ISO whitepaper, January Inspiring Business Confidence.
|
|
- Jasmine Paul
- 6 years ago
- Views:
Transcription
1 Inspiring Business Confidence. ISO whitepaper, January 2015 Author: Graeme Parker
2 ISO is the new International Standard for Business Continuity Management released by the International Organisation for Standardisation (ISO). It is designed to help ensure organisations are suitably prepared to continue delivering to their customers in the event of an interruption. The standard is very flexible meaning it can be used by many organisations large and small to deliver numerous business benefits such as: Cost reduction gained through a greater understanding and management of risk Protection of brand and reputation Increased confidence of customers and clients Compliance with contractual and legal requirements The ability to win future business by easily meeting bid, tender and customer requirements In addition, there are a number of other benefits of using ISO as your approach to Business Continuity Management. This paper aims to explain exactly what ISO is, what Business Continuity is all about, how ISO can help and exactly what is involved in applying it. Introduction Organisations across the world face risks which could interrupt their business and ability to fulfil customer requirements or needs. Of course people always consider the rare yet dramatic incidents, fire, floods, earthquakes, terrorist attacks and so on. What about other more mundane interruptions? What happens when there is no power in your premises, staff cannot get to work because of weather conditions or transport issues, or your key IT equipment fails. And what about business risks, what happens if you are unable to secure the credit and finance you need, or a key supplier in your supply chain ceases to trade? Business Continuity is all about answering those questions and ensuring effective plans are in place to guarantee customers continue to receive the service they expect no matter what goes wrong. Without doubt some things are much more likely to occur than others and you cannot plan for everything, but some simple risk management techniques can ensure your organisation can stay in business and maintain and even enhance its reputation. ISO provides a flexible and certifiable framework which will help to address the Business Continuity issues that concern your organisation. History Some readers may already be familiar with the BS Business Continuity Standard. The new ISO standard is the next step with a move from a British to International Standard. The development of Business Continuity standards has been a gradual evolution from the use of professional standards through to the Business Continuity Institute publishing good practice guidelines in In 2006 BS was published by the British Standards Institute and in 2007 the certifiable BS was released allowing organisations to have their Business Continuity Management System (BCMS) independently reviewed and certified. 2
3 The initial draft version of ISO was developed in 2010 and progressed through a number of versions until its final release and approval in The following diagram shows a brief history of the evolution of Business Continuity standards: 1997 Professional practice standards exist in the UK and the US 1999 Uniform assessment of BCM for Y2K FSA requires Good Practice guidelines 2003 Publication of PAS 56 BCI publishes BCM Good Practice Guidelines 2006 BSI publishes BS BSI publishes BS ISO publishes final version of ISO History of the ISO standard What is Business Continuity? As already highlighted earlier Business Continuity is a business driven process to ensure your organisation can continue to fulfil legal, customer and client requirements and maintain a good reputation in the event of a business interruption. Effective Business Continuity is designed to: Help to proactively develop resiliency against disruption. Through effective risk management there are many potential problems that can be addressed before they actually interrupt the business; Provide a rehearsed, repeatable and proven method to restore key activities in the event of an interruption; Provide clear capacity to protect an organisation s reputation and brand; Ensure that organisation can manage risks which have been realised. In the world of Business Continuity many terms such as Contingency Planning, Emergency Management, Disaster Recovery, Crisis Management and others are used which could lead to confusion and unnecessary complexity. All of these elements are important and are all linked to Business Continuity Planning. The following aims to explain the terms and how they relate to each other. 3
4 Emergency Management Emergency Management is concerned with serious events which involve Emergency Procedures, for example procedures to be followed in the event of a fire or other such situation. They do not deal with how the organisation will continue to operate but are extremely important for any organisation whose number one responsibility in an emergency is the protection of life, health and safety of people. Crisis Management Crisis Management is a key part of the Business Continuity planning and is the process of handling and managing an event when it occurs. This will cover the co-ordination and management of people, organisation of workspace, equipment and facilities. In order to protect your brand and reputation this should also consider how you communicate with your customers, public and media who may well have an interest depending on the nature of the event and your organisation. Disaster Recovery Disaster Recovery is part of Business Recovery and is focused on getting business back to normal. So where as Business Continuity is all about continuing to serve your customers and clients, Disaster Recovery helps restore the normality after the interruption. Disaster Recovery is sometimes considered as an IT term with the key aim of getting IT systems back up and running. IT Disaster Recovery is of course critical to most businesses; however IT Disaster Recovery Plans should always be designed to fulfil your Business Continuity requirements and not the other way around. So, Business Continuity is more widely focused covering all of the above and many more elements as shown in the diagram below. Given the many elements that Business Continuity is concerned with, a good framework is required to ensure oversight and management of all the areas. ISO is designed to address all these elements whilst being flexible enough to allow organisations to manage Business Continuity in a way that suits them. Business Continuity Management Risk Management Emergency Management IT Disaster Management Organisational Elements Facilities Management Supply Chain Management Quality Management Environmental Management Health & Safety Knowledge Management Human Resources Security Crisis Communication & PR 4
