SlideShare a Scribd company logo

Building a strong BC programme with ISO 22301

PECB
PECB

Winifred Dela Setor Smith is a senior risk manager with over 15 years of experience in information technology, business continuity, and enterprise risk management. She holds certifications in ISO 22301, ITIL, risk analysis, and is a PECB certified trainer. The webinar agenda focuses on initiating a BCM program according to ISO 22301, identifying critical success factors, and ensuring sustainability and continuous improvement. Topics include the PDCA cycle, risk assessments, business impact analysis, testing programs, and management reviews.

Education
1 of 17
1
Winifred Dela Setor Smith Senior Risk Manager Winifred Dela Setor Smith is a Business Risk and Governance Professional with over 15 years experience in Information technology, Business Continuity and Enterprise Risk Management in Telecoms sector. She is certified in various fields including ISO 22301 as a Lead Implementer, Risk Analysis, ITILV@3 and a PECB certified Trainer. Winifred has completed the Leadership training in Telecoms Mini MBA with Neotelis (Canada) and also has a BSc. Degree in Computer science from the Kwame Nkrumah Science and Technology- Ghana West Africa. Contact Information 00233244325995 delasetorsmith@gmail.com lihttps://gh.linkedin.com/in/winifred-dela-setor-smith-mrs-02649
Webinar-Agenda 1. Initiating a BCM programme with ISO 22301 standard and other key standards or Guidelines to build a strong BCM Programme 2. Identifying/ Building your Critical Success factors 3. Focus on how to ensure sustainability and continuous improvement of a BCM programme. 3
THE CASE FOR BUSINESS CONTINUITY MANAGEMENT - Most Executives say – “It won’t happen to US”, “We will cope – we always do”, “We are too big to fail” and anyway “We have operated in volatile markets for a while now and nothing has happened” are frequent responses by businesses when questioned about their lack of preparedness. Others believe their insurance company will pay for everything. Most think they haven’t got the time to prepare for something that will never happen. The record of businesses that have failed following an incident/a disruption/disaster suggests that these responses are based on false assumptions and perhaps the lack of understanding or the BCM requirements in relation to interested parties. Generally, organization's that are affected by catastrophes fall into two distinct groups – “one that recovered adequately” and “the ones that failed to recover”. As business professionals , we should be able to build a strong case to Top Management & leadership to buy in to Business Continuity Management. Unfortunately the global landscape Is moving to fast!! Who would have thought that a cyber threat will be evolving so fast. Natural Disaster trends are changing and are becoming a major concern for Organizations. Manmade disasters are impacting institutions across the Globe. We can go on and on. Where an organization has successfully dealt with a crisis such as these, their share value generally increases in the long-term in contrast to those who were perceived not to have managed the crisis well whose share price decline considerably. A key feature of successful BCM programmes is how the ownership of the various responsibilities is taken up by Top Management and the appropriate levels in the organizations. So as professionals lets build that case for Management!!!!! 4
Initiating a BCM programme with ISO 22301 standard and other key standards or Guidelines to build a strong BCM Programme Agenda – Part1 5
Business Continuity Management Systems (BCMS) vrs Business Continuity Programme (BC Programme) BCMS Critical focus areas a) a policy; b) people with defined responsibilities; c) management processes (Policy, planning, implementation, operation, Performance assessments, Management Review & Improvement) d) documentation providing auditable evidence; and e) any business continuity management processes relevant to the organization.  ISO 22301:2012 clauses 3 - 3.6: BCMS is part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuit  ISO 22301:2012 clauses 3 - 3.7: BC Programme is an ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management 6
PDCA All ISO management systems, including the BCMS, use the Plan-Do-Check-Act (PDCA) cycle. 7
PDCA - Plan A. Initiating the BCMS B. Understand your organization C. Analysis of the Existing Management System D. Scope of the BCMS E. Leadership & approval of BCMS Project F. Business Continuity Policy G. Organizational Structure H. Document Management I. Competence and Awareness 8
PDCA - Do A. Business Impact Analysis B. Risk Assessments C. Business Continuity Strategy D. Protection & Mitigation Measure Note: these must align with the internal Risk policy & framework signed off by Top Management E. BC Plans and Procedures F. Communication Plan G. Exercising and Testing 9
PDCA Check A. Monitoring, measurement, analysis and evaluation B. Internal Audit C. Management review Act A. Nonconformities & corrective actions B. Continual Improvement 10
Looking at the Good Practice Guideline 2013 [Global Edition] - A guide to Global Good Practice in Business Continuity A. Management areas  Policy & Programme Management - [ISO 22301 clauses 5.3]  Embedding Business Continuity – [ISO 22301 clause 7.3] B. Technical areas  Analysis – BIAs (RTO, RPO, MBCO & MTPD) Risk Analysis & Threat Analysis – [ISO 22301 Clause 4.1 & 8.2.3] & [ISO 31000] & [ISO 27001]  Design – Identifying appropriate strategies/ tactics you organizations BCM strategy –[ISO 22301 clause 6.1 & 8.3]  Implementation – Execution of BCPs, DRPs (including Contingency plans, Key contacts etc.) – [ISO 22301 Clauses 8.4.1]  Validation – Testing/Exercise, Performance Evaluations, Audits, Maturity Assessments etc. [ISO 22301 8.5, 9, 9.3] BCMLifecycle 11
Building critical success factors for Top Management, the Core teams and the Organization as a whole Agenda – Part2 12
A. Critical Success Factors 1. Clear Project Plan – Project Charter 2. Top Management Support – Policy signoff 3. Appropriate Resourcing and Project Office Coordination or Steer committee 4. Reporting and Escalation Process to top Management 5. Key performance Indicators and Recognition of Achievement of Milestones 6. Comprehensive Communication Plan on Key Milestones and deliverable 7. A comprehensive regulatory compliance checklist 8. Organizational involvement 13
Focus on how to ensure sustainability and continuous improvement of a BCM programme Agenda – Part 3 14
Sustainability & Continuous Improvement  Maintain a yearly Executive Briefing for Top Management and Leadership  BCM resource Succession planning is key  Ongoing Competence and skills upgrades  Maintain a good Record of all documentation  Involvement of interested parties in the programme  Management Review meetings planned at agreed intervals is very key  ISO 22301 certification for the Organization 15
ISO 22301 Training Courses  ISO 22301 Introduction 1 Day Course  ISO 22301 Foundation 2 Days Course  ISO 22301 Lead Implementer 5 Days Course  ISO 22301 Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://pecb.com/iso-22301-training-courses| www.pecb.com/events
THANK YOU ? 00233244325995 delasetorsmith@gmail.com lihttps://gh.linkedin.com/in/winifred-dela-setor-smith-mrs-0264

