everbridge webinar - the new corporate iso 22301 bc standard

35
The New Corporate ISO 22301 BC Standard: Standard: What It Takes To Comply Robert C. Chandler, Ph.D. Di t Ni h l Sh l fC i ti Director, Nicholson School of Communication

Upload: everbridge-inc

Post on 19-Jan-2015

2.004 views

Category:

Business


1 download

DESCRIPTION

If your organization’s business continuity program was audited, would you survive the scrutiny? Understanding the communication requirements of the new ISO 22301 standard will help you assess how prepared you really are. As a new international standard, ISO 22301 will provide guidance for organizations on how to define, improve, and maintain their business continuity program. Businesses of any size or shape can benefit from learning how to fortify their plans to meet this new standard. Join crisis communications expert Dr. Robert Chandler as he reviews the communication requirements in this draft international document, where it came from and what you should do about it now. What you will learn: • The standards on which ISO 22301 is based • What this means for your current business continuity communications plan • How to improve your plan to withstand audit and review

TRANSCRIPT

Page 1: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The New Corporate ISO 22301 BC Standard:Standard: What It Takes To ComplyRobert C. Chandler, Ph.D.Di t Ni h l S h l f C i tiDirector, Nicholson School of Communication

Page 2: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

About Everbridge• The Global Leader in incident notification

systems

• Fast growing global company with• Fast-growing global company with more than 1,500 clients in more than 100 countries

• Serve the Global 2000 healthcare• Serve the Global 2000, healthcare systems, state and local government, federal government, military, financial services firms, and universities

• 100% focused on incident notification solutions that merge technology and expertise

2

Page 3: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Agenda

Part 1: Presentation• The standards on which ISO 22301 is basedThe standards on which ISO 22301 is based• What this means for your current business continuity

communication plan • How to improve your plan to withstand audit and

review

Part 2: Q&A

3

Page 4: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The New Corporate ISO

Bracing for the 2010 Hurricane Season

The New Corporate ISO 22301 BC Standard: What It Takes To Comply

Hurricane SeasonDr. Robert ChandlerUniversity of Central FloridaUniversity of Central Florida

Page 5: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Do ISO standards really matter?

• Over a million organizations worldwide are independently certified making ISO 9001 one of theindependently certified, making ISO 9001 one of the most widely used management tools in the world today.

• In addition to several stakeholders’ benefits, a number of studies have identified significant financial benefits for organizations certified to ISOfor organizations certified to ISO.

• Studies also indicate that certified organizations gachieved superior return on assets compared to otherwise similar organizations without certification.

Page 6: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

BS 25999-2 was the beginning

• In November 2006, the first draft of BS 25999 was published in the British Standards Institution finallypublished in the British Standards Institution, finally providing a necessary structure to processes, principles and terminology for business continuity.

• The second draft was published in November, 2007.

• Targeted stakeholder assurance of BC plans in place• Targeted stakeholder assurance of BC plans in place.

• Will be withdrawn when ISO 22301 is finalized

6

Page 7: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The standard evolves with ISO 22301

• Greater emphasis on setting the objectives, monitoring performance and metricsperformance and metrics.

• Clearer expectations on management.

• Requires more careful planning for and preparing the resources needed for ensuring business continuity.

• An international standard appeals to top management of any organization.

7

Page 8: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The main differences between BS25999 2 d ISO 22301?

• Communication:

BS25999-2 and ISO 22301?

Communication:The requirements for business continuity plans, including response procedures and recovery plans, are much more detailed too - e.g. the communication part

• Monitoring performance:Requirement for BCM/BCMS Metrics e g BIA update frequencyRequirement for BCM/BCMS Metrics e.g. BIA update frequency, number of plans, number of exercises completed, etc

• Operational planning and control:• Operational planning and control:Emphasis on operational planning and setting controls for the BCMS

Page 9: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

The shift from BCMS to PCMS

• BCMS (Business Continuity Management System) vs PCMS (Preparedness and Continuityvs PCMS (Preparedness and Continuity Management System)

• An emphasis on preparedness is now integrated• An emphasis on preparedness is now integrated in terminology.

