ISO22313: Your Ultimate Guide for Establishing a Business Continuity Management System By Mr Peck Eing Seng Senior Consultant, Business Continuity Planning Asia Pte. Ltd.
Peck Eing Seng Senior Consultant Business Continuity Planning Asia Pte. Ltd. Certified BCM professional by the Business Continuity Institute (BCI) with 7 years experience in Business Continuity. More than 6 years experience in project management, ranging from a production environment to a service provider environment, handling projects that involved both internal and external users. Project lead for BCP Asia s IT-DRP program that covers design, implement and activation of the recovery plan. The plan is then embedded to part of BCP Asia s BC management that eventually achieves ISO 22301 certification.
BCM Standards and Guidelines United Kingdom British Standards Institution (BSI): BS25999 Business Continuity Management The Business Continuity Institute (BCI): Business Continuity Management Good Practice Guidelines, 2010 Singapore SPRING Singapore: Singapore Standard for Business Continuity Management, SS 540 : 2008 Monetary Authority of Singapore (MAS): Business Continuity Management Guidelines, June 2003 (last updated in Jan 2006)
BCM Standards and Guidelines other Countries Australia and New Zealand Standards Australia, Standards New Zealand: AS/NZS 5050:2010 Business Continuity - Managing disruption- related risk Indonesia: Bank Indonesia: Peraturan Bank Indonesia no.9/pbi/15/2007 Thailand: Bank of Thailand: Guideline on Business Continuity Management (BCM) and Preparation of Business Continuity (BCP) of Financial Institution Malaysia: Standards Malaysia: Malaysian Standard MS 1970 Business Continuity Management-Framework Bank Negara Malaysia: Guidelines on Business Continuity Management (BCM) for Banking Institutions United States ASIS International and BSI: ASIS/BSI BCM.01-2010 BCMS: Requirements with Guidance to Use (approved by ANSI as American National Standard on 2 November 2010) India: Reserve Bank of India: guidelines to all scheduled banks in India, August 2006 Japan: Ministry of Economy, Trade and Industry: BCP Guidelines, 31 st March 2005 China: 国务院信息化工作办公室 : China IT DR Guidelines, April 2005 Hong Kong Monetary Authority (HKMA): A Guidance Note on Business Continuity Planning, 2 nd December 2002
ISO 22301 : 2012 General Information Societal security Business continuity management systems Requirements Published by ISO Published on 15 May 2012 Accepted worldwide Organisations can attain certification
ISO 22301 : 2012 General Information ISO 22301 is generic in its application and suitable for organisations of any size from any sector of the economy sectors
ISO 22301 : 2012 General Information Business continuity standardization evolves with ISO 22301 by adding: Greater emphasis on setting the objectives, monitoring performance and metrics; Clearer expectations on management; More careful planning for and preparing the resources needed for ensuring business continuity.
What is ISO 22313?
ISO 22313 : 2012 General Information Clarify the intent of the requirements and providing explanations and examples. Direct correlation between the clauses in the requirements and guidance. Provides additional information
ISO 22301 vs ISO 22313 Comparison ISO 22301 ISO 22313 is the International Standard on Societal Security - Business Continuity Management Systems, is the guidance document to support ISO 22301, published in 15 May 2012. published in 12 December 2012. It is the specification document against which organisations will seek certification. with very few Diagrams and no explanations on examples or references to best practices. It shows examples and proposals on the methods to comply with the ISO 22301. essentially lists the auditable necessities, tells you the how-to.
What are the benefits of using ISO 22313?
ISO 22313 : 2012 Contents The standard is divided into 10 main sections, starting with Clause 1 - Scope, Clause 2 - Normative references, Clause 3 - Terms and definitions. Following these are the standard s requirements
ISO 22313 : 2012 PDCA and the ISO22301 and ISO22313 Clauses Establish (Plan) Clause 4, 5, 6, 7 Maintain & Improve (Act) Clause 10 Implement & Operate (Do) Clause 8 Monitor & Review (Check) Clause 9
ISO 22313 : 2012 Clause 4- Context of the Organisation Know the organization, both Internal and External needs. Consider the needs and requirements of Interested parties. Operate within the framework of the Legal and Regulatory requirements. Determine the Scope of the BCMS
ISO 22313 : 2012 Clause 5- Leadership Emphasis on the need for appropriate BCM Leadership and Management commitment. Management defines the Business Continuity policy. Ensure the Assignment and Communication of Responsibilities and Authorities.
ISO 22313 : 2012 Clause 6- Planning Requires the organization to Identify risks to implementation of the management system. Set Business Continuity Objectives.
ISO 22313 : 2012 Clause 7- Support Resources required for implementation BCMS. Introduces the important concept: Competence Awareness Communicating Documentation information
ISO 22313 : 2012 Clause 8- Operations This section contains the main body of business continuity specific expertise. 1. Operational Planning and Control 2. Business Impact analysis and Risk assessment 3. Business Continuity Strategy 4. Establish and implement Business Continuity Procedures 5. Exercise and Testing
ISO 22313 : 2012 Clause 9- Performance Evaluation Evaluate Performance against the plan. Monitoring, Measurement, Analysis and Evaluation Internal audit and Management review
ISO 22313 : 2012 Clause 10- Improvement Nonconformity and Corrective action Continual improvement
Summary ISO 22301 Certified
Summary ISO 22313 follows the latest best practice for business continuity. Chapters in both ISO 22301 and ISO 22313 are the same. Facing issues understanding ISO 22301 and need additional background and more detailed explanation, refers to ISO 22313.
Contact Us BUSINESS CONTINUITY PLANNING ASIA PTE LTD The leading provider of training and consultancy in Business Continuity, Crisis Management, Disaster Recovery & Enterprise Risk Management 1 Commonwealth Lane #08-27 One Commonwealth Singapore 149544 Call (65) 63252080 Email conference@bcpasia.com Visit www.bcpasia.com