Upload File

assessing the impact of a disruption: building an effective business impact analysis (bia) approach...

  • Home
  • Business
  • Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard
24
1 Assessing the Impact of a Disruption Building an effective business impact analysis (BIA) approach using the new ISO 22317 BIA standard Bryan Strawser - @bryanstrawser Principal Consultant & CEO, Bryghtpath LLC

Upload: bryghtpath-llc

Post on 20-Jan-2017

337 views

Category:

Business


2 download

Report

TRANSCRIPT

Page 1: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

1

AssessingtheImpactofaDisruptionBuildinganeffectivebusinessimpactanalysis(BIA)approachusingthenewISO22317BIAstandard

BryanStrawser- @bryanstrawserPrincipalConsultant&CEO,BryghtpathLLC

Page 2: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

2

Bryan StrawserPrincipal Consultant & CEO

BryanStrawserisPrincipalConsultant&CEOatBryghtpath LLC,whohasmorethan21yearsofexperience.

.

+1-612-235-6435

[email protected]

www.bryghtpath.com

linkedin.com/in/bryanstrawser

twitter.com/bryanstrawser

Page 3: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard
Page 4: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

Weareastrategicadvisory firmthatspecializesinglobalrisk,businesscontinuity,emergencymanagement, crisiscommunications, andpublicaffairs

Page 5: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• FormerlyBS25999• Adoptedgloballyin2012• IntersectswithotherISO

Standards– Ex:ISO27001

• EstablishandmaintainaBusinessContinuityManagementSystem

• Accreditation• Certification

– Implementer/Lead– Auditor/Lead

5

ISO22301:2012SocietalSecurity– BusinessContinuityManagementSystems

Page 6: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• Scope• Termsanddefinition• OrganizationalContext• Leadership• Planning• Support• Operation• PerformanceEvaluation• Improvement

6

ISO22301ContentStructureandContentofISO22301

Page 7: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

BusinessContinuityCapabilityoftheorganizationtocontinuedeliveryofproductsorservicesatacceptablepredefinedlevelsfollowingadisruptiveincident

BusinessImpactAnalysisProcessofanalyzingactivitiesandtheeffectthatabusinessdisruptionmighthaveuponthem

7

ISO22301:Clause3KeyDefinitions

Page 8: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

8.2:BusinessImpactAnalysis(BIA)andRiskAssessment

• 8.2.2BusinessImpactAnalysis– Identifyingactivities thatsupporttheprovisionofproductsandservices– Assessing theimpactsovertimeofnotperformingtheseactivities– Settingprioritizedtimeframesforresumingtheseactivities– Identifyingdependencies andsupportingresources

• 8.2.3RiskAssessment– Identifyrisksofdisruptiontotheorganization’sprioritizedactivities– Systematicallyanalyzerisk– Evaluatewhichdisruptionrelatedrisksrequirementtreatment– Identifytreatmentscommensuratewithbusiness continuityobjectives

andinaccordancewiththeorganization’sriskappetite

8

ISO22301:Clause8Operations

Page 9: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

9

ISO22301&ISO22317InterconnectedStandards

Copyright©2015byBryghtpathLLC|bryghtpath.com |+1-612-235-6435|[email protected]

ISO22301

ISO22317

• ProvideshighleveldefinitionofBIA• Outlinessomerequireddocumentation

• Establishesthe“How-to”fortheBIA• ProvidesgreaterdetailinBIAplanning,

execution,andrequireddocumentation

Page 10: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• Bethebasisforcontinuallyimprovingtheorganization’sBIA– Ongoingreview– Event-triggeredactivities

• Guidetheorganizationinplanning,conducting,andreportingontheBIA

• AssisttheorganizationinitsBIAinamannerconsistentlyreflectinggoodpractices

• ProvidesforpropercoordinationbetweentheBIAandtheoverarchingbusinesscontinuityprogram(orBCMS)

10

ISO22317TheBasics

Page 11: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• Financial– Lostprofits,diminishedmarketshare,fines,penalties

