Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
501 views2 pages

Scope - Understand Needs and Assessment Parameters: Business Continuity Management - Implementation Roadmap

This document outlines the implementation roadmap for achieving ISO 22301 certification for business continuity management over 12-18 months. It involves first defining the scope of the business continuity management system (BCMS) and performing a risk assessment and business impact analysis. Then a recovery plan is developed and tested through exercises. Finally, the BCMS is integrated, continuously monitored and improved, leading to internal and external audits to achieve certification. Ongoing surveillance and triennial audits ensure the BCMS remains effective.

Uploaded by

Ahmed M. SOUISSI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
501 views2 pages

Scope - Understand Needs and Assessment Parameters: Business Continuity Management - Implementation Roadmap

This document outlines the implementation roadmap for achieving ISO 22301 certification for business continuity management over 12-18 months. It involves first defining the scope of the business continuity management system (BCMS) and performing a risk assessment and business impact analysis. Then a recovery plan is developed and tested through exercises. Finally, the BCMS is integrated, continuously monitored and improved, leading to internal and external audits to achieve certification. Ongoing surveillance and triennial audits ensure the BCMS remains effective.

Uploaded by

Ahmed M. SOUISSI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Business Continuity Management

ISO 22301 - Implementation Roadmap

1 month to completion

Scope – Understand needs and


assessment parameters

Use of Existing Certi�ication

Many organizations have some form of information security certi�ication that addresses (but is not focused on) IT & Business Continuity.

De�ine Business Continuity Management System (BCMS) Scope

Logically de�ine the scope of the BCMS to be consistent with initial objectives, ef�iciency, effectiveness and customer requirements.
This approach optimizes likelihood of the plan’s success (prevents “boil the ocean” exercises).

1-3 Months to completion

Pre-Recovery Plan Analysis


(for everything included in scope)

Risk Assessment

Determine risk Identify criteria for performing Ensure repeatable, consistent, Identify risk owners
acceptance criteria risk assessments valid and comparable results

Assess potential consequences Assess the likelihood Determine the most effective, Prioritize the analyzed
that would result if the identi�ied of occurrence and cost ef�icient and executable risks for treatment
risks were to materialize determine risk levels risk treatments

Risk Treatment

Implement the risk treatment plan as determined through


the risk assessment Ensure retention of the risk treatment results

Business Impact Analysis

Setting prioritized timeframes for resuming Identifying dependencies and supporting


Assess the impacts over time of not
activities at speci�ied minimum acceptable resources, including suppliers, outsource
performing services/providing products
levels, taking into consideration the time partners, single points of failure and
and assessing acceptable minimum
within which the impacts of not resuming other relevant interested parties
operational levels
them would become unacceptable

Recovery Strategies

Based on outputs from the Risk Assessment and the BIA Strategies for the 5 possible impacts of any disaster

Ensure protection of prioritized activities and availability of essential Ensure stabilizing, continuing and resuming activities along with
resources, critical vendors and critical skill sets dependencies and supporting resources

[email protected]

Where to turn... when Business Continuity matters


Business Continuity Management
ISO 22301 - Implementation Roadmap

Recovery Plan Development

Easy to execute procedures Effective recovery organization Ensure prioritized recovery

Implementing approved strategies that ful�ill


Ensure client concerns are addressed Consistency between team plans
requirements from the BIA

1-12 months to completion

Integration
Bring plan into business operations

Exercise the BCMS Develop and conduct exercises of the BCMS:

Table top Fail over / Parallel processing Disaster Simulation

Monitor the Environment

Tune the BCMS to facilitate monitoring. (The ongoing monitoring of the BCMS is integral to ISO 22301.)

Develop Continuous Improvement Principles

ISO 22301 mandates continuous improvement plans be developed prior to certi�ication

Ongoing

Certification + Training + Maintenance


- Ensure the plan continues to work

Internal BCMS Audit (Pre-Certi�ication)

"Friendly" pre-audit structured in accordance with certi�ication audit. (Tabletop Review then Compliance Review)

Certi�ication Audit 22301

Certi�ication Audit conducted by Certi�ication Body resulting in issuance of ISO 22301 Certi�icate. HOORAY!

Enact Continuous Improvement Principles

Based on monitoring and testing, evolve the BCMS in a demonstrable manner. (ISO 22301 mandates continuous improvement.)

Surveillance Audit (Year 2 & 3)

Mini-audit conducted by the Certi�ication Body to validate BCMS effectiveness. (BCMS scope extension possible)

Triennial Audit (Year 3 & Every 3rd year)

Re-Certi�ication Audit conducted by Certi�ication Body.

[email protected]

Where to turn... when Business Continuity matters

You might also like