business continuity management

67
• Business Continuity Management https://store.theartofservice.com/the-business-continuity- management-toolkit.html

Upload: theresa-hensley

Post on 25-Dec-2015

218 views

Category:

Documents


1 download

TRANSCRIPT

Page 1: Business Continuity Management

• Business Continuity Management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 2: Business Continuity Management

Disaster recovery Further reading

1 ISO/IEC 22301:2012 (replacement of BS-25999:2007) Societal Security - Business Continuity Management

Systems - Requirements

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 3: Business Continuity Management

Disaster recovery Further reading

1 BS 25999-1:2006 Business Continuity Management Part 1:

Code of practice

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 4: Business Continuity Management

Disaster recovery Further reading

1 BS 25999-2:2007 Business Continuity Management Part 2:

Specification

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 5: Business Continuity Management

Chief governance officer

1 The heads of several governance-related functions may report to the CGO,

including community relations / public affairs, corporate strategy, business continuity management, business

performance management, compliance management / internal controls,

corporate communication, corporate philanthropy, enterprise risk

management, ethics management, internal audit, investor relations, legal

services, stakeholder management and sustainability management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 6: Business Continuity Management

Deloitte - Services

1 Audit and Enterprise Risk Services: Provides the organization's traditional accounting and audit services, as well

as offerings in enterprise risk management, information security

and privacy, data quality and integrity, project risk, business

continuity management, internal auditing and IT control assurance.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 7: Business Continuity Management

ISO/IEC 27002 - Outline for ISO27002:2013

1 Information security aspects of business continuity management - Information security continuity and

Redundancies

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 8: Business Continuity Management

ISO/IEC 27002 - Outline for ISO27002:2005

1 14. Business continuity management – protecting, maintaining and recovering business-critical

processes and systems

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 9: Business Continuity Management

ISO/IEC 27001:2013 - Structure of the standard

1 This structure mirrors the structure of other new management standards

such as ISO 22301 (business continuity management); this helps

organisations who aim to comply with multiple standards, to improve their IT from different perspectives.

Annexes B and C of 27001:2005 have been removed.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 10: Business Continuity Management

ISO/IEC 27001:2013 - Controls

1 A.17: Information security aspects of business continuity

management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 11: Business Continuity Management

ISO/IEC 27001:2005

1 Business continuity management - protecting, maintaining and recovering business-critical

processes and systems

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 12: Business Continuity Management

IT risk - ISO

1 Topic: Standard containing generally accepted guidelines and general

principles for initiating, implementing, maintaining, and improving information security

management in an organization, including business continuity

management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 13: Business Continuity Management

IT risk - BSI

1 The standard is intended as a code of practice for business continuity

management, and will be extended by a second part that should permit accreditation for adherence with the

standard

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 14: Business Continuity Management

Business continuity planning

1 In 2007, the BSI published BS 25999-2 "Specification for Business

Continuity Management", which specifies requirements for

implementing, operating and improving a documented business

continuity management system (BCMS).

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 15: Business Continuity Management

Business continuity planning

1 BS 25999-2:2007 business continuity management is the British Standard for business continuity management

across all organizations

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 16: Business Continuity Management

Business continuity planning - Notes

1 Jump up ^ British Standards Institution (2006). Business

continuity management-Part 1: Code of practice :London

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 17: Business Continuity Management

Business continuity planning - Notes

1 Jump up ^ British Standards Institution (2012). Societal security –

Business continuity management Systems – Requirements: London

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 18: Business Continuity Management

Business continuity planning - International Organization for Standardization

1 ISO 22301:2012 Societal security - Business continuity management systems -

Requirements

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 19: Business Continuity Management

Business continuity planning - International Organization for Standardization

1 ISO 22313:2012 Societal security - Business continuity management systems - Guidance

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 20: Business Continuity Management

Business continuity planning - Others

1 Exercising for Excellence (Delivering successful business continuity

management exercises) by Crisis Solutions

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 21: Business Continuity Management

Business continuity - Standards

1 ISO - On 15 May 2012, ISO published the International Standard ISO

22301:2012, "Societal security -- Business continuity management

systems --- Requirements". A second International Standard ISO 22313,

"Societal security -- Business continuity management systems – Guidance", is

in the Draft International Standard (DIS) phase and is expected to be

published in late 2012 or early 2013.https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 22: Business Continuity Management

