Today we announced the release of a new white paper, Implementing ISO 22301: The Business Continuity Management System Standard, co-authored by Brian Zawada, Avalution’s Director of Consulting and the Chairman and Head of U.S. Delegation to ISO Technical Committee 223 (the group charged with developing ISO 22301), and Greg Marbais, a Consultant at Avalution. Continue reading
Similar to other management systems standards, ISO 22301 is based on the ‘Plan-Do-Check-Act’ model that seeks to improve – in a continual manner – the effectiveness of the organization’s performance through proficient planning, implementation, supervision, review and maintenance.
As such, it is only proper that we discuss the relationship of ISO 22301 with other management systems standards. The following summary offers a high-level comparison between ISO 22301 and another widely-adopted management systems standard, British Standard (BS) 25999-2 (2007). Continue reading
Guest Post by Barry Cardoza, CBCP
Original Publish Date: September 2012 (before ISO 22313 was published)
For those who had hoped (as I had) that the final version of the International Organization for Standardization’s ISO 22301 would be the comprehensive and very detailed replacement for BS 25999 parts 1 and 2, giving clear instructions regarding how to actually create the elements of a Business Continuity Program, it is definitely not that. In reality, it is replacing BS 25999-2, which will no longer be published after November of 2012, and it does provide very valuable guidance for an organization as it relates to the elements of a best practice-oriented business continuity management system; it’s just “different” in its purpose and scope than what many business continuity professionals might have expected. Continue reading
Standards…ugh! Even though the business continuity profession appears to be paying some attention to the topics of standards development and organizational certification, you may be tempted to skip over these articles and ignore the opportunity to review new or revised standards when released (especially if you feel organizational certification isn’t right for your organization). However, many reasons exist as to why all organizations (and BC practitioners) should not only pay attention to standards, but also seek opportunities to incorporate applicable elements of them into their programs to improve performance and enhance credibility. Continue reading
Many organizations struggle to define the best method to meet business expectations regarding information technology (IT) recovery. ISO 27031 provides guidance to business continuity and IT disaster recovery professionals on how to plan for IT continuity and recovery as part of a more comprehensive business continuity management system (BCMS). The standard helps IT personnel identify the requirements for Information and Communication Technology (ICT) and implement strategies to reduce the risk of disruption, as well as recognize, respond to and recover from a disruption to ICT. Continue reading
The introduction of ISO 22301 (Societal security – Requirements – Business continuity management system) more closely aligns business continuity to the broader risk management discipline. A major contributor to this alignment is the standard’s requirement to understand the organization’s “risk appetite” (a term not used in BS 25999). Continue reading
As Posted in the Digital Edition of Continuity Insights Magazine
Admittedly, I wrote this article to better get my mind around the swirling debate regarding the concept of organizational resilience and what it means – or better yet, what it should mean – to business continuity, risk management and security professionals. I am a member of the US Technical Advisory Group to ISO Technical Committee (TC) 223, which is charged with developing the ISO 22323 standard (Societal Security — Management system for resilience in organizations — requirements and guidance for use). Continue reading
Online Exclusive – as published on drj.com | Updated June 2012
[EDITOR'S NOTE – Brian Zawada is a member of the US Technical Advisory Group to ISO Technical Committee 223. Zawada participated in the 2011 and 2012 meetings as a member of Working Group 4, the team charged with developing ISO 22301, 22313 and 22323.]
There are numerous articles and conversations currently taking place regarding ISO 22301 and ISO Technical Committee (TC) 223 in general – some based on fact, but many based on assumption and rumor. So, what’s the real story on ISO 22301 and the work being performed related to societal security?
The purpose of this article is to provide updated information to help business continuity professionals better understand the ISO TC 223 standards development efforts underway and when to expect final work product that can help your organization better prepare for disruption. Continue reading