5 Why is Business Continuity important to your organisation? By now you will have a good idea why Business Continuity is important. You may have contractual obligations to meet; an interruption may have a major impact on your organisation and the trust of your customers. There are many reasons why Business Continuity is important but here are a few statistics and examples to show this is more than just a theory: 2 out of 5 enterprises experiencing a disaster will go out of business within 5 years, Gartner estimates that 40% of all businesses which lose all their data go out of business within 5 years Gartner 30% of businesses never reopen, while 29% go out of business within 2 years Meta Insurance Disaster Report 80% of Businesses that do not have Business Continuity plans go out of business within 13 months of a major incident Business Continuity Institute Top 5 consequences of a disaster, 2006: 1. Decreased employee productivity (62%) 2. Data Loss (43%) 3. Reduction in profits (40%) 4. Damage to customer relationship (38%) 5. Reduction in Revenue (27%) Veritas Research Recovery Group These statistics clearly highlight the need for Business Continuity planning however what about some real world examples of business interruptions and impacts: Buncefield Fire The Buncefield Fire was a major incident which occurred at the Hertfordshire Oil Storage Terminal near the M1 motorway in the south of England. On the 11th December 2005 a series of explosions occurred at the site eventually overwhelming 20 large storage tanks. The event was the biggest explosion of its kind in the UK since 1974 and took two days to extinguish. The explosions caused many serious problems in the local area, 224 people required medical attention, hundreds of homes in the Hemel Hempstead area were evacuated, 227 schools along with libraries and other public buildings across Hertfordshire and Buckinghamshire were closed for three days, along with a further 78 schools closing in nearby borough of Luton on the 13th December. In addition to these issues local motorways were closed and some instances of fuel panic buying occurred along with Heathrow airport being required to adjust fuelling plans for some aircraft operating from Heathrow. A number of businesses were seriously affected by the issues at Buncefield particularly those in the Maylands industrial area. The headquarters of Fujifilm and buildings belonging to 3Com Corporation were 5
6 badly damaged. In the case of Fujifilm the building was damaged beyond repair. In all, six buildings were designated for demolition with a further 30 requiring major repair before they could be re-occupied. Northgate Information Solutions were also seriously affected leading to a number of websites and IT systems hosted by Northgate to become unavailable. The website of the Labour Party and the IT system handling admissions to the Addenbrooke Hospital in Cambridgeshire were affected for several days. Online fashion retailer ASOS were forced to close for five weeks resulting in 4million of lost sales. UK and Ireland Floods In November and December 2009, UK and Ireland were hit by severe floods across both countries with Cumbria and Dumfies and Galloway being affected in the UK and the Irish counties of Clare, Cork, Galway and Westmeath suffering. In addition to the serious human consequences with many homes being flooded, numerous businesses were disrupted, along with power supplies and road and rail transport links causing difficulties for business around both countries. Flooding is becoming an increasing problem in many areas of the world due to a combination of climate change and the pressure to build in more and more flood threatened areas. For more information see: Blackberry Outage On the 10th October 2011 Research in Motion (RIM) suffered from several technical issues with servers at the Slough offices resulting in service outages for up to 70 million customers in Europe, the Middle East and India. This outage affected personal and business users alike including those using Blackberry Enterprise Servers and lasted for three days, leaving some businesses having communication difficulties with their customers. In a press conference RIM s co-ceo Mike Lazaridis explained: On Monday, we had a hardware failure that caused a ripple effect in our system, a dual redundant high-capacity core switch designed to protect the infrastructure failed, this caused a cascade failure in our system, There was a back-up switch but the back-up did not function as intended and this led to a backlog of data in the system. The failure in Europe, in turn, overloaded systems elsewhere. When we restarted the system based in Europe the data queue processing took much longer than we had expected to restore to our standard service levels, this backlog impaired service levels According to an article in the International Business Times the estimated cost to RIM could be in the region of $350 million, however the outage resulted in many negative news reports and required senior management to make public apologies on behalf of the company. The longer term financial losses from a damaged reputation are difficult to quantify and is one of the key possible impacts of any Business Continuity incidents. Many other high profile examples where tested Business Continuity plans would be critical can be named as well as numerous day to day examples, in essence the above examples show an unexpected incident can occur at any time but the impacts can be managed by applying a proactive approach to Risk and Business Continuity Management. 6
7 Why should you use 22301? The amount of effort you need to apply to build a Business Continuity solution can appear to be overwhelming. While building your solution you need to follow a program that involves a number of clearly defined steps. Once you have selected these steps you should identify the associated costs in order to avoid unnecessary overspending. There is no business case to be made for failing to control costs. As soon as you have finished implementing all these steps you want to make sure they work and have the desired effect, so you need to be able to verify them. Even then the Business Continuity effort does not end here, once you have implemented and verified the solution, you need to maintain it and make sure it still aligned to your business strategy and objectives. All of these complicated requirements and issues can be addressed by adopting the new ISO standard. This standard is focused on the implementation and operation of a Business Continuity Management System (BCMS) that addresses all of the issues mentioned above and enables you to manage, coordinate and control your Business Continuity efforts. The ISO standard is vendor and technology neutral. This means it will fit the requirements of most organisations without creating a vendor lock-in or applying to one or two specific technology situations. Obviously, the ISO standard allows for specific solutions to be integrated into the BCMS, but it is not written with a specific technology solution in mind. The standard follows the same structure as some of the better-known ISO standards like ISO 9001 and ISO These ISO standards follow the Plan/Do/Check/Act model and demand very similar things to ISO For example requirements for Internal Audit, Management Review and Management Commitment are exactly the same across all of these standards. Because of these similarities, some of the work performed while implementing other standards can be re used, especially the risk identification and management steps from ISO This can save considerable time, resources and money when designing and implementing an ISO Business Continuity Management System. By integrating the BCMS with the management systems of other ISO standards, an organisation can make significant savings on operational costs and efforts. Instead of maintaining two or three separate management systems, only one needs to be maintained. This has the additional benefit that the different management systems can be aligned and thus enforces each other. 7
8 Because of the Plan/Do/Check/Act cycle built into the standard, it becomes almost natural to adapt the BCMS implementation to changes in the environment of the organisation. Identifying these changes and managing them through the PDCA cycle will automatically incorporate them into the BCMS. There is no need to redo the complete business continuity program all over again. As already stated the ISO standard is vendor neutral and has been written in such a way that it can be independently certified, similar to the ISO 9001 and ISO An independent certification body can verify the implementation and operation of the BCMS. Once the organisation has attained this certification, this can be used to provide assurance to customers and can be used as a very strong marketing tool. As the standard is independently verifiable, an organisation is not bound to one audit or certification firm, but can choose from any certification body that provides the best fit and value to the business. How? The steps taken to build a Business Continuity Management System according to the ISO standard follow the generic steps used in building other management systems (e.g. in building an ISMS based on ISO 27001). These steps are listed below and should help you get an idea on the benefits and impact of establishing an ISO based BCMS. Step 1 Establish external and internal context of the BCMS. In this step the organisation should determine in what context the BCMS must operate, what information systems are managed by the BCMS and what the legal and business requirements are for Business Continuity, and potentially Disaster Recovery. Performing a Business Impact Analysis will help in determining the scope and selecting the business critical information systems. 8