Recommended

NQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity ChecklistNQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity Checklist
NQA
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
Ramiro Cid
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
MissionMode
 
ISO 55000 Overview
ISO 55000 OverviewISO 55000 Overview
ISO 55000 Overview
Life Cycle Engineering
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...
Mart Rovers
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
Global Risk Forum GRFDavos
 
ISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management SystemISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management System
The Business Council of Mongolia
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Global Risk Forum GRFDavos
 

Recommended

NQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity ChecklistNQA ISO 22301 Business Continuity Checklist
NQA ISO 22301 Business Continuity Checklist
NQA
 
ISO 22301 Business Continuity Management
ISO 22301 Business Continuity ManagementISO 22301 Business Continuity Management
ISO 22301 Business Continuity Management
Ramiro Cid
 
ISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best PracticeISO 22301: The New Standard for Business Continuity Best Practice
ISO 22301: The New Standard for Business Continuity Best Practice
MissionMode
 
ISO 55000 Overview
ISO 55000 OverviewISO 55000 Overview
ISO 55000 Overview
Life Cycle Engineering
 
Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour... Business continuity management per ISO 22301 - a certification training cour...
Business continuity management per ISO 22301 - a certification training cour...
Mart Rovers
 
Implementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in TelecomsImplementing a Business Continuity Management System in Telecoms
Implementing a Business Continuity Management System in Telecoms
Global Risk Forum GRFDavos
 
ISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management SystemISO 37001 Anti-Bribery Management System
ISO 37001 Anti-Bribery Management System
The Business Council of Mongolia
 
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Societal Security – the new standard ISO 22301 for Business Continuity Manage...
Global Risk Forum GRFDavos
 
Iso 22301
Iso 22301Iso 22301
Iso 22301
Craig Willetts ISO Expert
 
Iso 37000
Iso 37000Iso 37000
Iso 37000
Mayada EL Moaaz
 
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley SystemsSmrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
SandraDiMatteo
 
GIACC Italy - ISO 37001
GIACC Italy - ISO 37001GIACC Italy - ISO 37001
GIACC Italy - ISO 37001
Ciro Strazzeri
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
Danang suryo Wardhono
 
ISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management PolicyISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management Policy
Life Cycle Engineering
 
Managing Risk, Cost, Performance and Governance of all Assets
Managing Risk, Cost, Performance and Governance of all AssetsManaging Risk, Cost, Performance and Governance of all Assets
Managing Risk, Cost, Performance and Governance of all Assets
APEX Global
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
IT Governance Ltd
 
ISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System WorkshopISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System Workshop
Life Cycle Engineering
 
How to select the best business continuity strategy and solution?
How to select the best business continuity strategy and solution?How to select the best business continuity strategy and solution?
How to select the best business continuity strategy and solution?
PECB
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
barbytee
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB
 
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
italpktn
 
NQA ISO 45001 Implementation Guide
NQA ISO 45001 Implementation GuideNQA ISO 45001 Implementation Guide
NQA ISO 45001 Implementation Guide
NQA
 
ISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
ISO 37001 Implementation - The Key to Protecting Your Company’s ReputationISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
ISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
PECB
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation Steps
Integration Technologies Group Inc
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Introduction to ISO 55000 Training
Introduction to ISO 55000 Training Introduction to ISO 55000 Training
Introduction to ISO 55000 Training
Richard Uytdewilligen
 
How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?
PECB
 
Asignando roles, responsabilidad y autoridad en la seguridad de la información
Asignando roles, responsabilidad y autoridad en la seguridad de la informaciónAsignando roles, responsabilidad y autoridad en la seguridad de la información
Asignando roles, responsabilidad y autoridad en la seguridad de la información
PECB
 

More Related Content

What's hot

Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley SystemsSmrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
SandraDiMatteo
 
GIACC Italy - ISO 37001
GIACC Italy - ISO 37001GIACC Italy - ISO 37001
GIACC Italy - ISO 37001
Ciro Strazzeri
 
How to select the best business continuity strategy and solution?
How to select the best business continuity strategy and solution?How to select the best business continuity strategy and solution?
How to select the best business continuity strategy and solution?
PECB
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
barbytee
 
NQA ISO 45001 Implementation Guide
NQA ISO 45001 Implementation GuideNQA ISO 45001 Implementation Guide
NQA ISO 45001 Implementation Guide
NQA
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 

What's hot (20)

Iso 22301
Iso 22301Iso 22301
Iso 22301
 
Iso 37000
Iso 37000Iso 37000
Iso 37000
 
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley SystemsSmrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
Smrp ontario chapter mtg ISO 55000 overview by David Armstrong, Bentley Systems
 
GIACC Italy - ISO 37001
GIACC Italy - ISO 37001GIACC Italy - ISO 37001
GIACC Italy - ISO 37001
 
Awareness iso 22301 danang suryo
Awareness iso 22301 danang suryoAwareness iso 22301 danang suryo
Awareness iso 22301 danang suryo
 
ISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management PolicyISO 55000 for Leaders: Developing an Asset Management Policy
ISO 55000 for Leaders: Developing an Asset Management Policy
 
Managing Risk, Cost, Performance and Governance of all Assets
Managing Risk, Cost, Performance and Governance of all AssetsManaging Risk, Cost, Performance and Governance of all Assets
Managing Risk, Cost, Performance and Governance of all Assets
 
Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301Business Continuity Management & ISO 22301
Business Continuity Management & ISO 22301
 
ISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System WorkshopISO 55000: Asset Management System Workshop
ISO 55000: Asset Management System Workshop
 
How to select the best business continuity strategy and solution?
How to select the best business continuity strategy and solution?How to select the best business continuity strategy and solution?
How to select the best business continuity strategy and solution?
 
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
PECB Webinar: Rethinking Business Continuity: Applying ISO 22301 to improve r...
 
BCMS Presentation1
BCMS Presentation1BCMS Presentation1
BCMS Presentation1
 
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk MethodologyPECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
PECB Webinar: Aligning ISO 31000 and Management of Risk Methodology
 
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
Anti bribery management system iso 37001 fauziah sulaiman lpktn 20022020 (1)
 
NQA ISO 45001 Implementation Guide
NQA ISO 45001 Implementation GuideNQA ISO 45001 Implementation Guide
NQA ISO 45001 Implementation Guide
 
ISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
ISO 37001 Implementation - The Key to Protecting Your Company’s ReputationISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
ISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
 
New ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation StepsNew ISO 20000-1:2018 Changes, Implementation Steps
New ISO 20000-1:2018 Changes, Implementation Steps
 
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain timesPECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
PECB Webinar: ISO 31000 - The Benchmark for Risk Management in uncertain times
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Introduction to ISO 55000 Training
Introduction to ISO 55000 Training Introduction to ISO 55000 Training
Introduction to ISO 55000 Training
 

Viewers also liked

How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?
PECB
 
Asignando roles, responsabilidad y autoridad en la seguridad de la información
Asignando roles, responsabilidad y autoridad en la seguridad de la informaciónAsignando roles, responsabilidad y autoridad en la seguridad de la información
Asignando roles, responsabilidad y autoridad en la seguridad de la información
PECB
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
PECB
 
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...
PECB
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?
PECB
 
Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?
PECB
 
How to better understand the context and the scope of the BCMS?
How to better understand the context and the scope of the BCMS?How to better understand the context and the scope of the BCMS?
How to better understand the context and the scope of the BCMS?
PECB
 
An Insight to Survey Findings on ISO 45001
An Insight to Survey Findings on ISO 45001An Insight to Survey Findings on ISO 45001
An Insight to Survey Findings on ISO 45001
PECB
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
PECB
 
Management par la qualité selon l’ISO 9001 au service de la maîtrise des risques
Management par la qualité selon l’ISO 9001 au service de la maîtrise des risquesManagement par la qualité selon l’ISO 9001 au service de la maîtrise des risques
Management par la qualité selon l’ISO 9001 au service de la maîtrise des risques
PECB
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
PECB
 
ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!
PECB
 
How to establish strategic approach to ISO 9001:2015
How to establish strategic approach to ISO 9001:2015How to establish strategic approach to ISO 9001:2015
How to establish strategic approach to ISO 9001:2015
PECB
 

Viewers also liked (17)

How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?
 