• Preparedness includes:• Preparedness includes:• Creating policies and actions.• Controlling and measuring an organization’s risks.• Monitoring and reviewing progress• Monitoring and reviewing progress.• Implementing continual improvement based on measurement

Page 10: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

ISO 22301 anticipated timeline

• The standard, entitled “Societal security - Business ti it t t R i t ” icontinuity management systems – Requirements” is

currently on to the Final Draft International Standard (FDIS) stage.( ) g

• The draft now needs a two-thirds majority of a yes or no vote (with less than one-third of the total vote (being negative) by the TC233 committee for the standard to be published.

• The earliest that the standard will be published is the end of 2011 but 2012 may be more likely.

Page 11: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Let’s highlight a few of the i ti t f ISO 22301

• Section 8 5 3

communication aspects of ISO 22301

• Section 8.5.3

• The organization shall establish, implement and maintain procedures for:and maintain procedures for:c) internal communication between the various levels

and functions within the organization;

d) external communications with partner organizations and other stakeholders;

Everbridge AwareSingle-step to send to all of your

11

Single step to send to all of your internal contacts and external partners and constituents

Page 12: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Let’s highlight a few of the i ti t f ISO 22301

• Section 8 5 3

communication aspects of ISO 22301

• Section 8.5.3

• The organization shall establish, implement and maintain procedures for:and maintain procedures for:e) receiving, documenting and responding to

communication from other stakeholders;

h) assuring availability of means of communication during a disruptive incident;

Everbridge AwareReceive 2-way real-time feedback on

12

Receive 2 way, real time feedback on notifications. Bullet proof infrastructure with 99.99% availability.

Page 13: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Let’s highlight a few of the i ti t f ISO 22301

• Section 8 5 3 cont’d

communication aspects of ISO 22301

• Section 8.5.3 cont d

• The organization shall establish, implement and maintain procedures for:and maintain procedures for:

i) facilitating structured communication with emergency responders;

j) assuring the interoperability of multiple responding organizations and personnel;

k) recording of vital information aboutk) recording of vital information about the incident, actions taken and decisions made; and Everbridge Aware

Pre-planned structured messages

13

Pre planned structured messagesCommunicate across all device typesRobust real-time reporting and results

Page 14: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Let’s highlight a few of the i ti t f ISO 22301

• Section 8 5 3 cont’d

communication aspects of ISO 22301

• Section 8.5.3 cont d

• The organization shall establish, implement and maintain procedures for:and maintain procedures for:l) operations of a communications facility.

• The communication and warning system shall be regularly exercised

Everbridge AwareENS system is core component of

14

ENS system is core component of every communication facility. Easy and cost-effective to test regularly.

Page 15: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Let’s highlight a few of the i ti t f ISO 22301

• Section 8 5 4

communication aspects of ISO 22301

• Section 8.5.4

• The organization shall nominate incident response personnel with the necessary responsibilitypersonnel with the necessary responsibility, authority and competence to manage an incident.

• The organization shall establish an incident• The organization shall establish an incident response structure that provides for personnel to: b) trigger an appropriate response;

c) have processes and procedures for the activation, operation, coordination and communication

Everbridge AwareFacilitates the response process

15

coordination and communication of the incident response;

Facilitates the response process.Easy to incorporate your communication processes into the system

Page 16: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Let’s highlight a few of the i ti t f ISO 22301communication aspects of ISO 22301

• Section 8 5 4• Section 8.5.4

• The organization shall nominate incident response personnel with the necessary responsibilitypersonnel with the necessary responsibility, authority and competence to manage an incident.

• The organization shall establish an incident

d) have resources available to support

• The organization shall establish an incident response structure that provides for personnel to:

) ppthe processes and procedures to manage an incident; and

e) communicate with stakeholders

Everbridge AwareProvides the central infrastructure to

16

e) communicate with stakeholders. Provides the central infrastructure to communicate with stakeholders

Page 17: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Here are communication tips to enhance li ith i tyour compliance with requirements…

Page 18: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Communication priorities to improve your l d h liplan and enhance compliance

1. Optimal timing

2. Message content2. Message content

3. Maintain control

4. Transparency

5. Optimal delivery channels

Page 19: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Reaction time

Factors that affect reaction time include:• RecognitionRecognition

• Choice

• Number of stimuli

• Fatigue

• Reasoning

• Remembering

• Imagining

• Learning

19

Page 20: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Situation awareness

• Situation awareness is “knowing what is going on so you can figure out what to do”*going on so you can figure out what to do

• To function in a crisis, people need to have answers to:have answers to:

• What is happening?