9 Step 2 Once the context has been established, the organisation needs to be mobilised to show commitment to the implementation and operation of the BCMS to be built. Building and operating a BCMS, like any other management system, will require financial and time commitments. The benefits and commitments needed should be communicated to the right level of management within the organisation in order to ensure that the BCMS is actively supported by all levels within the organisation. The management s support and commitment is crucial to the success of the project! This commitment takes the form of establishing and communicating a Business Continuity policy, defining roles and responsibilities in the organisation and giving the right authority to people within the organisation. Step 3 After getting the support and commitment of upper management, the goals and objectives of the BCMS need to be formulated. These should be based on the business drivers and needs for continuity. The final version of the BCMS should both effectively and efficiently support these drivers and goals. By performing a risk analysis, the organisation should determine what are the specific threats to these goals and drivers. Once these threats have been assessed, controls need to be selected which can reduce these risks to an acceptable and manageable level. Step 4 The set of controls selected after the risk assessment need to be implemented in the organisation and should be applied to people, processes and technology. Once they have been implemented, they need to be tested for both effectiveness and efficiency. Step 5 After building this initial version of the BCMS, it needs to be embedded in the organisation so it can be operated. This initial version of the BCMS will most probably not cover all aspects and systems due to limited time and resources. Like any ISO standards based management system, the BCMS follows the plan-do-check-act cycle of continuous improvement. Using the PDCA cycle, the BCMS can be expanded and improved in a controlled manner. Future benefits Implementing and maintaining a BCMS based on the ISO standard has important future benefits. Due to its vendor and technology neutral nature there is no threat of vendor or technology lock-in. The organisations stay in control of their own business continuity and can choose from a number of players in the market, both for implementation and certification. Implementing a BCMS along with a QMS (ISO 9001) and or an ISMS (ISO 27001), and integrating them will reduce costs, ease operation and makes it easier to keep the alignment to the business goals. In the long run, this will save organisations money, time, and of course protect their image, brand and reputation. Integrating these management systems into an overall business risk management strategy becomes easier and adapting to new risks and opportunities will require less effort. 9
10 Conclusion Organisations need to be in control of the various risks which they face; from information security, health and safety of its employees, investing in people, financial probity, business continuity, the impact on the environment... The list is endless! Existing clients, strategic partners, and prospective customers are all judging how fit you are for business by looking at way in which you manage these risks. Our aim is to help you control your business risks, ensuring you can take advantage of business opportunities! We aim to improve operational efficiency to allow your business to see a good return on its investment through addressing those risks, demonstrating professional practices and adhering to applicable legislation and regulations. Organisations that have taken this approach have proven that it has helped them to succeed in business along with lowering costs and we are convinced that we can help you to achieve greater success too. Parker Solutions Group uses a holistic approach to managing these risks and thus improving your business. Our consultants have helped many organisations achieve certification and compliance to recognised ISO standards as well to other recognised standards across the globe. These ISO standards can be integrated seamlessly. They share many principles, so by looking at getting your business compliant in a number of areas can provide you with outstanding value for money. We ensure your business is compliant with current legislation, certified to industry standards and fit for business! 10
11 About PARKER Solutions Parker Solutions Group was established by Managing Director Graeme Parker in response to the increasing risks and challenges that organisations across the globe are facing. We are providers of professional training, services and coaching across multiple risk disciplines. Our aim is to enable your organisation to become resilient to threats, to increase your ability to seize opportunities and to ease the effort of meeting compliance requirements. Our international multi-disciplinary team of professionals is on hand to provide solutions across key risk areas including Cyber Security, Business Continuity, IT and Technology Risk, Energy, Safety, Sustainability and Environmental risk. With our strong knowledge and experience of standards in these areas along with our innovative and proportionate approach we are ready to enable your organisation. Our mission is to ensure that Governance and Risk Management efforts are implemented efficiently as possible and become a business enabler. We firmly believe that addressing risk should not be a cost or necessary evil but should be a benefit to your organisation. With a strong team of professionals Parker Solutions Group helps organisations make Risk Management become a business enabler by increasing efficiency and reducing un-necessary cost. All our solutions are linked to the key objectives of your organisation. We are more than just a consultancy, we can make recommendations and we also have the ability to go that one step further and actually implement working solutions covering people, processes and technologies. Our professional coaching and training services are also designed to enable your organisation to become self-sufficient reducing the reliance on external consultants. Whether your organisation is a small business, large multinational or a public sector organisation you can be assured that providing a highly professional and excellent service is the core principal of Parker Solutions Group. We have professionally certified and dedicated people with proven skills in the services we offer. Our people have experience working with and assisting a wide variety of organisations around the globe. We would like to thank PECB for generously providing the graphics for this whitepaper. For further information and free no obligation discussion please contact us on: 6 George Street, Driffield, York, YO25 6RA UK enquiries@parkersolutionsgroup.co.uk +44 (0)
ISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationBusiness Continuity. Building a Program Fit for Purpose
Business Continuity. Building a Program Fit for Purpose Tim Janes. Director Fulcrum Risk Services Tuesday 2 September. 11.30-12.45 T Janes. BC SLIDES. RIMS Risk Forum Aust 2014 v1.0 Building a BC Program
More informationHow Your Business Survival Depends On Disaster Recovery.