Asignando roles, responsabilidad y autoridad en la seguridad de la información
Asignando roles, responsabilidad y autoridad en la seguridad de la informaciónAsignando roles, responsabilidad y autoridad en la seguridad de la información
Asignando roles, responsabilidad y autoridad en la seguridad de la información
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
 
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...
Estimation of Measurement Uncertainty in Labs: a requirement for ISO 17025 Ac...
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?
 
Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?
 
How to better understand the context and the scope of the BCMS?
How to better understand the context and the scope of the BCMS?How to better understand the context and the scope of the BCMS?
How to better understand the context and the scope of the BCMS?
 
An Insight to Survey Findings on ISO 45001
An Insight to Survey Findings on ISO 45001An Insight to Survey Findings on ISO 45001
An Insight to Survey Findings on ISO 45001
 
Using ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and GovernanceUsing ISO 31000 as a strategic tool for National Planning and Governance
Using ISO 31000 as a strategic tool for National Planning and Governance
 
Management par la qualité selon l’ISO 9001 au service de la maîtrise des risques
Management par la qualité selon l’ISO 9001 au service de la maîtrise des risquesManagement par la qualité selon l’ISO 9001 au service de la maîtrise des risques
Management par la qualité selon l’ISO 9001 au service de la maîtrise des risques
 
Business Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS ImplementationBusiness Impact Analysis - The Most Important Step during BCMS Implementation
Business Impact Analysis - The Most Important Step during BCMS Implementation
 
Lecciones aprendidas en la implementación de un sistema de gestión de riesgos...
Lecciones aprendidas en la implementación de un sistema de gestión de riesgos...Lecciones aprendidas en la implementación de un sistema de gestión de riesgos...
Lecciones aprendidas en la implementación de un sistema de gestión de riesgos...
 
ISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 TopologyISO.IEC_27001-27002-2013 Topology
ISO.IEC_27001-27002-2013 Topology
 
ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!ISO/IEC 27034 Application Security – How to trust, without paying too much!
ISO/IEC 27034 Application Security – How to trust, without paying too much!
 
How to establish strategic approach to ISO 9001:2015
How to establish strategic approach to ISO 9001:2015How to establish strategic approach to ISO 9001:2015
How to establish strategic approach to ISO 9001:2015
 
Acting consulting transition vers la nouvelle norme iso 9001 version15
Acting consulting transition vers la nouvelle norme iso 9001 version15Acting consulting transition vers la nouvelle norme iso 9001 version15
Acting consulting transition vers la nouvelle norme iso 9001 version15
 

Similar to Building a strong BC programme with ISO 22301

Creating an Effective Business Continuity Plan
Creating an Effective Business Continuity PlanCreating an Effective Business Continuity Plan
Creating an Effective Business Continuity Plan
PECB
 
Corporate Portfolio Management E&Y POV
Corporate Portfolio Management E&Y POVCorporate Portfolio Management E&Y POV
Corporate Portfolio Management E&Y POV
Niresh Rajah
 
336 Yes Getting Everyone To Agree Final Updated Aug 27
336 Yes Getting Everyone To Agree Final Updated Aug 27336 Yes Getting Everyone To Agree Final Updated Aug 27
336 Yes Getting Everyone To Agree Final Updated Aug 27
Espo2460
 
Auditing your grc programs
Auditing your grc programsAuditing your grc programs
Auditing your grc programs
complianceonline123
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
Greg Cybulski, CBCP, ARM
 

Similar to Building a strong BC programme with ISO 22301 (20)

Risk Intelligence
Risk IntelligenceRisk Intelligence
Risk Intelligence
 
Chris Gould - BCM case
Chris Gould - BCM caseChris Gould - BCM case
Chris Gould - BCM case
 
Creating an Effective Business Continuity Plan
Creating an Effective Business Continuity PlanCreating an Effective Business Continuity Plan
Creating an Effective Business Continuity Plan
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
 
Developing an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk CapabilityDeveloping an Effective Enterprise Risk Capability
Developing an Effective Enterprise Risk Capability
 
Iso 22301 2012 bcm
Iso 22301 2012 bcmIso 22301 2012 bcm
Iso 22301 2012 bcm
 
Business Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An OverviewBusiness Continuity Management System ISO 22301:2012 An Overview
Business Continuity Management System ISO 22301:2012 An Overview
 
