WHAT IS ISO 22317?
The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, has released its latest document: ISO 22317 – Societal Security – Business Continuity Management Systems – Business Impact Analysis, the first and only international standard solely addressing the business impact analysis (BIA).
ISO 22317 was officially published on September 17, 2015.
There are a few important points to understand before reading ISO 22317: Continue reading
SETTING THE STAGE
This morning was a non-eventful morning. I was sitting in my office, sipping on my coffee, and working on my monthly reports. Then, the manager of our office building entered our lobby.
The Michael Brelo case is nearing an end. Closing arguments have been heard and a verdict is expected shortly. The question is, when?
Our building manager was concerned, and rightfully so.
Our office is located directly across the street from the justice center where the case is taking place. Just a couple weeks ago, we sat witness to the riots and devastation in Baltimore, and, from our ongoing monitoring of the situation and media this week, our team is aware that the City of Cleveland is actively bracing for the possible impact and chaos that could result when the verdict is announced. Continue reading
Appendix J: Strengthening the Resilience of Outsourced Technology Services
The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet, which is one in the series of booklets that comprise the larger Information Technology (IT) Examination Handbook.
This article provides an overview of Appendix J and discusses the confirmed importance that continuity planning isn’t limited to just your organization; rather, it extends to all outsourced and supplier relationships as well. Continue reading
This post is part of the Business Continuity Awareness Week (BCAW) 2015 flashblog. To learn more about The BCI and BCAW 2015, visit the website or follow the discussion on Twitter via #BCAW2015 and #TestingTimes.
Exercising. Whether you’re talking about hitting the gym or testing your business continuity strategies and plans, I’ve come to find that no one likes hearing this word. The typical reaction and excuses are similar, too: I don’t have the time; I have better things to do; I just don’t see the value.
Well, okay… the last one pertains a bit more to business continuity, but I’m sure you get my point. Continue reading
You’ve all seen the news – the sometimes (perhaps often) inaccurate and exaggerated presentation of ‘facts’ and race for ratings has started. We’re by no means downplaying the seriousness of the situation – Ebola is extremely serious and should be treated as such. However, causing panic isn’t going to do anyone any good. Rather, a focus on knowledge building, preparedness, and communication with stakeholders, senior management, and employees should be your top priorities right now.
As such, the sole intent of this article is to provide guidance on what actions business continuity professionals should be taking at this point, as well as resources to better understand the situation. Continue reading
Business continuity planning is inherently cross-functional with a necessity to address risks to an organization’s product and service offerings, as well as the resources necessary to meet obligations. As organizations increasingly rely on a global network of suppliers and service providers, business continuity practitioners have the responsibility to understand and analyze these relationships and lead strategy identification efforts to protect their organization when faced with a third-party disruption.
Developing and implementing business continuity strategies and risk treatment options related to third parties can be a difficult endeavor because strategies may seemingly contradict an organization’s strategic efforts to leverage single-source suppliers, make supply chains “lean”, and reduce stored inventory levels. However, business continuity practitioners must provide top management with the information needed to balance strategic initiatives with the need to reduce single points of failure and protect an organization should a resource become unavailable.
This perspective discusses the tools available to identify and document third-party resources and methods by which risks can be presented to top management for review and action. Continue reading
Part of Avalution’s Conforming to ISO 22301 Series
This perspective takes a look at ISO 22301’s requirement for documentation, which includes documented processes and procedures, as well as evidence of business continuity planning execution. The content found in this perspective is specifically based on lessons learned from our ISO 22301 certification audit (which Avalution completed successfully in the spring of 2013). Continue reading
Today we announced the release of a new white paper, Implementing ISO 22301: The Business Continuity Management System Standard, co-authored by Brian Zawada, Avalution’s Director of Consulting and the Chairman and Head of U.S. Delegation to ISO Technical Committee 223 (the group charged with developing ISO 22301), and Greg Marbais, a Consultant at Avalution. Continue reading
Guest Post by Barry Cardoza, CBCP
Original Publish Date: September 2012 (before ISO 22313 was published)
For those who had hoped (as I had) that the final version of the International Organization for Standardization’s ISO 22301 would be the comprehensive and very detailed replacement for BS 25999 parts 1 and 2, giving clear instructions regarding how to actually create the elements of a Business Continuity Program, it is definitely not that. In reality, it is replacing BS 25999-2, which will no longer be published after November of 2012, and it does provide very valuable guidance for an organization as it relates to the elements of a best practice-oriented business continuity management system; it’s just “different” in its purpose and scope than what many business continuity professionals might have expected. Continue reading
Why “Chicken Little” and “Black Swan” Planning is NOT the Way to Respond to Recent Catastrophic Events
It seems that every week, there’s a story in the news about a catastrophic disaster happening somewhere in the world. The last five to ten years have seen what appears to be unprecedented numbers of global natural disasters, leaving some to wonder if the whole 2012 end of days conspiracy theorists are perhaps onto something. While it might seem like the world is ending, overacting to these events or trying to plan for every worst case scenario is not productive and could DAMAGE your business continuity program. This article will discuss why focusing on these types of outlier events do not generate value or management interest, as well as discuss ways you CAN tweak your risk assessment and planning to ultimately gain more value without trying to tackle impossible planning standards. Continue reading