How Your Business Survival Depends On Disaster Recovery www.itgct.com 1 Business continuity and disaster recovery, known as BCDR or BC/DR, are essential for ensuring the survival of your business in the
More informationISO Collaborative Business Relationship Management Your implementation guide
ISO 44001 Collaborative Business Relationship Management Your implementation guide ISO 44001 Collaborative Business Relationships enhances the performance and competitiveness of your organization Collaborative
More informationISO Business Continuity Management. Your implementation guide
ISO 22301 Business Continuity Management Your implementation guide Build a robust and resilient organization with ISO 22301 It s never been more important to protect your business from the unexpected.
More informationMoving from BS to ISO The new international standard for business continuity management systems
Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the
More informationFrom its adoption as a discipline in the 1980s,
DISASTER RECOVERY From its adoption as a discipline in the 1980s, Disaster Recovery has come a long way. Since the publication of PAS 77 in 2006 (the precursor to BS25777 published in 2008), even its name
More informationMoving from ISO 14001:2004 to ISO 14001:2015 Transition Guide
ISO Revisions Final Standard Moving from ISO 14001:2004 to ISO 14001:2015 Transition Guide ISO 14001 - Environmental Management System - Transition Guide Successful businesses understand that it is the
More informationMy name is Sam Mulholland and I am the Managing Director of Standby Consulting.
Cyber Security Forum Presentation C.B (Sam) Mulholland Good Afternoon My name is Sam Mulholland and I am the Managing Director of Standby Consulting. Just a little bit about myself. I have worked in IT
More informationISO Your implementation guide
ISO 55001 Your implementation guide Optimize the value from your assets with ISO 55001 Don t let the management of costly and complex assets become a burden to your organization.. ISO 55001 can help you
More informationISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns
ISO Standards in Strengthening Organizational Resilience, Mitigating Risk & Addressing Sustainability Concerns 13 December 2016 Joe Muratore Copyright 2012 BSI. All rights reserved. Enterprise Risk Management
More informationPoint of view Digital Business Resilience in Financial Services
Point of view Digital Business Resilience in Financial Services Abstract This Paper presents a discussion of the new and evolving challenges presented by the accelerating evolution of systems, technical
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Learning Objectives To understand the concept of Business Continuity Management; To understand the key phases and components of a Business
More informationCitizens Property Insurance Corporation Business Continuity Framework
Citizens Property Insurance Corporation Framework Dated September 2015 Approvals: Risk Committee: September 17, 2015 (via email) Adopted by the Audit Committee: Page 1 of 12 Table of Contents 1 INTRODUCTION...