• Reputational– Damagetothebrand,negativepublicopinion

• Legal&Regulatory– Lossoflicense, litigation, increasedoperationalcosts

• Contractual– Breachofcontractorserviceobligation

• BusinessObjectives– Failingtodeliver onobjectives,unabletotakeadvantageofopportunities

11

ISO22317LookingattheBIA

Page 12: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• EndorsingormodifyingtheoverallscopeofyourBCMS

• Focusing&identifyingyourgoverningobligations

• Settingtimeframesandprioritiesforrestoringthebusinessfollowingadisruptiveincident

• Identifyingandarticulatingtherelationshipsbetweeneverythingthebusinessdoes

• Determiningthepeople,facilities,equipmentneededtodowhatisnecessarytogetthebusinessupandrunning

12

ISO22317The“Outputs”ofyourBIAprocess

Page 13: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

13

ISO22317ImpactoverTime

Page 14: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• TheBIAshouldbemonitoredonaperiodicbasis

• TheBIAshouldbereviewedwhentriggeredbyanevent:– Productorservicechange– Regulatorychange– Companyorganizationalchange– Followingadisruptiveeventorexercise

14

ISO22317MonitoringandReviewingtheBIA

Page 15: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• ItiscriticalthatyourBIAprocessandresultsbereviewedandvalidatedregularlybyyourseniormanagementteam.

• AproperBIAwillhaveimpactonfuturecapital,expense,andorganizationaldecisionsthatyourcompanywillneedtomake.

15

ISO22317SeniorLeadershipValidation

Page 16: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

16

ISO22317ProcessDiagram

Page 17: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

17

ISO22317ProcessDiagram

Page 18: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

IndividualMeetings• Individualmeetingstocapture

– Organizationalinformation,technologyusage/dependencies,interconnectednesswithotherteams

– Connectivitytocorporatestrategies,impactofdisruption– Toleranceofdowntime

Analysis• Analysisandtieringofinformationreceivedthroughindividualmeetings

Seniorleadershipvalidation

18

ExampleISO22317BIAProcessSmallbusinesswith15-20departments

Page 19: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

InitialAnalysis- Survey• E-mailedsurveyusinginternaltooltomidlevelmanagers

– Organizationalinformation,technologyusage/dependencies,interconnectednesswithotherteams

– Connectivitytocorporatestrategies,impactofdisruption– Toleranceofdowntime

• Analysiscompletedondatareceivedthroughsurveytool• Impactinformationwasusedtocreatetiersforrecovery– businessand

technology

Follow-onAnalysis– In-person/smallgroupmeetings• Smallgroupdiscussionsforvalidationofreceiveddata• Approximately30%ofteamsdefinedas“critical”wereselectedfor

follow-onanalysis

Seniorleadershipvalidation

19

ExampleISO22317BIAProcessFortune50GlobalRetailer

Page 20: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

• DevelopwaystoclearlyexplaintheoutputsofyourBIAprocessinamannereasilyunderstandablebyyourbusinessleaders– Recoverytiers– Interdependenceofprocesses,facilities,andtechnologies– Gapsinactualversus“needed”recoverytime

• Operationalmetricsaregoodtoshare,butdonottellthewholestory– #ofinterviewsconducted– #ofcriticalprocessesorteams

• Gapswillindicateareaswhereleadershipattentionshouldbefocused– Ex:Actualrecoverytimeversusrequiredrecoverytime

20

ExampleISO22317BIAProcessMetrics

Page 21: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

CrisisManagementasaCompetitiveAdvantage

21

Source:2012HurricaneSandyRILASurvey

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

10/29 10/30 10/31 11/1 11/2 11/3

Target(195) Sears/K-Mart(236) Macy's(200) Walmart(294) BestBuy(125)

Page 22: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

Learnmoreaboutusathttp://bryghtpath.com

Joinournewsletterathttp://bryghtpath.com/newsletter

ContactInformation:• +1.612.235.6435• [email protected]

22

Questions&Answers

Page 23: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

23

AssessingtheImpactofaDisruptionBuildinganeffectivebusinessimpactanalysis(BIA)approachusingthenewISO22317BIAstandard

BryanStrawser- @bryanstrawserPrincipalConsultant&CEO,BryghtpathLLC

Page 24: Assessing the impact of a disruption: Building an effective business impact analysis (BIA) approach using ISO 22301 and the new ISO 22317 BIA Standard

