This perspective provides an overview of the Business Continuity Institute’s Professional Practice 6 (PP6) – Validation, which is the professional practice that “confirms that the Business Continuity Management (BCM) program meets the objectives set in the Business Continuity Policy and that the organization’s BCM program is fit for purpose”. Business continuity practitioners should perform validation activities after documenting response and recovery plans for their organizations (for more on planning, read our perspective on PP5 – Implementation). Continue reading
This perspective provides an overview of the Business Continuity Institute’s Professional Practice 5 (PP5) – Implementation, which is the professional practice that “executes the agreed strategies and tactics through the process of developing the Business Continuity Plan (BCP)”. As part of the business continuity planning lifecycle, Implementation activities continue following strategy selection in PP4, with the goal of documenting business continuity plans that aid the organization in recovery at the strategic, tactical, and operational levels. Continue reading
This article provides an overview of Professional Practice 4 (PP4) – Design, which is the professional practice that “identifies and selects appropriate strategies and tactics to determine how continuity and recovery from disruption will be achieved”. Strategy design activities are essential to translate outputs gathered during the analysis phase into actionable strategies that the organization can implement and refine over time to improve the ability to respond and recover from a disruption. Continue reading
This article provides an overview of GPG Professional Practice 3 (PP3) – Analysis, which is the professional practice that “reviews and assesses an organization in terms of what its objectives are, how it functions, and the constraints of the environment in which it operates”.
PP3 introduces and addresses the business impact analysis (BIA) as a primary means of analysis, leading to appropriate business continuity requirements. PP3 identifies the following beneficial outcomes from the BIA: Continue reading
The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, has released its latest document: ISO 22317 – Societal Security – Business Continuity Management Systems – Business Impact Analysis, the first and only international standard solely addressing the business impact analysis (BIA).
ISO 22317 was officially published on September 17, 2015.
There are a few important points to understand before reading ISO 22317: Continue reading
This article reviews GPG Professional Practice 2 (PP2): Embedding Business Continuity and explains why embedding business continuity into your organization is important for driving success, describes best practices for embedding business continuity into day-to-day activities, and provides a brief case study highlighting the benefits of this practice.
PP2 outlines a number of techniques on how to embed business continuity into the organization. Specifically, the BCI separates PP2 into the following topics: Continue reading
This article provides an overview of GPG Professional Practice 1 (PP1) – Policy and Program Management, the first of the six professional practices, and discusses the importance and recommendations in establishing the foundation for a repeatable and scalable business continuity program.
PP1 outlines a number of activities that organizations should consider completing before performing business continuity planning activities (business impact analysis through exercising): Continue reading
The Business Continuity Institute (BCI) publishes the Good Practice Guidelines (GPGs), which is a compilation of six professional practices that provide guidance to business continuity practitioners on implementing and maintaining a business continuity program. While the BCI GPGs generally align with ISO 22301, which provides high-level guidance on establishing a business continuity management system, the Practices actually enhance ISO 22301 by answering the “why” and “how” of establishing a program. Continue reading
One of the most challenging management system activities that business continuity professionals need to execute (outside of coordinating actual recovery following a disruptive incident) is developing meaningful business continuity program metrics. ISO 22301 does not tell practitioners how to craft meaningful metrics, only that we need to have and share them with management for feedback.
Many business continuity professionals experience challenges with their programs: Continue reading
This perspective is the eighth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.
Today we’re going to take a look at ISO 22301’s requirements regarding corrective actions.