More informationBusiness Continuity Management Policy. Guidance
Management Guidance Document Type: Guidance Parent Policy: Management Policy Policy Owner: Chief Supt Department: Document Writer: Co-ordinator Effective Date: 12 th March 2015 Review Date: 12 th March
More informationRisk Advisory Services Developing your organisation s governance for competitive advantage
Advisory Services Developing your organisation s governance for competitive advantage The Deloitte Advisory Platform of Services can help you to govern your strategic plan to guide your operations measure
More informationBEGINNER S GUIDE TO ISO 9001 : Quality Management System Requirements Explained
BEGINNER S GUIDE TO ISO 9001 : 2015 Quality Management System Requirements Explained What is ISO 9001 : 2015? Why use it? ISO 9001 is an internationally recognised standard in quality. It is a guide to
More informationManaged Services Firm Uses Collaborative Framework to Gain Efficiency, Cut Costs
Microsoft Office Enterprise Project Management Customer Solution Case Study Managed Services Firm Uses Collaborative Framework to Gain Efficiency, Cut Costs Overview Country or Region: United Kingdom Industry:
More informationIntegrating ISO 9001:2015 and ISO 14001:2015
Integrating ISO 9001:2015 and ISO 14001:2015 Seize the opportunity and make efficiencies Whitepaper Integrating ISO 9001 and ISO 14001: there s no better time Why now? ISO standards have changed. The introduction
More information5 steps to successful data loss prevention
5 steps to successful data loss prevention Key points: Protect your data wherever it is Engage the business Invest in event processing It s about a lot more than just the tools Measure maturity company85.com
More informationStrategic Business Continuity Management
Strategic Business Continuity Management Steven J. Ross Deloitte & Touche New York Prospering in the Secure Economy Leading organizations must confront the new realities of today s uncertain economy The
More informationBUSINESS CONTINUITY AS A SERVICE
BUSINESS CONTINUITY AS A SERVICE CONFIDENCE IN CONTINUITY From the launch of the UK s first managed online backup services over 15 years ago, to our leading Disaster Recovery as a Service (featured in
More informationBusiness Continuity Policy. Interim Governance Consultant. October Greenwich Executive Group
Business Continuity Policy Author(s) Interim Governance Consultant Version 1.1 Version Date October 2016 Implementation/Approval Date October 2016 Review Date October 2017 Review Body Greenwich Executive
More informationBusiness Continuity Advice. Loss of premises
Loss of premises Consider the impact on your organisation if you are unable to use your premises for whatever reason. Maybe a fire, flood, or loss of electricity. Even an incident on the transport network
More informationPROMOTE A SAFE WORKING ENVIRONMENT WITH ISO 45001: THE NEW OCCUPATIONAL HEALTH AND SAFETY STANDARD
PROMOTE A SAFE WORKING ENVIRONMENT WITH ISO 45001: THE NEW OCCUPATIONAL HEALTH AND SAFETY STANDARD ABOUT SGS INTRODUCTION THE ISO 45001 DEVELOPMENT PROCESS THE IMPORTANCE OF LEADERSHIP THE BENEFITS OF
More informationIncident Management Systems:
Emergency Notification Incident Management Incident Management Systems: A Business Continuity Program Game-Changer Table of Contents Introduction Poised for Mainstream Adoption Marketplace Confusion Standardization
More informationAn introduction to business continuity planning
An introduction to business continuity planning What is business continuity, and is it relevant to me? Business continuity planning is about identifying the critical functions and services your business
More informationSupplier Risk Management. Do You Really Have the Right Level of Visibility to Minimise Risk?
Supplier Risk Management Do You Really Have the Right Level of Visibility to Minimise Risk? Contents 3 4 Introduction What Kind of Risk Are We Talking About? 5 How Do You Manage Such a Diversity of Risk?
More informationBusiness Continuity/ Disaster Recovery. Sean Gunasekera
Business Continuity/ Disaster Recovery Sean Gunasekera Course Outline and Structure Week 1 Security Governance Week 2 Managing Security in the organisation Risk Management Week 3 Risk management Breaches,
More informationMoving to the AS9100:2016 series. Transition Guide
Moving to the AS9100:2016 series Transition Guide AS9100-series - Quality Management Systems for Aviation, Space and Defense - Transition Guide Successful aviation, space and defense businesses understand
More informationMoving from ISO/TS 16949:2009 to IATF 16949:2016. Transition Guide
Moving from ISO/TS 16949:2009 to IATF 16949:2016 Transition Guide IATF 16949:2016 - Automotive Quality Management System - Transition Guide An effective Quality Management System is vital for organizations
More informationBusiness Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association
Business Continuity Management for Singapore s Logistics Sector By Singapore Business Federation and Singapore Logistics Association Are You Ready? In today s highly connected business landscape, disruptions
More informationBCP Methodology Benefits realisation
www.pwc.com.cy BCP Methodology Benefits realisation Risk Assurance Consulting (RAC) Risk Assurance Consulting (RAC) helps management to make well informed decisions. The insight and independent assurance
More informationIntroducing ISO 22301
Introducing ISO 22301 1 2 Background How was the ISO22301 formed? Contributors 3 Context 4 Source documents included BS25999-2 NFPA 1600 ASIS OR standard Singapore standards ISO 27031 ISO Guide 73 ISOPAS22399
More informationBusiness Continuity Policy
Business Continuity Policy To ensure the effective availability of essential products and services, BCQ has raised this Business Continuity Policy in support of a comprehensive program for business continuity,
More informationHead of Security and Business Continuity
Services Security and Business Continuity Ser-Sec-003 07/11/2017 Author Name Author Job Title Alan Cain Head of Security and Business Continuity Version No. 1.1 EIA Approval Date 28/06/2017 Committee Recommend
More informationBEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT
BEST PRACTICES IN CYBER SUPPLY CHAIN RISK MANAGEMENT Schweitzer Engineering Laboratories, Inc. Delivering Quality Products by Managing Supply Chain Risk INTERVIEWS Senior Management from Quality; Manufacturing;
More informationTHE COMPLETE GUIDE TO ISO14001
THE COMPLETE GUIDE TO ISO14001 1. Introduction... 3 Plan Do Check Act... 5 2. Requirements... 7 Environmental Policy... 7 Environmental Aspects... 7 Legal and Other Requirements... 8 Objectives & Targets...
