Program Roles & Responsibilities in a Business Continuity Management System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the seventh in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process. Continue reading

Challenges in Implementing a Successful Business Continuity Program

Congratulations! You’ve started your business continuity planning effort—sometimes, that’s the hardest part. Now, you’re working diligently on your organization’s business continuity program, but it’s not delivering the results you had hoped. You’re performing a business impact analysis (BIA) and risk assessment, documenting plans, and socializing the next steps for your program, but it’s not progressing like you would expect or maybe it doesn’t have the capability your organization needs. So, what can you do?

This perspective outlines the common challenges organizations face when implementing a business continuity program that meets response and recovery expectations, and offers solutions that business continuity managers can pursue to address these challenges. Continue reading

How to Establish an Early Warning System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.

Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading

Using Lessons Learned in the Evaluation of Business Continuity Procedures

Part of Avalution’s Conforming to ISO 22301 Series

The management system approach to business continuity requires a culture of continual improvement in business continuity programs.  One of the key steps in facilitating continual improvement is to regularly evaluate existing business continuity procedures.  This perspective takes a closer look at Clause 9.1.2, ISO 22301’s requirement for evaluation of business continuity procedures.  Continue reading

Internal Audit – Protecting Your Investment in ISO 22301

Part of Avalution’s Conforming to ISO 22301 Series

This perspective takes a look at Clause 9.2, ISO 22301’s requirement for internal audit, defined as an independent assessment that provides management with feedback regarding the performance of the management system. The content found in this perspective is specifically based on lessons learned from our ISO 22301 certification audit (which Avalution completed successfully in the Spring of 2013). Continue reading

Why Documentation Is So Much More Than Just Documents

Part of Avalution’s Conforming to ISO 22301 Series

This perspective takes a look at ISO 22301’s requirement for documentation, which includes documented processes and procedures, as well as evidence of business continuity planning execution.  The content found in this perspective is specifically based on lessons learned from our ISO 22301 certification audit (which Avalution completed successfully in the spring of 2013). Continue reading

How to Perform Effective Management Reviews

Part of Avalution’s Conforming to ISO 22301 Series

This perspective takes a look at one element of Clause 9.3, the management review (a process that Avalution feels is one of the most valuable elements of ISO 22301). Continue reading

Does Your Business Continuity Management System Have “Issues”?

Part of Avalution’s Conforming to ISO 22301 Series

ISO 22301 is the first standard to employ the new ISO format for management systems standards, which involves a considerable amount of “templatized” management system content across ten clauses.  Because this format, language, and many of the requirements are new to most business continuity professionals, it’s important to review and consider the intent associated with some of the content and concepts. Continue reading

Bridging the Business Continuity and IT Disaster Recovery Gap

Increasing Coordination Between the Business and IT in Preparedness Activities

One of the most common questions we receive at Avalution is, “How can my organization increase coordination between different groups performing preparedness activities, specifically ‘the business’ and IT?”  We have seen many organizations’ business and IT teams struggle to come to an agreement on common requirements, such as application recovery time objectives (RTOs) and data loss tolerances (RPOs).  The business tends to complain that IT does not listen to their recovery requirements, while IT tends to complain that the business is far too aggressive and unrealistic on recovery requirements.  This article provides recommendations on how the business and IT can work more seamlessly toward the “right” level of preparedness for your organization. Continue reading

Implementing ISO 22301: The Business Continuity Management System Standard

Implementing ISO 22301Today we announced the release of a new white paper, Implementing ISO 22301: The Business Continuity Management System Standard, co-authored by Brian Zawada, Avalution’s Director of Consulting and the Chairman and Head of U.S. Delegation to ISO Technical Committee 223 (the group charged with developing ISO 22301), and Greg Marbais, a Consultant at Avalution. Continue reading