I am a member of the US Technical Advisory Group to ISO Technical Committee ( TC) , which is charged with developing the ISO Understand and prioritize the threats to your business with the international standard for business continuity. ISO specifies the requirements for a. A US-based perspective on the progress of both ISO and ISO , Organizational Resilience Management Systems – Requirements with Guidance for.
|Country:||Bosnia & Herzegovina|
|Published (Last):||3 September 2010|
|PDF File Size:||14.43 Mb|
|ePub File Size:||13.9 Mb|
|Price:||Free* [*Free Regsitration Required]|
Contingency planning and disaster recovery were largely information technology-led responses to natural disasters and terrorism that affected businesses during the s and early s.
There was a growing recognition, however, that this needed to 2232 a business-led process and encompass preparing for many forms of disruption. In light of this, the discipline became known as business continuity management BCM. As governments and regulators began to recognize the role of business continuity in mitigating the effects of disruptive incidents on society, they increasingly sought to gain assurance that key players had appropriate business continuity arrangements in place.
Business continuity – ISO when things go seriously wrong
Similarly, businesses recognized their dependence on each other and sought assurance that key suppliers and partners would continue to provide key products and services, even when incidents occurred. In the UK, BS was introduced to provide a management systems standard to which organizations could obtain accredited certification for the first time. The new standard is the result of significant global interest, cooperation and input.
ISO is a management systems standard for Iwo which can be used by organizations of all sizes and types.
These organizations will be able to obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM.
ISO also enables the business continuity manager to show top management that a recognized standard has been achieved. While ISO may be used for certification and therefore includes rather short and concise requirements describing the central elements of BCM, a more extensive guidance standard ISO is being developed to provide greater detail on each requirement in ISO izo ISO may also be used within an organization to measure itself against good practice, and by auditors wishing to report to management.
The influence of the standard will therefore be much greater than those who simply choose to be certified against the standard. This technical committee develops standards for the protection of society from, and in response to, incidents, emergencies and disasters caused by intentional and unintentional human acts, natural hazards and technical failures. Its all-hazards perspective covers adaptive, proactive and reactive strategies in 2323 phases before, during and after a disruptive incident.
The area of societal security is multi-disciplinary and involves actors from both the public and private sectors.
10th plenary meeting in Bangkok, Thailand (December, 2010)
The committee has previously published the following standards and other documents:. At the time, many experts argued that their own national standard was 223323 suited to be developed into an International Standard.
As this was clearly no way forward, all the major players were gathered to identify the similarities between the standards. A challenge with ISO has been the large number of national documents on the subject, which has caused difficulties in gaining agreement. The committee was then ready to create a management system standard with requirements and intended for certification.
Input from the national standards was used to develop the initial draft wordings and gradually refined to become a new document 223223 together good practice from around the ios. Many others contributed to its development, showing the truly international interest and input involved.
ISO is the second published management systems standard 223233 has adopted the new high-level structure kso standardized text agreed in ISO. The standard is divided into 10 main clauses, starting with scope, normative references, and terms and definitions.
ISO emphasizes the need for a well-defined incident response structure. This ensures that when incidents occur, responses are ieo in a timely manner and people are empowered to take the necessary actions to be effective.
Life safety is emphasized and a particular point is made that the organization must communicate with external parties who may be affected, for instance if an incident poses a noxious or explosive risk to surrounding public areas. The requirements for business continuity plans are laid out in Clause 8, too. Quickly understood, user-focused documents are more suitable than the large, unwieldy documents suited to auditors. Smaller plans are therefore more likely to be needed than one large plan.
A requirement not previously addressed in business continuity standards is the need to plan for a return to normal business. This simple requirement belies considered thought, as organizations must determine what to do once the initial emergency has been addressed. The final subsection of section 8 covers exercises and tests, a key part of BCM.
Tests are where some element of the business continuity arrangements is demonstrated to work a pass or not fail. For instance, it is possible to test if the generator will run by switching it on.
An exercise may include tests, but is generally a 2232 nuanced approach that simulates some aspect of responding to an incident. This will usually include elements of training and building awareness of how to handle disruptive incidents with difficult and unusual characteristics, as well as finding out if processes work as expected. Exercises and tests are fundamental in ISO To work well, ISO will need organizations to have thoroughly understood its requirements. Every line and word has meaning and the relative importance is not necessarily reflected by the number of words devoted to a topic.
He is an experienced consultant in business continuity, ICT continuity and crisis management. Later, at Siemens, he developed and led a business continuity consultancy. This news belongs to our archive. Demonstrating good practice ISO is a management systems standard for BCM which can be used by organizations of all sizes isi types.
The committee has previously published the following standards and other documents: Related information ISO publishes new standard for business continuity management. ISO has published an International Standard addressing business continuity 23223 to contribute making organizations in both public and private sectors Societal security – Guideline for incident preparedness and operational continuity management.