03:NIBT PAGE 1 of 7
POL:10:EP:003:03:NIBT PAGE 1 of 7 Northern Ireland Blood Transfusion Service POLICY DOCUMENT Document Details Document Number: POL:10:EP:003:03:NIBT No. of Appendices: 2 Supersedes Number: POL:10:EP:003:02:NIBT
More informationSubject Area 1 Project Initiation and Management
Professional Practice Narrative: Establish the need for a Business Continuity Plan (BCP), including obtaining management support and organizing and managing the BCP project to completion. (This includes
More informationGUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))
GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2)) Operational Risk Management MARCH 2017 STATUS OF GUIDANCE The Isle of Man Financial Services Authority ( the Authority ) issues guidance for
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services Policy owner
More informationISO 9001:2015 Expected Changes
ISO 9001:2015 Expected Changes Paula Fyda, Steve Sabo Innovative Quality Solutions Co. ISO/TC 176/SC 2/WG23 N063 1 Purpose of presentation To provide an overview of the proposed revision of ISO 9001 which
More information