Business continuity - Standards

1 In 2011, ISO published the International Standard ISO/IEC 27031:2011, Information security - Security

techniques — Guidelines for information and communication technology [ICT]

readiness for business continuity." This provides guidance for organization's implementing the ICT component of

business continuity management. It also provides guidance in support of the business continuity elements of the

information security standards, ISO/IEC 27001 and ISO/IEC 2002.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 23: Business Continuity Management

Business continuity - Standards

1 The second, “BS 25999-2:2007 Specification for Business Continuity

Management”, specifies requirements for implementing, operating and

improving a documented business continuity management system

(BCMS), describing only requirements that can be objectively and

independently audited

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 24: Business Continuity Management

Business continuity - Standards

1 Australia – Published by Standards Australia HB 292-2006 : A practitioners

guide to business continuity management HB 293-2006 : Executive

guide to business continuity management In 2010, Standards

Australia introduced their Standard AS/NZS 5050 that connects far more

closely with traditional risk management practices. This interpretation is designed

to be used in conjunction with AS/NZS 31000 covering risk management.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 25: Business Continuity Management

Business continuity - Procedures

1 British Standard 25999-2 and other standards identified above provide a

specification for implementing a business continuity management

system within an organization.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 26: Business Continuity Management

Business continuity - Planning

1 Planning, prevention, and preparation are a key part of any business continuity

management system and have direct read across from civil contingencies planning. The activity begins with

understanding the business to identify potential risks and threats to critical

business activities both internally and from the external environment. It is also advisable to examine the resilience of

suppliers.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 27: Business Continuity Management

Institute of Internal Auditors - Practice guides

1 GTAG 10: Business Continuity Management (BCM)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 28: Business Continuity Management

Cyber security standards - ISO 27001

1 The ISO/IEC 27002 standard is arranged into eleven control areas; security

policy, organizing information security, asset management, human resources security, physical and environmental

security, communication and operations, access controls, information

systems acquisition/development/maintenance, incident handling, business continuity

management, compliancehttps://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 29: Business Continuity Management

Chartered Quality Institute - IRCA

1 IRCA offers certification programmes that recognise the competence of

auditors who audit quality, software development, aerospace, maritime safety, pharmaceutical, food safety, environmental, information security,

information technology service, occupational health and safety,

social systems and business continuity management systems.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 30: Business Continuity Management

Business process outsourcing - Threats

1 Risks and threats of outsourcing must therefore be managed, to achieve any benefits. In order to

manage outsourcing in a structured way, maximizing positive outcome, minimizing risks and avoiding any

threats, a Business continuity management (BCM) model is set up.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 31: Business Continuity Management

Business process outsourcing - Threats

1 A framework for business continuity management, International Journal of

Information Management 26- 2 (2006): 128- 141

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 32: Business Continuity Management

Framework Programmes for Research and Technological Development - TIMBUS Project

1 TIMBUS aligns digital preservation with well-established methods for enterprise risk management (ERM)

and business continuity management (BCM).

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 33: Business Continuity Management

Threat (computer) - Threat management

1 Very large organizations tend to adopt business continuity management plans

in order to protect, maintain and recover business-critical processes and systems. Some of these plans foreseen to set up 'computer security incident response team' (CSIRT) or 'computer

emergency response team' (Computer emergency response team|CERT)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 34: Business Continuity Management

Business impact analysis

1 In 2007, the BSI published BS 25999-2 Specification for Business

Continuity Management, which specifies requirements for

implementing, operating and improving a documented business

continuity management system (BCMS).

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 35: Business Continuity Management

Business impact analysis

1 This document was superseded in November 2012 by the British

standard BS ISO22301:2012. (British Standards Institution, 2012) British

Standards Institution (2012). Societal security – Business continuity

management Systems – Requirements: London

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 36: Business Continuity Management

Crisis management - Business continuity planning

1 Business Management: Top tips for effective, real-world Business Continuity Management)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 37: Business Continuity Management