More informationBusiness Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science
Business Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science By Glen Denny, Baron Services, Inc. There is an increasing interest
More informationINTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT
INTELLECTUAL PROPERTY MANAGEMENT ENTERPRISE ESCROW BEST PRACTICES REPORT What is Mission Critical to You? Before you acquire mission-critical technology from a third-party software vendor, take a few minutes
More informationUS Business Continuity Safeguarding Your Business from a Disaster
US Business Continuity Safeguarding Your Business from a Disaster Juanita Hardin BMO Harris Bank Head TPS Risk and Compliance William Simmons BMO Harris Bank Vice President Business Continuity Management
More informationAVOIDING THE BLAME GAME. DRIVING COLLABORATION THROUGH EFFECTIVE SERVICE INTEGRATION AND MANAGEMENT
AVOIDING THE BLAME GAME. DRIVING COLLABORATION THROUGH EFFECTIVE SERVICE INTEGRATION AND MANAGEMENT Government and commercial organisations are striving to deliver increasingly flexible and agile ICT whilst
More informationManaging reputation risk. Laura Toni, Deloitte Romania November 28, 2014
Managing reputation risk Laura Toni, Deloitte Romania November 28, 2014 Executive summary What is your company s reputation worth? According to a study by the World Economic Forum performed in 2012, on
More informationBusiness Risk Management & Our Resilience
1 Business Risk Management & Our Resilience What is Risk Management? 2 is a holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building
More informationApril 2017 Latest update. ISO/DIS Understanding the new international standard for occupational health & safety
April 2017 Latest update ISO/DIS 45001.2 Understanding the new international standard for occupational health & safety ISO/DIS 45001.2 - Understanding the new international standard for occupational health
More informationVendor Support Agreements: A Competitive Weapon for Optimizing Organizational Assets
998-2095-07-02-15AR0 Vendor Support Agreements: A Competitive Weapon for Optimizing Organizational Assets by Brian Courchesne Executive summary For manufacturers, sustaining operations performance levels
More informationRisk Management Strategy. Version: V3.0
Risk Management Strategy Version: V3.0 Date: October 2016 Classification: DCC Public Document Control (Document Control Heading) Revision History (Document Control Subtitle) Revision Date Summary of Changes
More informationRisk Management Strategy
Risk Management Strategy 2017-2019 Created by: Role Name Title Author / Editor Kevin McMahon Head of Risk Management & Resilience Lead Executive Margo McGurk Director of Finance & Performance Approved
More informationISO22313: Your Ultimate Guide for Establishing a Business Continuity Management System
ISO22313: Your Ultimate Guide for Establishing a Business Continuity Management System By Mr Peck Eing Seng Senior Consultant, Business Continuity Planning Asia Pte. Ltd. Peck Eing Seng Senior Consultant
More informationBuilding a Standard for Business Continuity Planning
Building a Standard for Business Continuity Planning John Lugo Sr. Business Continuity Analyst April 17, 2012 1 April 16 18, 2012 Talking Stick Resort Scottsdale, Arizona Business Continuity @ Citrix Statistics
More informationTAMING COMPLEXITY ON MAJOR RAIL PROJECTS WITH A COLLABORATIVE SYSTEMS ENGINEERING APPROACH
TAMING COMPLEXITY ON MAJOR RAIL PROJECTS WITH A COLLABORATIVE SYSTEMS ENGINEERING APPROACH Chris Rolison CEO, Comply Serve Limited The Collaborative Systems Engineering Approach Collaboration A system
More informationCFO #CFOPERFORMANCE. Understanding and Managing Risk In Professional Service Firms
#CFOPERFORMANCE Understanding and Managing Risk In Professional Service Firms Your firm didn t get where it is now by ignoring risks. Today, as professional service firms look for opportunities to expand
More informationHow can you improve your ability to identify, respond and adapt to significant operational interruptions?
How can you improve your ability to identify, respond and adapt to significant operational interruptions? Agenda I Introductions and objectives II Why is resilience important III Typical issues be aware
More informationArgomi User Guide to MAS Outsourcing Regulations in Singapore
Argomi User Guide to MAS Outsourcing Regulations in Singapore September 2017 Aarti Sreenivas & Ned Lowe Contents Page 1. Introduction 2. A Fresh Take on Compliance 3. Argomi & AWS 4. MAS Outsourcing Guidelines
More informationConsiderations when Choosing a Managed IT Services Provider. ebook
Considerations when Choosing a Managed IT Services Provider ebook Contents Considering Managed Services?...3 Consideration 1: Depth...4 Consideration 2: Proactive...5 Consideration 3: Knowledge & Processes...6
More informationSAS ANALYTICS AND OPEN SOURCE
GUIDEBOOK SAS ANALYTICS AND OPEN SOURCE April 2014 2014 Nucleus Research, Inc. Reproduction in whole or in part without written permission is prohibited. THE BOTTOM LINE Many organizations balance open
More informationCASIO SUSTAINABILITY REPORT
Casio s effort to achieve total compliance management is based on the Casio Group Code of Conduct, a risk management system and whistleblower hotlines. Casio Group Code of Conduct Casio established the
More informationMake the most of the cloud with Microsoft System Center and Azure
December 2015 Make the most of the cloud with Microsoft System Center and Azure Writer: Daniel Örneling Amsterdam - Dallas - Ottawa Table of Content 1.1 The Dilemma: too many customers 3 1.2 Is the cloud
More informationEffective competence assurance management is as easy as itb. competence assurance
Effective competence assurance management is as easy as itb. competence assurance We want all our clients to realise the full potential of their workforce by delivering professional and fit for purpose
More informationISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability
ISO Standards in Strengthening Organizational Resilience and Mitigating Risk while Addressing Quality and Sustainability January 20, 2017 Copyright 2012 BSI. All rights reserved. Who is BSI? By Royal Charter:
More informationIATF transition. Only 1 year to go for over 69,000 ISO/TS16949 certified organizations to transition to ISO9001: 2015 and IATF 16949: 2016.