24Issue: Feb 2013 MMCAFRICA - EMS Auditor / Lead Auditor Training Course

?QUESTIONS

THANK YOU

+1-612-235-6435

[email protected]

www.bryghtpath.com

linkedin.com/in/bryanstrawser

twitter.com/bryanstrawser


cbi.iq · ISO 22301 . ISO 22301 — - 44 CBI Head Office Al- Rasheed St. Baghdad- Iraq Tel.. 8165171 Telephone Exchange With 4 Line ... ISO 22301 ISO 22317 . i.Ä.S — -r

Nobiltà, eleganza e discrezione, sono i contenuti ... · EN14411 附錄G & ISO 13006 附錄G gruppo BIa GL group BIa GL groupe BIa GL Gruppe BIa GL grupo BIa GL группе B Ia

Updated As At 18 Jan 2018 - grccs.com.mygrccs.com.my/GRCCS-BCI_Conference_2018.pdfglobal thinking from BS ISO 22301:2014,ISO 22313 and ISO 22317:2015. Course Objectives The objectives

Mike Anzis Anzis Consulting - chapters.acp …chapters.acp-international.com/images/losangeles/documents/ISO... · Mike Anzis Anzis Consulting ... ISO 22317 Business Continuity Management

Vias Públicas BIA POSTE Estacionamentos - Tairis€¦ · 1 1 ovaci 220vac 11 ovaci 220vac bia - bia bia - bia - bia bia - pos - pos pos - pos - pos - pos - 1050 900 750 600 450 300

STRATEGIC ADVICE TO NAVIGATE GLOBAL …€¢ Standards: ISO 22301, ISO 22317, NFPA 1600, ASIS, & others. Building your capacity to respond and recover In a time of crisis, whether

Continuidad de negocios y operaciones frente a desastres ... · PDF fileISO 22317 –Guía para efectuar el BIA ISO 22320 –Respuesta a incidentes ISO 22398 –Guia para ejercicios

Legislacao Especifica de Ti p Stn Aula 00 Aula 00 22317

April 18-20, 2016 The Road to - Advantage Business Mediasubscribe.advantagemedia.com/ims/pdf/2016CIManagementConferenc… · The Road to Resilience ... D6 Leveraging the New ISO 22317

BIA 5 BIA 6 - Portfolio Ingatlan · GSPublisherVersion 0.0.100.14 GSPublisherVersion 0.0.100.100 BIA 25 28 . 716 m 2 BIA 20 9 . 413 m 2 BIA 21 1 . 920 m 2 BIA 22 9 . 394 m 2 BIA 23

The BCI Supply Chain - quickbizgroup.comquickbizgroup.com/images/events/pdf/TheBCISupplyChain.pdfMBCI CBCI MEPS Cert ISO 22301 LI ... thinking from ISO 22301 and ISO /TS 22317 and

DIPLOMADO EN SISTEMA DE GESTIÓN DE LA CONTINUIDAD DEL …200.48.195.199/MKTMailing/BROCHURE GESTIÓN DE CONTINUIDAD DE NEGOC… · ISO 22301, ISO 22313, ISO 22317 para su aplicación

Implementing ISO 22301 - theicor.org 4000_Implementing ISO... · ICOR COURSES Implementing ISO 22301 Aligning to ISO 22301, 22313, 22320, 22317, 22318, 22398, & 31000 Offered by ICOR

يازث یيبّدَوٌّر -ربک ٍ تک مٍاذت BIA ربک ٍ تک زثا لیلحت ...shaghool.ir/Files/114985_qualitymanagement-21338.pdfiso/ts 22317: 2015 . 1395 لب

FKL Bearings in Vibrating Screens in Vibrating Screens: ... whereas for sizes 22317 and above, it is recommended to be ISO grade f6 IT4 / 2. Surface roughness on bearing seatings

DIPLOMADO.… · operaciones, dentro del marco de normativa nacional e internacional, como la norma ISO 22301, ISO 22317 y RM 028-2015 PCM. Al finalizar el programa serás capaz de:

