- chapters.acp-international.comchapters.acp-international.com/images/northtexas/documents... ·...
Post on 29-Jul-2018
294 Views
Preview:
TRANSCRIPT
ISO 9000
ISO 14000
ISO 27001
ISO 31000
Quality Management
(Data Center)
Environmental
Information Security
Risk Management
SOME POPULAR ISO STANDARDS
4
FIRST KNOWN BUSINESS
CONTINUITY STANDARD BS25999
British Standard
Written in 2006/2007
Popular in EMEA
Not so much in Americas … sporadic usage …
Never fully adopted by ISO
Did drive the point home of the need for an international standard, though
5
ISO 22301
A “Requirements” standard for BCMS
Auditable
“Shall/Must”
High-Level Content
Describes the “what” not the “how”
The first International Standard exclusively for Business
Continuity
8
ISO 22301 - BCMS
BCMS:
Business Continuity Management System
Emphasizes the importance of:
• Understanding needs of the organization
• Understanding necessity for establishing
BC policies and objectives
9
ISO 22301 - BCMS
BCMS:
Business Continuity Management System
Emphasizes the importance of:
• Implementing and operating controls and measures for managing an organization’s overall resilience and its capability to manage disruptive events
10
ISO 22301 - BCMS
BCMS:
Business Continuity Management System
Emphasizes the importance of:
• Monitoring and reviewing the performance and effectiveness of the BCMS
• Continual improvement based on objective measurement (metrics)
11
ISO 22301 - BCMS
PURPOSE:
To Be A Requirements Document That
Drives BC Performance To A Higher Level
With The Goal Of Certifying To The ISO
Standards
14
ISO 22301 – BCMS
KEY CHARACTERISTICS OF A BCMS
• Accountability
• Repeatable Processes
• Documentation Providing Auditable evidence
• Resources
• Performance Measurement and Review
• Competence
• Cultural Change
15
ISO 22301 – BCMS
KEY COMPONENTS OF A BCMS:
• Policy
• Leadership – People with Defined Responsibilities
• Context and Obligations
• Resources
• Competencies of the resources
• Communications
• Evaluation and Internal Audit
• Corrective Action
• Management Review
• Continuous Improvement
16
ISO 22301 – APPLYING THE PDCA CYCLE TO BCMS
Planning
Establishing
Implementing
Operating
Monitoring
Reviewing
Maintaining
Continually Improving
17
ISO 22301
A DOCUMENT WITH TEN CLAUSES
CLAUSE 1: Scope
CLAUSE 2: Normative References
CLAUSE 3: Terms and Definitions
These are known as the INTRODUCTION clauses
19
ISO 22301
A DOCUMENT WITH TEN CLAUSES
REQUIREMENTS:
CLAUSE 4: Context of the Organization
CLAUSE 5: Leadership
CLAUSE 6: Planning
CLAUSE 7: Support
These are the PLAN clauses
20
ISO 22301
A DOCUMENT WITH TEN CLAUSES
Deeper look at the PLAN clauses:
CLAUSE 4: Context of the Organization
• BC Policy
• BIA Methodology
• Risk Assessment
• Legal and Regulatory Requirements
• Scope of the BCMS; explanation of exclusions
• 4 Mandatory Documents of Record
21
ISO 22301
A DOCUMENT WITH TEN CLAUSES
Deeper look at the PLAN clauses:
CLAUSE 5: Leadership
• Leadership commitment
• Management commitment
• Organizational roles and responsibilities
• 1 Mandatory Document
22
ISO 22301
A DOCUMENT WITH TEN CLAUSES
Deeper look at the PLAN clauses:
CLAUSE 6: Planning
• Risks and Opportunities
• BC Objectives, and plans to achieve them
• Approval by executive management
• 1 Mandatory Document
23
ISO 22301
A DOCUMENT WITH TEN CLAUSES
Deeper look at the PLAN clauses:
CLAUSE 7: Support
• Resources
• Competencies
• Awareness
• Communication
• Documentation, including version controls
• 2 Mandatory Documents
24
ISO 22301
A DOCUMENT WITH TEN CLAUSES
REQUIREMENTS:
CLAUSE 8: Operations Business Impact Analysis Risk Assessment BC Strategy BC Procedures 10 Mandatory Documents
This is the DO clause
25
ISO 22301
A DOCUMENT WITH TEN CLAUSES
REQUIREMENTS:
CLAUSE 9: Performance / Evaluation • Risk treatment, preventive actions, maintenance plans • Actions addressing adverse trends/results • Data and results of monitoring /measurement • Results of post-incident review • Results of internal audit(s) • Results of management review • 5 Mandatory Documents
This is the CHECK clause
26
ISO 22301
A DOCUMENT WITH TEN CLAUSES
REQUIREMENTS:
CLAUSE 10: Improvement
• Nature of nonconformities and actions taken
• Results of corrective actions
• 2 Mandatory Documents
This is the ACT clause
27
ISO 22301
METHODS OF CERTIFICATION
Third-Party –
Via External Audit with
Accredited Certification
Bodies, i.e. ANSI or IAS
32
ISO 22301
METHODS OF CERTIFICATION
Full USA listing:
http://www.iaf.nu/articl
es/IAF_MEM_USA__all/1
12
33
ISO 22313
• A “Guidance” standard
– Aligns with Requirements
– Detailed cross-referencing by clause
– Provides recommendations and permissions
– “Should/May”
– Strategy Options
– Best when paired with ISO22301
34
PRESENTED BY:
CAROL DELATTE, CBCP
CAROL.6323@GMAIL.COM
972-415-6751
OCTOBER 2014
38
top related