ISO/TS16949:2009 IATF 16949:2016 Risk or Opportunity? Quality Partner Newsletter September 2017 For More Information Visit www.qualitypartner.co.uk Author: Paul Hardiman Welcome to the ninth edition of
More informationBusiness Continuity Planning: As A Business Owner, What Do I Need to Consider? David Sutton Manager, Environment, Safety and Health.
Business Continuity Planning: As A Business Owner, What Do I Need to Consider? David Sutton Manager, Environment, Safety and Health June 15, 2006 Qualifying Event Continuum Normal Business Operations Business
More informationDRAFT ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security management system implementation guidance
INTERNATIONAL STANDARD ISO/IEC 27003 First edition 2010-02-01 Information technology Security techniques Information security management system implementation guidance Technologies de l'information Techniques
More informationAsset Risk Management Journey Plan
Asset Risk Management Journey Plan STRATEGIC PLAN 2010-2013 Transpower New Zealand Limited April 2011 TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 1. PURPOSE... 4 2. OVERVIEW OF TRANSPOWER S RISK MANAGEMENT
More informationInstitute of Public Care. Outcome-focused Integrated Care: lessons from experience
Institute of Public Care Outcome-focused Integrated Care: lessons from experience January 2017 Outcome-focused Integrated Care: lessons from experience 1 Introduction The IPC Partnership Programme supports
More informationHow to to transition to ISO One year on. Rob Acker Business Continuity Lead Assessor LRQA Ltd
How to to transition to ISO 22301... One year on Rob Acker Business Continuity Lead Assessor LRQA Ltd Agenda Structure of ISO22301 Detailed review a walk through. Section 4 understanding Section 5 leadership
More informationServices and Support. System design. Hardware. Installation. Peace of mind. Digital Signage
A total solution from start to finish Services and Support System design. Hardware. Installation. Peace of mind. Whatever your digital signage requirement, we can provide a solution that meets your exact
More informationFujitsu Workplace Anywhere Delivering a service as mobile as your people need to be
Fujitsu Workplace Anywhere Delivering a service as mobile as your people need to be Welcome to the age of mobility A new digital landscape Mobile technology is dramatically changing our everyday lives.
More informationBuilding and Maintaining a Business Continuity Program
Building and Maintaining a Business Continuity Program Successful strategies for financial institutions for effective preparation and recovery 1 Building and Maintaining a Business Continuity Program Table
More informationDigital Industries Apprenticeship: Occupational Brief. Software Tester. March 2016
Digital Industries Apprenticeship: Occupational Brief Software Tester March 2016 1 Digital Industries Apprenticeships: Occupational Brief Level 4 Software Tester Apprenticeship Minimum Standards and Grading
More informationCorporate Risk Management Services. Pinkerton is a leading provider of risk management services and solutions for organizations around the globe.
Corporate Risk Management Pinkerton is a leading provider of risk management services and solutions for organizations around the globe. New threats arise every day. Is your business fully protected? Manage
More informationPOL:10:EP:003:03:NIBT PAGE 1 of 7
POL:10:EP:003:03:NIBT PAGE 1 of 7 Northern Ireland Blood Transfusion Service POLICY DOCUMENT Document Details Document Number: POL:10:EP:003:03:NIBT No. of Appendices: 2 Supersedes Number: POL:10:EP:003:02:NIBT
More informationBuyers Guide to ERP Business Management Software
Buyers Guide to ERP Business Management Software one 1. Introduction When you search for ERP or Enterprise Resource Planning on the web, the sheer amount of information that appears can be overwhelming
More informationENTERPRISE RISK SERVICES Managing Risk, Driving Results
ENTERPRISE RISK SERVICES Managing Risk, Driving Results Risk Management Solutions At MNP, our Enterprise Risk Services team assists organizations as they navigate through uncertainty by helping them effectively
More informationCharta Porta Service Offerings for MPS
Charta Porta Service Offerings for MPS November 2017 Paul Martin Consultant Charta Porta Ltd paul@chartaporta.com 07496 862279 Confidentiality Notice Charta Porta rights of intellectual property are applicable
More informationMIGRATING AND MANAGING MICROSOFT WORKLOADS ON AWS WITH DATAPIPE DATAPIPE.COM
MIGRATING AND MANAGING MICROSOFT WORKLOADS ON AWS WITH DATAPIPE DATAPIPE.COM INTRODUCTION About Microsoft on AWS Amazon Web Services helps you build, deploy, scale, and manage Microsoft applications quickly,
More informationUNIVERSITY OF ABERDEEN ADVISORY GROUP ON BUSINESS CONTINUITY & RESILIENCE BUSINESS CONTINUITY POLICY
UNIVERSITY OF ABERDEEN ADVISORY GROUP ON BUSINESS CONTINUITY & RESILIENCE BUSINESS CONTINUITY POLICY 1 INTRODUCTION 1.1 The University of Aberdeen has a responsibility to ensure the health and welfare
More informationQuality Management System Guidance. ISO 9001:2015 Clause-by-clause Interpretation
Quality Management System Guidance ISO 9001:2015 Clause-by-clause Interpretation Table of Contents 1 INTRODUCTION... 4 1.1 IMPLEMENTATION & DEVELOPMENT... 5 1.2 MANAGING THE CHANGE... 5 1.3 TOP MANAGEMENT
More informationWhen Recognition Matters WHITEPAPER OCTAVE RISK ASSESSMENT WITH OCTAVE.