Enterprise relationship management - Velox framework

1 Velox ERM is a product of Technology Partnerz.[

http://www.technologypartnerz.com/eng/erm.asp ERM - Enterprise Relationship Management - Technology Partnerz Ltd] It integrates ONA -

organizational network analysis,[ http://www.orgnet.com/orgnetmap.pdf

Organizational Network Mapping] process re-design, IS/IT strategy, change management, supplier relationship management, customer

relationship management, and risk and business continuity management into a

comprehensive and simple framework that supports people and organizations in

repeatably/consistently:https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 38: Business Continuity Management

Chief information security officer

1 * Disaster recovery and business

continuity management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 39: Business Continuity Management

Civil Contingencies Act 2004 - Part 1: Local Arrangements for Civil Protection

1 Part 1 of the Act places a legal obligation upon emergency services

and local authorities (defined as Category 1 responders under the

Act) to assess the risk of, plan, and exercise for emergencies, as well as

undertaking Business continuity Management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 40: Business Continuity Management

Emergency management - As a profession

1 Professional emergency managers can focus on government and

community preparedness (Continuity of Operations/Continuity of

Government Planning), or private business preparedness (Business

continuity planning|Business Continuity Management Planning)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 41: Business Continuity Management

ISO/IEC 17799 - Outline for ISO27002:2013

1 #Information security aspects of business continuity management - Information security continuity and

Redundancies

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 42: Business Continuity Management

ISO/IEC 17799 - Outline for ISO27002:2005

1 14. Business continuity planning|Business continuity management –

protecting, maintaining and recovering business-critical

processes and systems

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 43: Business Continuity Management

Information security policies - Risk management

1 *business continuity management, and

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 44: Business Continuity Management

IT baseline protection - IT Baseline Protection Catalog and standards

1 It contains elements from BS 25999, ITIL Service Continuity Management

combined with the relevant IT Baseline Protection Catalog

components, and essential aspects for appropriate Business continuity

planning|Business Continuity Management (BCM)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 45: Business Continuity Management

Dynamic infrastructure - Benefits of having dynamic infrastructures

1 – Source: Gartner – Predicts 2009: Business Continuity Management Juggles Standardization, Cost and

Outsourcing Risk). / Roberta J Witty, John P Morency, Dave Russell, Donna

Scott, Rober Desisto / 28 January 2009

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 46: Business Continuity Management

BSI Group - Standards

1 BSI produces standards on a wide range of products, services and

processes; from nuts and bolts to sustainability, risk, business continuity management and

nanotechnology.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 47: Business Continuity Management

List of International Organization for Standardization standards - ISO 20000 – ISO 29999

1 * ISO 22301:2012 Societal security – Business continuity management systems –

Requirements

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 48: Business Continuity Management

Certified Internal Auditor - Practice guides

1 :*'GTAG 10:' Business Continuity Management (BCM)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 49: Business Continuity Management

IT service continuity - Background

1 At the same time the need for business continuity management

(BCM), including incident preparedness, disaster recovery

planning, and emergency response and management, has become

steadily more prevalent in developed and developing economies.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 50: Business Continuity Management

IT service continuity - Background

1 IT Service Continuity is essential for many organizations in the implementation of Business Continuity Management and

Information Security Management and as part of the implementation and operation information security management as well as business continuity management as specified in ISO/IEC 27001:2013 and ISO 22301:2012 respectively, it is critical to

develop and implement continuity for the ICT services to help ensure business

continuity.https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 51: Business Continuity Management

Disaster recovery plan - Off-the-shelf DRP software

1 SunGard provides a product called Continuity Management Solution that

automates the disaster recovery planning process.[

http://www.sungardas.com/Solutions/DisasterRecovery/PlanningAndSoftware/

Pages/PlanningAndSoftware.aspx Planning Software: The tools you need to minimize risk and ensure continuity,

Business Continuity Management Software.] SunGard Availability Services

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 52: Business Continuity Management

BCM

1 *Business Continuity Management, an interdisciplinary peer mentoring methodology used to create a plan

for recovery of a business after disaster or disruption

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 53: Business Continuity Management

Publicly Available Specification - PAS

1 * PAS 56: Business Continuity Management System (2003)

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 54: Business Continuity Management

BS 25999

1 'BS 25999' was BSI Group|BSI's standard in the field of Business

continuity planning|Business Continuity Management (BCM). It was withdrawn in 2012 (part 2) and 2013 (part 1) following

the publication of the international standards ISO 22301 - ″Societal Security

— Business continuity management systems — Requirements″ and ISO 22313 - ″Societal Security — Business continuity

management systems — Guidance″

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 55: Business Continuity Management

BS 25999 - Structure

1 BS 25999 was a Business Continuity Management (BCM) standard

published by the British Standards Institution (BSI).