Wh i it h i ?• Why is it happening?

• What will happen next?

• What can I do about it?

20*Wikipedia

Page 21: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Is your communication plan fortified?

Effective crisis communication includes just the right t f i f ti b tamount of information, but…

• What constitutes the right amount of information?

• How much information is enough?

• How much is too much?

Page 22: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

1. Underloading or overloading messages

Balance ideas, information, and words the context of a crisisthe context of a crisis.

Page 23: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

2. Not testing messages

Test content, tone, and comprehension with focus groups.

Page 24: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

3. Sending mixed messages

Create messages that are accurate, consistent, and reinforce each other.

Page 25: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

4. Poorly-timed messages

Avoid too-early or too-late messages. Plan ahead and act quickly to communicate during the short window whenduring the short window when people are most receptive.

Page 26: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

5. Wrong delivery channels

Account for changes to common communication channels due to quarantine, illness, and other pandemic effectspandemic effects.

Page 27: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

6. Mismatched messages

Create and send authoritative, accurate forthright messagesaccurate, forthright messages. Do not downplay risks or threats. Correct misinformation swiftly.

Page 28: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

7. Failure to understand your audience

Understand and adapt messaging to your audience’s comprehension levels and motivations. Avoid jargon and sophisticated conceptsconcepts.

Page 29: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Pitfalls to avoid in your messaging audit

8. Lack of transparency

Provide factual, accurate information. Remember that people have a right to know the risks and consequences.

Page 30: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Discussion continues…

• Twitter: @ISO22301@ISO22301

• LinkedIn: http://www.linkedin.com/groups/ISO22301-3931836p g p

• Download the draft:http://www.iso.org/iso/iso_catalogue/catalogue_tc/ct l d t il ht ? b 50038atalogue_detail.htm?csnumber=50038

30

Page 31: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

It’s your choice!

• Your organization can choose how important it i t tifit is to certify.

• Weigh the impact or advantages/disadvantages of certification on your organizationof certification on your organization.

• More research is recommended to understand the full implications of ISO 22031 in your situationfull implications of ISO 22031 in your situation.

31

Page 32: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Incident Notification

Marc LadinChief Marketing Officer, Everbridge

32

Page 33: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Incident notification solutions address common communication challengescommon communication challenges

• Communicate quickly easily and • Reduce miscommunication and• Communicate quickly, easily, and efficiently with large numbers of people in minutes, not hours, making sure that the lines of communication

• Reduce miscommunication and control rumors with accurate, consistent messages

are open

• Receive feedback from your messages by using polling

• Satisfy regulatory requirementswith extensive and complete

ti f i ti tt tmessages by using polling capabilities

• Ensure two-way communication

reporting of communication attempts and two-way acknowledgements from recipients

Ensure two way communicationto get feedback from message receivers

• Deliver refined, prepared , timedmessages to each pre-designated audience group, by scenario

33

Page 34: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Key evaluation criteria for an incident notification systemnotification system

• Experience and expertise

• Ease of useEase of use

• Ability to reach all contact paths, including voice email native SMSincluding voice, email, native SMS (over SMPP and SMTP), IM, and more

• Ease of integration

3434

Page 35: Everbridge Webinar - The New Corporate ISO 22301 BC Standard

Contact informationCommunication resourcesUpcoming webinars:Business Case Demo (August 25)www everbridge com/webinars

Robert C. Chandler, Ph.D.h dl@ il f d

www.everbridge.com/webinars

White papers, literature, case studieswww.everbridge.com/resources

[email protected]

Follow us:

blog.everbridge.comtwitter.com/everbridgefacebook.com/everbridgeinc

Marc [email protected] 818 230 9700

youtube.com/user/everbridge

1.818.230.9700

ReminderEverbridge Insights webinars qualify for Continuing Education Activity Points (CEAPs) for DRII certifications. Visit www.drii.orgto register your credit.

Item Number (Schedule II): 26.3Activity Group: A1 Point for each webinar