110430 bcm presentation v0.1 mj
110430 bcm presentation v0.1 mj110430 bcm presentation v0.1 mj
110430 bcm presentation v0.1 mj
 
Mistakes to avoid while Implementing ISO 22301 certification.pdf
Mistakes to avoid while Implementing ISO 22301 certification.pdfMistakes to avoid while Implementing ISO 22301 certification.pdf
Mistakes to avoid while Implementing ISO 22301 certification.pdf
 
Corporate Portfolio Management E&Y POV
Corporate Portfolio Management E&Y POVCorporate Portfolio Management E&Y POV
Corporate Portfolio Management E&Y POV
 
Business Continuity Management
Business Continuity ManagementBusiness Continuity Management
Business Continuity Management
 
ISO 22301 leadership buy in presentation
ISO 22301 leadership buy in presentationISO 22301 leadership buy in presentation
ISO 22301 leadership buy in presentation
 
Business Continuity Audit
Business Continuity AuditBusiness Continuity Audit
Business Continuity Audit
 
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future... Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
Expanding PMO service- The ultimate Tetris challenge - Wellingtone | Future...
 
Flaws in M&A Workshop
Flaws in M&A WorkshopFlaws in M&A Workshop
Flaws in M&A Workshop
 
Sustain it Sample of Project References
Sustain it Sample of Project ReferencesSustain it Sample of Project References
Sustain it Sample of Project References
 
336 Yes Getting Everyone To Agree Final Updated Aug 27
336 Yes Getting Everyone To Agree Final Updated Aug 27336 Yes Getting Everyone To Agree Final Updated Aug 27
336 Yes Getting Everyone To Agree Final Updated Aug 27
 
Business Continuity
Business ContinuityBusiness Continuity
Business Continuity
 
Auditing your grc programs
Auditing your grc programsAuditing your grc programs
Auditing your grc programs
 
Business Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paperBusiness Continuity Management-The Case for Return on Investment-white paper
Business Continuity Management-The Case for Return on Investment-white paper
 

More from PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
PECB
 

More from PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 

Recently uploaded

Recently uploaded (20)

Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 

Building a strong BC programme with ISO 22301

  • 1. 1
  • 2. Winifred Dela Setor Smith Senior Risk Manager Winifred Dela Setor Smith is a Business Risk and Governance Professional with over 15 years experience in Information technology, Business Continuity and Enterprise Risk Management in Telecoms sector. She is certified in various fields including ISO 22301 as a Lead Implementer, Risk Analysis, ITILV@3 and a PECB certified Trainer. Winifred has completed the Leadership training in Telecoms Mini MBA with Neotelis (Canada) and also has a BSc. Degree in Computer science from the Kwame Nkrumah Science and Technology- Ghana West Africa. Contact Information 00233244325995 delasetorsmith@gmail.com lihttps://gh.linkedin.com/in/winifred-dela-setor-smith-mrs-02649
  • 3. Webinar-Agenda 1. Initiating a BCM programme with ISO 22301 standard and other key standards or Guidelines to build a strong BCM Programme 2. Identifying/ Building your Critical Success factors 3. Focus on how to ensure sustainability and continuous improvement of a BCM programme. 3
  • 4. THE CASE FOR BUSINESS CONTINUITY MANAGEMENT - Most Executives say – “It won’t happen to US”, “We will cope – we always do”, “We are too big to fail” and anyway “We have operated in volatile markets for a while now and nothing has happened” are frequent responses by businesses when questioned about their lack of preparedness. Others believe their insurance company will pay for everything. Most think they haven’t got the time to prepare for something that will never happen. The record of businesses that have failed following an incident/a disruption/disaster suggests that these responses are based on false assumptions and perhaps the lack of understanding or the BCM requirements in relation to interested parties. Generally, organization's that are affected by catastrophes fall into two distinct groups – “one that recovered adequately” and “the ones that failed to recover”. As business professionals , we should be able to build a strong case to Top Management & leadership to buy in to Business Continuity Management. Unfortunately the global landscape Is moving to fast!! Who would have thought that a cyber threat will be evolving so fast. Natural Disaster trends are changing and are becoming a major concern for Organizations. Manmade disasters are impacting institutions across the Globe. We can go on and on. Where an organization has successfully dealt with a crisis such as these, their share value generally increases in the long-term in contrast to those who were perceived not to have managed the crisis well whose share price decline considerably. A key feature of successful BCM programmes is how the ownership of the various responsibilities is taken up by Top Management and the appropriate levels in the organizations. So as professionals lets build that case for Management!!!!! 4
  • 5. Initiating a BCM programme with ISO 22301 standard and other key standards or Guidelines to build a strong BCM Programme Agenda – Part1 5
  • 6. Business Continuity Management Systems (BCMS) vrs Business Continuity Programme (BC Programme) BCMS Critical focus areas a) a policy; b) people with defined responsibilities; c) management processes (Policy, planning, implementation, operation, Performance assessments, Management Review & Improvement) d) documentation providing auditable evidence; and e) any business continuity management processes relevant to the organization.  ISO 22301:2012 clauses 3 - 3.6: BCMS is part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuit  ISO 22301:2012 clauses 3 - 3.7: BC Programme is an ongoing management and governance process supported by top management and appropriately resourced to implement and maintain business continuity management 6
  • 7. PDCA All ISO management systems, including the BCMS, use the Plan-Do-Check-Act (PDCA) cycle. 7
  • 8. PDCA - Plan A. Initiating the BCMS B. Understand your organization C. Analysis of the Existing Management System D. Scope of the BCMS E. Leadership & approval of BCMS Project F. Business Continuity Policy G. Organizational Structure H. Document Management I. Competence and Awareness 8
  • 9. PDCA - Do A. Business Impact Analysis B. Risk Assessments C. Business Continuity Strategy D. Protection & Mitigation Measure Note: these must align with the internal Risk policy & framework signed off by Top Management E. BC Plans and Procedures F. Communication Plan G. Exercising and Testing 9
  • 10. PDCA Check A. Monitoring, measurement, analysis and evaluation B. Internal Audit C. Management review Act A. Nonconformities & corrective actions B. Continual Improvement 10
  • 11. Looking at the Good Practice Guideline 2013 [Global Edition] - A guide to Global Good Practice in Business Continuity A. Management areas  Policy & Programme Management - [ISO 22301 clauses 5.3]  Embedding Business Continuity – [ISO 22301 clause 7.3] B. Technical areas  Analysis – BIAs (RTO, RPO, MBCO & MTPD) Risk Analysis & Threat Analysis – [ISO 22301 Clause 4.1 & 8.2.3] & [ISO 31000] & [ISO 27001]  Design – Identifying appropriate strategies/ tactics you organizations BCM strategy –[ISO 22301 clause 6.1 & 8.3]  Implementation – Execution of BCPs, DRPs (including Contingency plans, Key contacts etc.) – [ISO 22301 Clauses 8.4.1]  Validation – Testing/Exercise, Performance Evaluations, Audits, Maturity Assessments etc. [ISO 22301 8.5, 9, 9.3] BCMLifecycle 11
  • 12. Building critical success factors for Top Management, the Core teams and the Organization as a whole Agenda – Part2 12
  • 13. A. Critical Success Factors 1. Clear Project Plan – Project Charter 2. Top Management Support – Policy signoff 3. Appropriate Resourcing and Project Office Coordination or Steer committee 4. Reporting and Escalation Process to top Management 5. Key performance Indicators and Recognition of Achievement of Milestones 6. Comprehensive Communication Plan on Key Milestones and deliverable 7. A comprehensive regulatory compliance checklist 8. Organizational involvement 13
  • 14. Focus on how to ensure sustainability and continuous improvement of a BCM programme Agenda – Part 3 14
  • 15. Sustainability & Continuous Improvement  Maintain a yearly Executive Briefing for Top Management and Leadership  BCM resource Succession planning is key  Ongoing Competence and skills upgrades  Maintain a good Record of all documentation  Involvement of interested parties in the programme  Management Review meetings planned at agreed intervals is very key  ISO 22301 certification for the Organization 15
  • 16. ISO 22301 Training Courses  ISO 22301 Introduction 1 Day Course  ISO 22301 Foundation 2 Days Course  ISO 22301 Lead Implementer 5 Days Course  ISO 22301 Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://pecb.com/iso-22301-training-courses| www.pecb.com/events
  • 17. THANK YOU ? 00233244325995 delasetorsmith@gmail.com lihttps://gh.linkedin.com/in/winifred-dela-setor-smith-mrs-0264

