The Critical Role Analysis Plays in Your Business Continuity Program: An Overview of BCI Professional Practice 3

BCI_GPGs_SeriesThis article provides an overview of GPG Professional Practice 3 (PP3) – Analysis, which is the professional practice that “reviews and assesses an organization in terms of what its objectives are, how it functions, and the constraints of the environment in which it operates”.

PP3 OVERVIEW

PP3 introduces and addresses the business impact analysis (BIA) as a primary means of analysis, leading to appropriate business continuity requirements.  PP3 identifies the following beneficial outcomes from the BIA: Continue reading

Introducing ISO 22317 – The Business Impact Analysis Standard

ISO 22317WHAT IS ISO 22317?

The International Organization for Standardization (ISO) Technical Committee (TC) 292, the committee responsible for writing security, resilience, and business continuity standards, has released its latest document: ISO 22317 – Societal Security – Business Continuity Management Systems – Business Impact Analysis, the first and only international standard solely addressing the business impact analysis (BIA).

ISO 22317 was officially published on September 17, 2015.

There are a few important points to understand before reading ISO 22317: Continue reading

The Importance of Embedding Business Continuity: An Overview of BCI Professional Practice 2

BCI_GPGs_SeriesThis article reviews GPG Professional Practice 2 (PP2): Embedding Business Continuity and explains why embedding business continuity into your organization is important for driving success, describes best practices for embedding business continuity into day-to-day activities, and provides a brief case study highlighting the benefits of this practice.

PP2 OVERVIEW

PP2 outlines a number of techniques on how to embed business continuity into the organization. Specifically, the BCI separates PP2 into the following topics: Continue reading

The Need to Establish Business Continuity Governance: An Overview of BCI Professional Practice 1

BCI_GPGs_SeriesThis article provides an overview of GPG Professional Practice 1 (PP1) – Policy and Program Management, the first of the six professional practices, and discusses the importance and recommendations in establishing the foundation for a repeatable and scalable business continuity program.

PP1 OVERVIEW

PP1 outlines a number of activities that organizations should consider completing before performing business continuity planning activities (business impact analysis through exercising): Continue reading

Introduction: BCI Good Practice Guidelines Series

BCI_GPGs_Series

BACKGROUND
The Business Continuity Institute (BCI) publishes the Good Practice Guidelines (GPGs), which is a compilation of six professional practices that provide guidance to business continuity practitioners on implementing and maintaining a business continuity program. While the BCI GPGs generally align with ISO 22301, which provides high-level guidance on establishing a business continuity management system, the Practices actually enhance ISO 22301 by answering the “why” and “how” of establishing a program. Continue reading

FFIEC Updates Business Continuity Planning Booklet with Appendix J

FFIEC_Appendix_JAppendix J: Strengthening the Resilience of Outsourced Technology Services

The Federal Financial Institutions Examination Council (FFIEC) recently released an updated a version of its Business Continuity Booklet, which is one in the series of booklets that comprise the larger Information Technology (IT) Examination Handbook.

This article provides an overview of Appendix J and discusses the confirmed importance that continuity planning isn’t limited to just your organization; rather, it extends to all outsourced and supplier relationships as well. Continue reading

Sources of Corrective Actions

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the eighth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.

Today we’re going to take a look at ISO 22301’s requirements regarding corrective actions.

Continue reading

Program Roles & Responsibilities in a Business Continuity Management System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the seventh in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process. Continue reading

How to Establish an Early Warning System

Part of Avalution’s Conforming to ISO 22301 Series

This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.

Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading

Using Lessons Learned in the Evaluation of Business Continuity Procedures

Part of Avalution’s Conforming to ISO 22301 Series

The management system approach to business continuity requires a culture of continual improvement in business continuity programs.  One of the key steps in facilitating continual improvement is to regularly evaluate existing business continuity procedures.  This perspective takes a closer look at Clause 9.1.2, ISO 22301’s requirement for evaluation of business continuity procedures.  Continue reading