UsingInternationalStandardsto
ImplementaBusinessContinuity
ManagementSystem(BCMS)
Dr.AbdulrahmanAlEnezi
Dr.Fawaz AlEnezi
Eng.MaryamAlRadhwan
Dr.SultanAlEnezi
Agenda
BusinessContinuity
• ISO22301– BCMSRequirements
ASISBCM.01
• ComparisonBetweenStandards
NFPA1600
• BenefitsofFollowingStandards
Standards
ISO22301
• BusinessContinuity
Guidelines
BS25999
• Introduction
Introduction
• Noorganizationisimmunefrombusinessdisruption.
• Thechallengenowadaysgoesbeyondhavingan
emergencyresponseplan,thechallengeistocontinue
providingtheserviceintheeventofadisaster.
• HavingaBusinessContinuityManagementSystem
(BCMS)isaMUST!
Timespentinpreparingequalstime
savedwhenadisasteroccurs
BusinessContinuity
Recovery
Operational
Preparedness EmergencyResponse
Level
100%
Incident
Continuity
Reducing
theimpact
ofincidents
0%
Shortenthe
periodof
disruption
BeforeImplementingBCMS
AfterImplementingBCMS
Time
BusinessContinuity
Facility
Management
SupplyChain
Management
BCMS
Risk
Management
Quality
Management
Disaster
Recovery
Emergency
Response
Contingency
Planning
Healthand
Safety
BusinessContinuity
BenefitsofBCMS
• Identifyandmanagecurrentandfuturethreatstoyourbusiness.
• Takeaproactiveapproachtominimizingtheimpactofincidents.
• Keepcriticalfunctionsupandrunningduringtimesofcrises.
• Minimizedowntimeduringincidentsandimproverecoverytime.
BusinessContinuity
BCMSImplementationSteps
Scoping
Development
Planning
Business
Impact
Analysis
Risk
Assessment
BCStrategy
andObjectives
Testing
Trainingand
Awareness
Reviewingand
Continual
Improvement
BenefitsofFollowingStandards
Standard
• Asetofrules or
requirements,whichare
widelyagreedupon
• Usedasameasure for
comparativeevaluations
• Lowestlevelcontrol
vs.
Guideline
• Anon-specificrulethat
providesdirectionto
actionorbehavior
• Anexplanationtoguide
oneinsettingstandards
• Recommendedbutnon-
mandatorycontrol
BenefitsofFollowingStandards
BenefitsofFollowingStandards
Benchmark
withbest
practices
Integration
withother
plans
Command
andcontrol
structure
Communicate,
educateand
train
Monitorand
exercisethe
program
regularly
Continuous
improvements
Meet
expectations
Auditsand
certifications
ComparisonBetweenStandards
BusinessContinuityStandards
BusinessContinuityStandards
InternationalOrganizationforStandardization
BritishStandardsInstitute
NationalFireProtectionAssociation
AmericanSocietyforIndustrialSecurity
Code
ISO22301:2012
BS25999
NFPA1600:2010
ASISBCM.01-2010
ComparisonBetweenStandards
NFPA1600 ASISBCM.1
BCMElement
ISO22301
BS25999
Understandingtheorganization
Section4.1
Section4.1
N/A
N/A
Plan-Do-Check-Act
Section0.2
Section
AnnexD
Section0.2
Scope
Section4.3
Section3.2.1
Chapter5.3
Section1
BCMS
Section4.4
Section3
AnnexD
Section4
Managementcommitment
Section5.2
Notexplicit
Chapter4.1
Notexplicit
BusinessImpactAnalysis
Section5.3
Section4.4.1
Chapter5.5
Section4.4.1.1
RiskAnalysis
Section5.4
Section4.1.2
Chapter5.4
Section4.4.1.2
BCStrategies
Section8.4.3
Section4.2
Chapter5
Section4.3
Businesscontinuityprocedures
Section8.4
Section4.3.3
Chapter6.7
Section4.5.6.2
TestingandExercising
Section8.5
Section4.4
Chapter7
Section4.6.2.2
InternalAudit
Section9.2
Section5.1
Chapter8.1
Section4.6.5
Managementreview
Section9.3
Section5.2
N/A
Section4.7.4
ContinuousImprovement
Section10.2
Section6.2
Chapter8
Section4.7.4
ISO22301
• Theworld’sfirstinternationalstandardforBCMS.
• Mostrecentlyupdated.
• ReplacedBS25999&ASISBCM.1.
• Theeasiesttocomplywith.
• Genericthatitcanbeappliedtoanytypeoforganizations.
ISO22301
BenefitsofFollowingStandards
BenefitsofISO22301
Ideal
framework
Protectionof
people
Effective
responseto
crises
Improvedrisk
profile
Protectionof
reputation
Thinking
culture
Integration
withother
ISO
standards
Achieve
certification