Editor's Notes

  1. Notes: The topic of todays webinar is : building a strong business continuity programme with ISO 22301:2012.
  2. Notes: references to: The Good Practice Guideline 2013 ISO 31000, Risk Management — Principles and Guidelines ( we will focus on Mandate and Commitment, Design the Framework and Managing risks (Plan), Implement Risk Management (DO), continuous improvement of the Frameworks (AcT), and Monitor and Review of the Framework (Check)) ISO/IEC 27001, Information Security Management Systems
  3. Notes: Understanding some key words: Top management - is made up of senior-level executives of an organization, or those positions that hold the most responsibility. Governance - is the accountability of protecting the assets of a particular Organization. A BCMS emphasizes the importance of — understanding the organization’s needs and the necessity for establishing business continuity management policy and objectives, — implementing and operating controls and measures for managing an organization’s overall capability to manage disruptive incidents, — monitoring and reviewing the performance and effectiveness of the BCMS, and — continual improvement based on objective measurement. A BCMS, like any other management system, has the following key components: a) a policy; b) people with defined responsibilities; - from experience it realized that it is very important to KPIs are part ofthese roles. These gives clarity for resoruces c) management processes relating to 1) policy, 2) planning, 3) implementation and operation, 4) performance assessment, 5) management review, and 6) improvement; d) documentation providing auditable evidence; and e) any business continuity management processes relevant to the organization. Business continuity contributes to a more resilient society. The wider community and the impact of the organization’s environment on the organization and therefore other organizations may need to be involved in the recovery process.
  4. Notes:
  5. A. Initiating the BCMS: Define the approach for the implementation process – Interviews, questioners etc. Select your methodological frameworks - Align with best practices Analysis B. Understand your organization: Mission, objectives, values, strategies External environment (what are your regulatory and laws that speak to you business?) C. Analysis of the Existing Management System Information gathering Gap analysis (what is your current state against where you want to be) Organizational boundaries D. Scope of the BCMS Organizational boundaries Information system boundaries Physical boundaries E. Leadership & approval of BCMS Project Business case BCMS project team Resource requirements BCMS project plan Management approval F. Business Continuity Policy Policy drafting process Management approval Publication Training, communication and awareness Control, evaluation and review G. Organizational Structure Governance & organizational structure Business continuity coordinator Roles & responsibilities of the stakeholders Roles & responsibilities of key committees Business continuity team Decision & control process H. Document Management Creation of templates Define process for control of documentation Define process for control of records Implementation of a Document Management System Draft the BCMS documentation I. Competence and Awareness Defining training needs Design and planning Providing training Evaluation of outcome ISO Clauses 6 Planning 6.1 Actions to address risks and opportunities When planning for the BCMS, the organization shall consider the issues referred to in 4.1 and the requirements referred to in 4.2 and determine the risks and opportunities that need to be addressed to — ensure the management system can achieve its intended outcome(s), — prevent, or reduce, undesired effects, — achieve continual improvement. The organization shall plan a) actions to address these risks and opportunities, b) how to 1) integrate and implement the actions into its BCMS processes (see 8.1), 2) evaluate the effectiveness of these actions (see 9.1)
  6. Notes: A. Business Impact Analysis Critical processes and activities Keys resources & dependencies' Impact assessment RTO and RPO B. Risk Assessments Risk Identification, Risk Analysis Risk evaluation C. Business Continuity Strategy Strategy model Strategy analysis & selection Evaluation capabilities of suppliers Selection of BC strategy D. Protection & Mitigation Measure Preventive measures Detective measures Corrective measures E. BC Plans and Procedures Plan development process Plan Format & structure Draft the BC plan(s) Draft the BC procedures F. Communication Plan Establishing communication objectives Identifying interested parties Planning communication activities Performing a communication activity Evaluating communication G. Exercising and Testing Exercise & test plan Definition of the strategy Creation of scenarios Schedule of Exercises & tests Preparing and exercise\test activity Conducting an exercise\test activity Evaluation of an exercise\test activity BIAs – perhaps here you must have some templates that could help, as BIA stage is the most critical in your process as these not done properly will be a disaster on its own. Risk Assessments – this place you must have a clear Risk Management Policy and Framework. If you r organization does not have this. Its it the right time to build one with ISO 31000 – it’s a wonderful standard and actually you will be covering the essential thinks BCM Strategy – Perhaps there is some company guideline or Regulatory requirements that could inform your strategy. This has to be will considered at this point
  7. Check: A. Monitoring, measurement, analysis and evaluation Measurement objectives Objects of Monitoring and Measurement Creation of indicators Creation of dashboards B. Internal Audit Create the internal audit programme Designate a Responsible person Establish Independence, objectify and impartiality Plan audit activities Allocate and manage resources Create audit procedures Perform audit activities Non-conformity Follow-up C. Management review Prepare Management Review Perform Management Review Close Management Review Follow-up Management Review Act: A. Nonconformities & corrective actions Process to resolve problems and non-conformities Corrective action procedure Preventive action procedure Action plans Monitoring of change factors B. Continual Improvement Monitoring of change factors Maintenance and improvement Update of the documentation Document the improvements