When Recognition Matters WHITEPAPER OCTAVE RISK ASSESSMENT WITH OCTAVE www.pecb.com CONTENT 3 4 4 5 5 6 6 6 7 8 8 Introduction About OCTAVE History OCTAVE ALLEGRO RoadMap Steps How to use OCTAVE? Preparing
More informationArchitecture Planning Adding value to projects with Enterprise Architecture. Whitepaper. September By John Mayall
Adding value to projects with Enterprise Architecture Whitepaper September 2007 By John Mayall W O R L D C L A S S A R C H I T E C T U R E Architecture Planning Introduction We are often asked what an
More informationExtended Enterprise Risk Management
Extended Enterprise Risk Management Driving performance through the extended enterprise October 2015 A network within a network The Extended Enterprise is the concept that an organization does not operate
More informationYour Checklist Guide for Effortless Crane Hire
Your Checklist Guide for Effortless Crane Hire (Plus Frequently Asked Questions) There are 6 key Processes that can make your Crane Hire experience effortless if we work together to manage them efficiently:
More informationUsing assessment & benchmarking techniques as a strategic approach to drive Continual Service Improvement
Using assessment & benchmarking techniques as a strategic approach to drive Continual Service Improvement Ian MacDonald Function Leader, Group Technology Co-operative Group IT Session Outline What you
More informationProtecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets
Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning MIS5206 Week 9 Case study discussion Business Continuity Planning (BCP) and Disaster Recovery (DR) Planning Test
More informationBusiness Loans Network Limited ("ThinCats", the Firm ) Business Continuity Policy ( BCP ) v.2
Business Loans Network Limited ("ThinCats", the Firm ) Business Continuity Policy ( BCP ) v.2 July 2017 INTRODUCTION ThinCats is an online peer to peer lending platform enabling investors to lend directly
More informationBusiness Continuity Planning
Business Continuity lanning Good Stewards Methodology verview See What s Ahead What s Ahead Back he Case for Business Continuity lanning Business Continuity lan Composition Business Continuity Management
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationISO 9001 Quality Management Systems
ISO 9001 Quality Management Systems INFORMATION GUIDE ISO 9001 Background ISO 9001:2015 is the world s foremost quality management standard, used by hundreds of thousands of organisations in over 170 countries
More informationPERSPECTIVE. Crisis Management In The Times Of Global Manufacturing Supply Chains
PERSPECTIVE Crisis Management In The Times Of Global Manufacturing Supply Chains This view point is motivated by the constant challenges that the global supply chains face due to natural disasters and
More informationWILTSHIRE POLICE FORCE POLICY
Template v4 WILTSHIRE POLICE FORCE POLICY BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS) Effective from: July 2013 Last Review Date: January 2017 Version: 3.0 Next Review Date: January 2019 POLICY STATEMENT
More informationISO Revisions. ISO 9001 Whitepaper. The importance of risk in quality management. Approaching change
ISO Revisions ISO 9001 Whitepaper The importance of risk in quality management Approaching change Background and overview to the ISO 9001:2015 revision As an International Standard, ISO 9001 is subject
More informationSTAFFING IS YOUR STAFFING FIRM RIPE FOR GROWTH?
STAFFING IS YOUR STAFFING FIRM RIPE FOR GROWTH? 11 Ways to Be Ready to Reach Your Growth Goals SALES TOOL SERIES STAFFING 11 Ways to Be Ready to Reach Your Growth Goals KEY TAKEAWAYS: Define a disciplined
More informationInside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali
MANAGING OPERATIONAL RISK IN THE 21 ST CENTURY White Paper Series Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali 2 In today s competitive and
More informationDuty of Care. Good corporate social responsibility means implementing effective workplace health and safety measures.
Duty of Care Denny Marlin Good corporate social responsibility means implementing effective workplace health and safety measures. Additionally, occupational health and safety laws tend to impose a general
More informationThe Latest on ISO 31000: Advancing the Mission
The Latest on ISO 31000: Advancing the Mission Carol Fox, ARM Vice President Strategic Initiatives, RIMS Chair, U.S. TAG to ANSI for ISO TC262-Risk Management 1 My Mission Today is for you to Gain a greater
More informationMelanie Quinlan, Business Continuity & Compliance Manager, Resources & Quality Assurance
Executive Board meeting, 26 June 2017 Agenda item: 8 Report title: Report by: Action: Business Continuity Working Group update Melanie Quinlan, Business Continuity & Compliance Manager, Resources & Quality
More informationRISK MANAGEMENT POLICY
RISK MANAGEMENT POLICY Clinical Governance & Risk Management Department Warning Document uncontrolled when printed Policy Reference: RM 2.0 Date of Issue: TBC Prepared by: Risk Management Short Life Date
More informationBS Code of practice for delivering effective governance
BS 13500 Code of practice for delivering effective governance Introductory Guide by Tomorrow s Company Tomorrow s Company are a London based global think tank delivering value for business leaders and
More information