iso22313: your ultimate guide for establishing a business ... · pdf fileiso22313: your...
TRANSCRIPT
ISO22313: Your Ultimate Guide for Establishinga Business Continuity Management SystemBy Mr Peck Eing SengSenior Consultant, Business Continuity Planning Asia Pte. Ltd.
Peck Eing Seng Senior Consultant | Business Continuity Planning Asia
Pte. Ltd.
Certified BCM professional by the Business ContinuityInstitute (BCI) with 7 years experience in BusinessContinuity.
More than 6 years experience in project management,ranging from a production environment to a serviceprovider environment, handling projects that involvedboth internal and external users.
Project lead for BCP Asia’s IT-DRP program thatcovers design, implement and activation of therecovery plan. The plan is then embedded to part ofBCP Asia’s BC management that eventually achievesISO 22301 certification.
BCM Standards and GuidelinesUnited Kingdom
• British Standards Institution (BSI):BS25999 Business ContinuityManagement
• The Business Continuity Institute (BCI):Business Continuity Management GoodPractice Guidelines, 2010
Singapore
• SPRING Singapore: Singapore Standard for BusinessContinuity Management, SS 540 : 2008
• Monetary Authority of Singapore (MAS): BusinessContinuity Management Guidelines, June 2003 (lastupdated in Jan 2006)
other Countries
China:• 国务院信息化工作办公室:
China IT DR Guidelines, April 2005
• Hong Kong Monetary Authority (HKMA):A Guidance Note on Business ContinuityPlanning, 2nd December 2002
India:• Reserve Bank of India: guidelines to
all scheduled banks in India, August2006
Japan:• Ministry of Economy, Trade and Industry:
BCP Guidelines , 31st March 2005
Malaysia:• Standards Malaysia: Malaysian Standard MS 1970
Business Continuity Management-Framework• Bank Negara Malaysia: ‘Guidelines on Business
Continuity Management (BCM) for Banking Institutions
Thailand:• Bank of Thailand: ‘Guideline on Business
Continuity Management (BCM) and Preparation ofBusiness Continuity (BCP) of Financial Institution’
Indonesia:• Bank Indonesia: Peraturan Bank Indonesia
no.9/PBI/15/2007
Australia and New Zealand• Standards Australia, Standards New Zealand:
AS/NZS 5050:2010 Business Continuity -Managing disruption- related risk
United States• ASIS International and BSI: ASIS/BSI
BCM.01-2010 BCMS: Requirements withGuidance to Use (approved byANSI as American National Standard on 2November 2010)
BCM Standards and Guidelines
ISO 22301 : 2012
• Societal security – Business continuity management systems –Requirements
• Published by ISO
• Published on 15 May 2012
• Accepted worldwide
• Organisations can attain certification
General Information
ISO 22301 is
generic in its application and
suitable for organisations of any size
from any sector of the economy sectors
ISO 22301 : 2012General Information
Business continuity standardization evolves with ISO 22301 byadding:
Greater emphasis on setting the objectives, monitoringperformance and metrics;
Clearer expectations on management;
More careful planning for and preparing the resourcesneeded for ensuring business continuity.
ISO 22301 : 2012General Information
What is ISO 22313?
Clarify the intent of the requirements and providing explanationsand examples.
Direct correlation between the clauses in the requirements andguidance.
Provides additional information
ISO 22313 : 2012General Information
ISO 22301 ISO 22313
is the International Standard onSocietal Security - BusinessContinuity Management Systems,
is the guidance document to supportISO 22301,
published in 15 May 2012. published in 12 December 2012.
It is the specification documentagainst which organisations will seekcertification.
It shows examples and proposals onthe methods to comply with the ISO22301.
with very few Diagrams and noexplanations on examples orreferences to best practices.
essentially lists the auditablenecessities, tells you the “how-to”.
ISO 22301 vs ISO 22313Comparison
What are the benefits ofusing ISO 22313?
The standard is divided into 10 main sections, starting with
Clause 1 - Scope, Clause 2 - Normative references, Clause 3 - Terms and definitions.
Following these are the standard’s requirements
ISO 22313 : 2012Contents
Establish (Plan)
Maintain & Improve(Act)
Monitor & Review (Check)
Implement &Operate (Do)
• Clause 4, 5, 6, 7
• Clause 8
• Clause 9
• Clause 10
PDCA and the ISO22301 and ISO22313 Clauses
ISO 22313 : 2012
ISO 22313 : 2012
Clause 4- Context of the Organisation
• Know the organization, both Internal and External needs.
• Consider the needs and requirements of Interested parties.
• Operate within the framework of the Legal and Regulatoryrequirements.
• Determine the Scope of the BCMS
ISO 22313 : 2012
Clause 5- Leadership
• Emphasis on the need for appropriate BCM Leadership andManagement commitment.
• Management defines the Business Continuity policy.
• Ensure the Assignment and Communication of Responsibilities andAuthorities.
ISO 22313 : 2012
Clause 6- Planning
• Requires the organization to Identify risks toimplementation of the management system.
• Set Business Continuity Objectives.
ISO 22313 : 2012
Clause 7- Support
• Resources required for implementation BCMS.
• Introduces the important concept:
Competence
Awareness
Communicating
Documentation information
ISO 22313 : 2012
Clause 8- Operations
This section contains the main body of business continuity specificexpertise.
1. Operational Planning and Control
2. Business Impact analysis and Risk assessment
3. Business Continuity Strategy
4. Establish and implement Business Continuity Procedures
5. Exercise and Testing
ISO 22313 : 2012
Clause 9- Performance Evaluation
• Evaluate Performance against the plan.
• Monitoring, Measurement, Analysis and Evaluation Internal audit and Management review
ISO 22313 : 2012
Clause 10- Improvement
• Nonconformity and Corrective action
• Continual improvement
Summary
ISO 22301 Certified
ISO 22313 follows the latest best practice for business continuity.
Chapters in both ISO 22301 and ISO 22313 are the same.
Facing issues understanding ISO 22301 and need additionalbackground and more detailed explanation, refers to ISO 22313.
Summary
Contact Us
BUSINESS CONTINUITY PLANNING ASIA PTE LTDThe leading provider of training and consultancy in Business Continuity, Crisis Management,
Disaster Recovery & Enterprise Risk Management
1 Commonwealth Lane #08-27 One Commonwealth Singapore 149544
Call (65) 63252080 Email [email protected] www.bcpasia.com