  8. Notes: 4. Context of the organization 4.1 Understanding of the organization and its context The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its BCMS.  These issues shall be taken into account when establishing, implementing and maintaining the organization’s BCMS. The organization shall identify and document the following: a) the organization’s activities, functions, services, products, partnerships, supply chains, relationships with interested parties, and the potential impact related to a disruptive incident; b) links between the business continuity policy and the organization’s objectives and other policies, including its overall risk management strategy; and c) the organization’s risk appetite. In establishing the context, the organization shall 1) articulate its objectives, including those concerned with business continuity, 2) define the external and internal factors that create the uncertainty that gives rise to risk, 3) set risk criteria taking into account the risk appetite, and 4) define the purpose of the BCMS. ISO 31000: (we will focus on Mandate and Commitment, Design the Framework and Managing risks (Plan), Implement Risk Management (DO), continuous improvement of the Frameworks (AcT), and Monitor and Review of the Framework (Check)) The recovery time objective (RTO) is the period of time following an incident within which a product or an activity must be resumed, or resources must be recovered. (SOURCE: ISO 22301:2012) It must be less than the MTPD by an amount which takes organizational risk appetite into account. Logically the RTO is determined in the Design stage of the BCM Lifecycle as it is a decision (not a finding) but an initial estimate can be made during the BIA which can be confirmed in the later stage once all the information is available. The minimum business continuity objective (MBCO) is a minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption. 5.3 Policy Top management shall establish a business continuity policy that a) is appropriate to the purpose of the organization, b) provides a framework for setting business continuity objectives, c) includes a commitment to satisfy applicable requirements, d) includes a commitment to continual improvement of the BCMS. The BCMS policy shall — be available as documented information, — be communicated within the organization, — be available to interested parties, as appropriate, — be reviewed for continuing suitability at defined intervals and when significant changes occur The organization shall retain documented information on the business continuity policy. 6.2 Business continuity objectives and plans to achieve them Top management shall ensure that business continuity objectives are established and communicated for relevant functions and levels within the organization. The business continuity objectives shall a) be consistent with the business continuity policy, b) take account of the minimum level of products and services that is acceptable to the organization to achieve its objectives, c) be measurable, d) take into account applicable requirements, and e) be monitored and updated as appropriate. The organization shall retain documented information on the business continuity objectives. To achieve its business continuity objectives, the organization shall determine — who will be responsible, — what will be done, — what resources will be required, — when it will be completed, and — how the results will be evaluated. 7.3 Awareness Persons doing work under the organization’s control shall be aware of a) the business continuity policy, b) their contribution to the effectiveness of the BCMS, including the benefits of improved business continuity management performance, c) the implications of not conforming with the BCMS requirements, and d) their own role during disruptive incidents. 8.5 Exercising and testing The organization shall exercise and test its business continuity procedures to ensure that they are consistent with its business continuity objectives. The organization shall conduct exercises and tests that a) are consistent with the scope and objectives of the BCMS, b) are based on appropriate scenarios that are well planned with clearly defined aims and objectives, c) taken together over time validate the whole of its business continuity arrangements, involving relevant interested parties, d) minimize the risk of disruption of operations, e) produce formalized post-exercise reports that contain outcomes, recommendations and actions to implement improvements, f) are reviewed within the context of promoting continual improvement, and g) are conducted at planned intervals and when there are significant changes within the organization or to the environment in which it operates. Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General The organization shall determine a) what needs to be monitored and measured, b) the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results, c) when the monitoring and measuring shall be performed, and d) when the results from monitoring and measurement shall be analysed and evaluated. The organization shall retain appropriate documented information as evidence of the results. The organization shall evaluate the BCMS performance and the effectiveness of the BCMS. Additionally, the organization shall — take action when necessary to address adverse trends or results before a nonconformity occurs, and — retain relevant documented information as evidence of the results. The procedures for monitoring performance shall provide for — the setting of performance metrics appropriate to the needs of the organization, — monitoring the extent to which the organization’s business continuity policy, objectives and targets are met, — performance of the processes, procedures and functions that protect its prioritized activities, — monitoring compliance with this International Standard and the business continuity objectives, — monitoring historical evidence of deficient BCMS’ performance, and — recording data and results of monitoring and measurement to facilitate subsequent corrective actions. 9.3 Management review Top management shall review the organization’s BCMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness. The management review shall include consideration of a) the status of actions from previous management reviews, b) changes in external and internal issues that are relevant to the business continuity management system, c) information on the business continuity performance, including trends in 1) nonconformities and corrective actions, 2) monitoring and measurement evaluation results, and 3) audit results, d) opportunities for continual improvement. Management reviews shall consider the performance of the organization, including — follow-up actions from previous management reviews, — the need for changes to the BCMS, including the policy and objectives, — opportunities for improvement, — results of BCMS audits and reviews, including those of key suppliers and partners where appropriate, — techniques, products or procedures, which could be used in the organization to improve the BCMS’ performance and effectiveness, — status of corrective actions, — results of exercising and testing, — risks or issues not adequately addressed in any previous risk assessment, — any changes that could affect the BCMS, whether internal or external to the scope of the BCMS, — adequacy of policy, — recommendations for improvement, — lessons learned and actions arising from disruptive incidents, and — emerging good practice and guidance.
  9. Notes: 6.2 Business continuity objectives and plans to achieve them Top management shall ensure that business continuity objectives are established and communicated for relevant functions and levels within the organization. The business continuity objectives shall a) be consistent with the business continuity policy, b) take account of the minimum level of products and services that is acceptable to the organization to achieve its objectives, c) be measurable, d) take into account applicable requirements, and