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 56: Business Continuity Management

BS 25999 - Structure

1 * Part 1, BS 25999-1:2006 Business Continuity Management. Code of Practice, took the form of general

guidance on the processes, principles and terminology recommended for

BCM.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 57: Business Continuity Management

BS 25999 - Structure

1 * Part 2, BS 25999-2:2007 Specification for Business Continuity

Management, specified a set of requirements for implementing, operating and improving a BCM

System (BCMS).

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 58: Business Continuity Management

BS 25999 - Other related standards

1 ASIS/BSI BCM.01:2010 Business Continuity Management Systems:

Requirements with Guidance for Use. Published in December 2010 and

developed jointly between ASIS and BSI for North America

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 59: Business Continuity Management

Deloitte & Touche - Services

1 * Audit and risk management|Enterprise Risk Services: Provides the organization's

traditional accounting and audit services, as well as offerings in enterprise risk

management, information security|information security and privacy, data

quality and integrity, project risk, business continuity management, internal auditing

and IT control assurance.[https://www2.deloitte.com/global/en/services/audit.html Assurance Advisory

services]

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 60: Business Continuity Management

ISO 27001:2005

1 # Business continuity management - protecting, maintaining and recovering business-critical

processes and systems

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 61: Business Continuity Management

ISO 27001:2005 - How the standard works

1 * Business continuity management

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 62: Business Continuity Management

Certified Business Continuity Professional

1 'Certified Business Continuity Professional' ('CBCPDisaster Recovery Institute International. Certification CBCP.

https://www.drii.org/certification/cbcp.php (accessed June 3, 2011).') is internationally recognized professional certification issued

by the Disaster Recovery Institute for Business continuity planning|business

continuity management. A certified expert must pass a detailed exam consisting of

ten domains and prove his/hers experience in at least five domains for minimum two

years.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 63: Business Continuity Management

Chief governance officer

1 The heads of several governance-related functions may report to the CGO, including

community relations / public affairs, corporate strategy, business continuity management, business performance

management, compliance management[http://www.lumigent.com/executive_commentaries/189-c-suite-shoot-out-

chief-compliance-officer-v-chief-governance-officer.html Capobianco, JH.

(2010)https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 64: Business Continuity Management

Peter Power (crisis management specialist) - Achievements

1 He is quoted in the UK government guide, A Guide to GIS Applications in Integrated Emergency Management

[http://www.cabinetoffice.gov.uk/media/132769/gis_guide_acro6.pdf A Guide to GIS Applications in Integrated

Emergency Management] and he is the author of many other advice guidebooks including the original UK

government (Department of Trade and Industry) booklet Business Continuity Management - Preventing Chaos in

a Crisis.[http://webarchive.nationalarchives.gov.uk/tna/+/h

ttp://www.dti.gov.uk/mbp/bpgt/m9ba91001/m9ba91001.pdf Business Continuity Management -

Preventing Chaos in a Crisis] On 23 November 1984 Power was trapped with others on the London

Underground during a serious Oxford Circus fire that started at that station and spread along the Victoria line

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 65: Business Continuity Management

Maximum Tolerable Period of Disruption - Definition

1 The MTPOD is also known as maximum acceptable outage

[http://www.riskythinking.com/glossary/maximum_acceptable_outage.php

Definition of Maximum Acceptable Outage in riskythinking.com] and

maximum allowable outage,[http://www.driecentral.org/biains

tructions.pdf Paper on BUSINESS CONTINUITY MANAGEMENT WORKSHOP

at Disaster Recovery Information Exchange (DRIE) Central] in both cases the corresponding acronym is 'MAO'.

https://store.theartofservice.com/the-business-continuity-management-toolkit.html

Page 66: Business Continuity Management

Singapore Expo - Facilities

1 Singex Venues, the management company of Singapore EXPO, is the only MICE company in the world to have dual certification in Business

Continuity Management (awarded by the British and Singapore standards).

https://store.theartofservice.com/the-business-continuity-management-toolkit.html