ISO 22301: An Overview of BCM Implementation Process Presenter: Dejan Kosutic GoToWebinar Control Panel • Open and close your Panel • View, Select, and Test your audio • Submit text questions – they will be addressed throughout the session • Raise your hand ©2014 27001Academy www.iso27001standard.com 2 Which are the mandatory steps in ISO 22301 implementation If you’re planning to implement business continuity… … you need to know all the necessary elements for successful business continuity implementation ©2014 27001Academy www.iso27001standard.com 3 ISO 22301 is the framework that is the easiest to adopt, and is the only one that is truly international ©2014 27001Academy www.iso27001standard.com 4 Agenda • ISO 22301/BS 25999 family of standards • 17 steps for ISO 22301 implementation • Mandatory documents • How get management commitment • Biggest challenges in implementation ©2014 27001Academy www.iso27001standard.com 5 ISO 22301 & BS 25999 family of standards • BS 25999-1:2006 – Code of practice • BS 25999-2:2007 – Specification • ISO 22301:2012 – Specification • ISO 22313:2012 – Guidance Other standards/frameworks: • ISO 27001, A.17 • BCI – Good Practice Guidelines • DRII – Professional Practices ©2014 27001Academy www.iso27001standard.com 6 17 implementation steps… Management support Identification Your Text of requirements Your Text Objectives and scope ©2014 27001Academy www.iso27001standard.com Budget, Project plan List of requirements BCM Policy 7 17 implementation steps… Your Text Management framework Risk Your assessment Text & treatment Define Your RTO, Text RPO, resources ©2014 27001Academy www.iso27001standard.com 3 procedures Methodology & report Business Impact Analysis 8 17 implementation steps… Your Textneeded & Resources how to provide them Your Text How to react & recover Your Texttraining & Implement awareness programs ©2014 27001Academy www.iso27001standard.com Business continuity strategy Incident response plans; Recovery plans Records 9 17 implementation steps… Your Text Documentation maintenance Your Text Exercising & testing Your Text Learning from experience ©2014 27001Academy www.iso27001standard.com Records Reports; Preventive and Corrective actions Postincident reviews 10 17 implementation steps… Your Text Communication with interested parties Records Your Text Measurement and evaluation Reports; Preventive and Corrective actions Your Text Internal audit ©2014 27001Academy www.iso27001standard.com Report 11 17 implementation steps… Your Text Improvement Your Text Management review ©2014 27001Academy www.iso27001standard.com Corrective actions Minutes of the meeting 12 Mandatory documents… • • • • • • • • List of regulatory and other requirements Scope of the BCMS Business Continuity Policy Business continuity objectives Evidence of personnel competences Records of communication Business impact analysis Risk assessment, including risk appetite ©2014 27001Academy www.iso27001standard.com 13 … Mandatory documents • • • • • • • • Incident response structure Business continuity plans Recovery procedures Results of preventive actions Results of monitoring and measurement Results of internal audit Results of management review Results of corrective actions ©2014 27001Academy www.iso27001standard.com 14 How to sell the idea to management? Benefits! Compliance Marketing edge Reduce dependence on individuals Prevent large-scale damage ©2014 27001Academy www.iso27001standard.com 15 Biggest challenges in ISO 22301 implementation • Cost of implementation • Top management awareness - not investing in prevention • Definition of the Scope/Perimeter to assess • Making people understand the real purpose of implementing BCMS • Developing and maintaining the required documented information ©2014 27001Academy www.iso27001standard.com 16 Conclusions Unless you have specific requirement to implement some other business continuity framework, ISO 22301 is most probably the best solution ©2014 27001Academy www.iso27001standard.com 17 Q&A Dejan Kosutic ©2014 27001Academy www.iso27001standard.com 18 Thank you! www.iso27001standard.com/webinars