Dr. Wolfgang H. Mahr, M.Sc., BBA, MBCI, CISA …...... M.Sc., BBA, MBCI, CISA governance & continuuuity gmbh CH-8408 Winterthur, Switzerland www ... ISO 22317 on the ... after developing

Societal security — Business continuity management systems — Guidelines ...TS+22317-2015.pdf · ©ISO 2015 Societal security — Business continuity management systems — Guidelines

Durham Research Online - dro.dur.ac.ukdro.dur.ac.uk/22317/1/22317.pdfexpectancy as plotted against economic deprivation at the small area level became less steep between 1999–2003

Portofino Porcelánico Porcelain tile BIa / ISO 13006 - G · Portofino Porcelánico Porcelain tile BIa / ISO 13006 - G 60x60 cm. 23.6x23.6 inches 59,3x59,3 cm. 23.3x23.3 inches

SPECIFICATION OR Date ISO/TC 292 N 15 … 22318 SCCM...Mar 02, 2012 · thus is closely linked with ISO/TS 22317 which provides guidance on conducting a BIA

BCM Legislations, Regulations, Standards and Good … · PD ISO/TS 22317:2015 – Societal Security – Business Continuity Management Systems – Guidelines for Business Impact Analysis

Association of Contingency Planners - acp …chapters.acp-international.com/.../ISO22301Presentation.pdf · ISO 22317:2015 Business Continuity Management Systems – Business Impact

IL SISTEMA DI GESTIONE DELLA CONTINUITÀ OPERATIVA …aicqna.it/wp-content/uploads/2017/06/DETONI.pdf · 2017-06-15 · ISO 22317:2015 Guidelines for Business Impact Analysis (BIA)

WINTER 18 EXAMINATION Subject Name: Data Structure …...22317 . MAHARASHTRA STATE BOARD OF TECHNICAL EDUCATION (Autonomous) (ISO/IEC - 27001 - 2013 Certified) _____ Page 2 of 21 Level

ISO/TS 22317: How to Use ISO’s Newest BC Standard to ... ISO 22317 sought to re-define ISO’s business impact analysis definition, outcomes, and process to be more clear and straight-forward

II COLAROP 2017 - ernestobazan.comernestobazan.com/content/20170214081051-1.pdfen la ISO 22317 Amalia Llontop Gerente de Continuidad del Negocio y Seguridad de la Información BANCO

WARNING - Continuity Forum 22317 - BIA... · 2/9/2015 · WARNING: This document is not approved. It is distributed for review and comment. It is subject to change without notice

Cesium Co. Ltd., · ISO 22317 Business Impact Analysis Risk Assessment Methods ISO 27799 Information Security Management Continuity Resilience ecovery

Jet Pump - White Int1 Jet Pump BIA-FERRO60M, BIA-FERRO60MPCX, BIA-FERRO60MP BIA-FERRO110M, BIA-FERRO110MPCX, BIA-FERRO110MP BIA-FERRO110HM, BIA-iFERRO110HM, BIA-INOX45S2MPCX BIA-INOX60S2MPCX,

Évolution des normes en résilience et continuité ... · ISO 22313 Systèmes de management de la ontinuité d’ativité –Lignes directrices* ISO 22317 –SMCA Analyse des impacts

Data structure using ‘C’ ( 22317

CUA / GH˚ RAM ME - Cam Bình Resortcambinhresort.com/ckfinder/userfiles/files/Menu_alacart...BIA HENIKEN BIA SÀI GÒN XANH BIA HENIKEN BIA TIGER LON BIA TIGER CHAI BIA TIGER BIA

Nr. 22317 - VIVESspelarch.vives.be/PDFspelregels/11381.pdf · 2019. 12. 12. · Art. Nr. 22317 Magicus Zauberei ist es nicht, die dabei hilft, den eigenen Turm verschwinden zu lassen,

2009-12-07 - Permobilcountries.permobil.com/Documentation/Reservdelskatalog/Chassis/X... · SCREW, ISO 7380 IscREW, ISO fzb ISO 14583 IKnatLFhSTE CABLE CLIP 30180SS ... "22317 -gg-c