In many ways, this “top five” list is aspirational – that being my hopes for our profession as we solve some entrenched challenges and work to add more value to the organizations we serve. Continue reading
As published in the Summer 2016 Issue of the Disaster Recovery Journal – Volume 29, Number 3.
One of the latest threats to organizations is something termed “ransomware”. Commonly defined as a type of malware that blocks access to an application and its data until the victim pays a predetermined amount of money. You may have read about two recent attacks, one targeting the Hollywood Presbyterian Medical Center and the other targeting MedStar. If you haven’t heard about these two attacks, perhaps you can pause for a minute and do a quick Google search to learn more. And, after you do, I have a question for you to consider:
If your organization hasn’t already prepared for this type of threat (ransomware or malware in general), who owns planning for it or preparing contingencies addressing the affected resources?
This article discusses some of the threats and risks that are currently top-of-mind for executive managers and why resilience-related thinking is so important, as well as the different roles that the business continuity professional can perform to add value. Continue reading
So, you’ve just been assigned responsibility of your organization’s business continuity program.
I’m sure many thoughts are running through your head right now, ranging from “What is business continuity?” to “What do I need to do first?” (among others). However, you’re in the right place to find answers to these questions, and many more. Continue reading
Although plan documentation isn’t the only business continuity planning outcome, and absolutely should not be the sole focus during a program assessment, it’s certainly an important one. Plans are one of the first things customers and auditors ask to review because these documents should summarize the response and recovery approach used by the business following the onset of a disruptive incident, as well as a summary of the resources needed to deliver products and services. If asked to evaluate a plan, what’s the best approach, and what elements and content should you expect to see? The purpose of this perspective is to outline a simple, straightforward plan assessment approach. Continue reading
This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.
Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading
ISO 22301 is the first standard to employ the new ISO format for management systems standards, which involves a considerable amount of “templatized” management system content across ten clauses. Because this format, language, and many of the requirements are new to most business continuity professionals, it’s important to review and consider the intent associated with some of the content and concepts. Continue reading
Similar to other management systems standards, ISO 22301 is based on the ‘Plan-Do-Check-Act’ model that seeks to improve – in a continual manner – the effectiveness of the organization’s performance through proficient planning, implementation, supervision, review and maintenance.
As such, it is only proper that we discuss the relationship of ISO 22301 with other management systems standards. The following summary offers a high-level comparison between ISO 22301 and another widely-adopted management systems standard, British Standard (BS) 25999-2 (2007). Continue reading
As Posted in the Digital Edition of Continuity Insights Magazine
Admittedly, I wrote this article to better get my mind around the swirling debate regarding the concept of organizational resilience and what it means – or better yet, what it should mean – to business continuity, risk management and security professionals. I am a member of the US Technical Advisory Group to ISO Technical Committee (TC) 223, which is charged with developing the ISO 22323 standard (Societal Security — Management system for resilience in organizations — requirements and guidance for use). Continue reading
I recently read a column in the Disaster Recovery Journal where the editor interviewed John Copenhaver regarding Standards, Resilience and the Future of Business Continuity Management (BCM). John made the following statement when asked about the importance of standards:
“However, while these things matter [how to get the attention of top management, what methodologies to use, what the right terminology is and so on], they are not necessarily the root cause of why we as a profession are not as effective as we might be. I think that there are deeper problems to address, such as what does effective BCM looks like, where is the discipline heading and where will it be in five years time?”
I thought the question regarding “what does effective BCM look like” was intriguing. It’s such a basic question, but, as I continued to think about it, I could see why a simple answer isn’t that easy to give. Continue reading
Online Exclusive – as published on drj.com | Updated June 2012
[EDITOR’S NOTE – Brian Zawada is a member of the US Technical Advisory Group to ISO Technical Committee 223. Zawada participated in the 2011 and 2012 meetings as a member of Working Group 4, the team charged with developing ISO 22301, 22313 and 22323.]
There are numerous articles and conversations currently taking place regarding ISO 22301 and ISO Technical Committee (TC) 223 in general – some based on fact, but many based on assumption and rumor. So, what’s the real story on ISO 22301 and the work being performed related to societal security?
The purpose of this article is to provide updated information to help business continuity professionals better understand the ISO TC 223 standards development efforts underway and when to expect final work product that can help your organization better prepare for disruption. Continue reading