Copyright © 2013 BSI. All rights reserved. Howard Kerr, Chief Executive , BSI Introducing ISO 22301, the new global standard for Business Continuity Management
Jul 16, 2015
Copyright © 2013 BSI. All rights reserved.
Howard Kerr, Chief Executive , BSI
Introducing ISO 22301, the new global standard for Business Continuity Management
Copyright © 2013 BSI. All rights reserved.2
Why we need a BCM?
• 72% of companies surveyed had experienced at least one disruption to their supply chain.
• 83% had experienced disruption over all.
Copyright © 2013 BSI. All rights reserved.3
Business Continuity Management - Drivers
CEO’s main focus:• Reputational Impairment• Market Share Loss• Increased Customer Confidence• Governance Expectation “The Right Thing To Do”
Copyright © 2013 BSI. All rights reserved.4
Increasing organizational and supply chain complexity
Copyright © 2013 BSI. All rights reserved.5
Are organizations ready for the next crisis?
83% agree BCM is important/very important yet…*
• 58% of CEO’s surveyed say they have BCM plans in place
• 50% of organizations with BCM report that it includes plans for handling the media
• 45% of organizations with BCM do not require any supply chain partners to have their own plans
• 50% of organizations with BCM exercise their plans once a year.
• Around 25% fail to exercise their plans on a regular basis.* BSI/BCI/Cabinet Office survey 2012 with Chartered Management Institute (CMI)
Copyright © 2013 BSI. All rights reserved.6
The benefits BCM brings
Clients were asked on a scale of 1-10 whether they recognized the benefits listed on the graph. The percentage of respondents who selected 6 or more is graphed here.
0
10
20
30
40
50
60
70
80
90
100
Recovery Speed Increased Revenue Improved Reputation
88% 72% 98%
Pe
rce
nta
ge o
f re
spo
nse
nts
re
cog
nis
ing
th
is
be
ne
fit
* Based on 39 responses from a BSI survey
Copyright © 2013 BSI. All rights reserved.7
International development of BCM
PAS 56 BS 25999 ISO 223012003 2006 2012
• Started as a “PAS” (Publicly Available Specification) by BSI
• Became British Standard BS 25999 in 2006
• New ISO 22301 (16 May 2012)
Copyright © 2013 BSI. All rights reserved.8
BS 25999: the story so far…
• ISO 22301 supersedes BSI’s British Standard BS 25999 –the world’s most recognised & adopted BCM standard.
• BS 25999 sold in over 100 countries.
• Certificates in 43 countries.
• Certificate applications in another 15 countries*
• 800 sites already certified by BSI with 400 pending*
• Market leaders in BS 25999 certification.
* these will likely transition to ISO 22301
Copyright © 2013 BSI. All rights reserved.9
Previous BS 25999 global adoption
Copyright © 2013 BSI. All rights reserved.10
BS 25999 – multi-sector adoption
Copyright © 2013 BSI. All rights reserved.11
Existing BSI BS 25999 clients
Copyright © 2013 BSI. All rights reserved.12
Introducing ISO 22301
• New international standard for business continuity management (BCM)
• Its official title is ISO 22301 Societal Security - Business continuity management systems - Requirements
• All core business continuity elements in BS 25999-2 are present in ISO 22301
Copyright © 2013 BSI. All rights reserved.13
What is ISO 22301?
ISO 22301 specifies the requirements for a business
continuity management system to protect against, reduce
the likelihood of, and ensure your business recovers from
disruptive incidents. As pioneers of the original standard for
business continuity (BS 25999) we are best placed to help
clients on their business continuity management journey. BSI
clients have reported the following benefits:
• 83% enhanced their reputation
• 82% improved their recovery speed
• 71% increased sales
• 83% reported improved reputation
Presenter's Name/Presentation Title
13
Copyright © 2013 BSI. All rights reserved.14
What is ISO 22301?
• Provides the requirements for a business continuity management system (BCMS)
• Based on global BCM best practice
• Created in response to strong interest in the original British Standard BS 25999-2 and other regional standards
• BS 25999-2 key source text in its development
• For those certified to or aligned with BS 25999-2, the additional requirements are not onerous
Copyright © 2013 BSI. All rights reserved.15
Societal Security and BCM?
• ISO 22301 now comes under a wider societal security remit
• This acknowledges the important role that BCM has to play in protecting society and ensuring our ability to respond to incidents, emergencies and disasters.
Copyright © 2013 BSI. All rights reserved.16
Benefits of adopting a systems approach to managing BCM
• Allows organizations to benefit from global BCM best practice, regardless of whether they are planning to certify or not
• Provides a foundation and a common vocabulary for BCM best practice and guidance
• Consensus standards like ISO 22301 represent the input and recommendations of hundreds of BC professionals and industry experts
Copyright © 2013 BSI. All rights reserved.17
Structure of ISO 22301:2012
Clause Advantage
4.0 Is a component of Plan. It introduces requirements necessary to establish the context of the BCMS as it applies to the organization, as well as needs, requirements, and scope.
5.0 Is a component of Plan. It summarises the requirements specific to top management’s role in the BCMS, and how leadership articulates its expectations to the organization via a policy statement.
6.0 Is a component of Plan. It describes requirements as it relates to establishing strategic objectives and guiding principles for the BCMS as a whole. The content of Clause 6 differs from establishing risk treatment opportunities stemming from risk assessment, as well as business impact analysis (BIA) derived recovery objectives.
Plan, Do, Check, Act Cycle
Copyright © 2013 BSI. All rights reserved.18
Structure of ISO 22301:2012
Clause Advantage
7.0 Is a component of Plan. It supports BCMS operations as they relate to establishing competence and communication on a recurring/as-needed basis with interested parties, while documenting, controlling, maintaining and retaining required documentation.
8.0 Is a component of Do. It defines BC requirements, determines how to address them and develops the procedures to manage a disruptive incident.
9.0 Is a component of Check. It summarises requirements necessary to measure BCM performance, BCMS compliance with the International Standard and management’s expectations, and seeks feedback from management regarding expectations.
10.0 Is a component of Act. It identifies and acts on BCMS non-conformance through corrective action.
Copyright © 2013 BSI. All rights reserved.19
To certify or not to certify?
Certification offers many advantages, including:• It challenges your BCM program and organization to reach a higher
level of maturity and preparedness• Supply chain requirement• Prequalification for tenders• Provides a competitive advantage• Signifies a base level of readiness and a commitment and seriousness
about BCM
Copyright © 2013 BSI. All rights reserved.20
Contact Us
Address: BSI Group America Inc.
12110 Sunset Hills Road, Suite 200
Reston, VA 20190-5902
Main Office Telephone: 888-429-6178
Fax: 703 437 9001
Email: [email protected]
Links: http://www.bsiamerica.com