ISO

International Standards Organisation

Managing Cyber Risk and the application of Cyber Insurance

 
UPDATE on the development of ISO 27102 ISO 27102 - Cyber Insurance
 
Ahead of the next meeting of the ISO Technical Committee for Information Security responsible for the development of the international standard for Cyber Insurance (27102) in Tel Aviv in April a meeting was held in London on 8th February to discuss the concerns and possible solutions as part of the Public Consultation phase of the standards development. 
 
Those attending the session represented a diverse group of stakeholders from across the Insurance Sector and included a number of significant endusers. Ahead of this meeting over 50 other stakeholders, representing a more diverse base of stakeholders, also provided feedback on the proposal for a cyber insurance standard.
 
During these discussions the overwhelming majority felt that the standard was currently not appropriate and rather duplicated guidance already available in the market. Further, the consensus was that the structure of the documents did not help either the user or the insurance sector. The group also strongly felt that there was too little practical advice for users on the insurance aspects that need to be considered and how best to engage and align their operations to optimise the benefits insurance can bring.
 
However, as the meeting developed it become clear that there was a way forward that could, if adopted by ISO, address the concerns and provide a powerful tool for users and the insurance sector to enhance and improve the efficiency of the process, improving the value for all.
 
In the next week or so the UK will be submitting comments and our recommendations to ISO for consideration in Tel Aviv.
 
We are hopeful that the recommendations will be received positively, as they directly address the needs of the market and support the wider work of the ISO Committee responsible for Information Security.
 
Critically, the recommendations to be submitted also directly address the concerns of the insurance sector and have garnered strong support from those active across the sector. By altering some aspects of the scope, revising certain sections and focusing on a more evolved set of outcomes this standard could end up driving considerable growth in the sector while also improving the quality and capabilities of Cyber Risk Management.
 
If you would like to know more please do get in touch with me at russell.price@continuityforum.org.
 

ISO Standard for Cyber Insurance gets one step closer to publication

ISO Standard for Cyber Insurance 27102
International Standards Organization (ISO) and its' technical committee for Information Security has been developing a new Cyber Insurance standard to help organizations better understand their exposure and identify how they might use Cyber Insurance as part of their Information Security and Risk Management activity.
 
This standard (ISO 27102) is part of the ISO 27000 family is now entering the consultation phase ahead of final publication.

Introducing Standards

This is a short introduction to the world of Standards outlining how they are developed. 

A standard is a document defining best practice, established by consensus and approved by a recognized body (such as BSI, ANSI or ISO). Each standard is kept current through a process of maintenance and review whereby it is updated, revised or withdrawn as necessary.

Compliance Management | ISO 19600 review and survey

ISO - International Standards Organization
The ISO Technical Committee for ISO 19600 relating to Compliance Management is preparing to discuss whether a revision of this standard should take place and, if so, how it can be improved.
 
To support this review a survey has been developed to gain feedback from both users and non-users of the standard looking at compliance management. You can help contribute to the decision making process by providing feedback and opinion by following the link below:
 
 
The scope of ISO 19600
 
The International Standard ISO 19600:2014 Compliance management systems – Guidelines were published in 2014 as a Management System Standard. The standard does not specify requirements, but provides guidance on compliance management systems and recommended practices.
 
ISO 19600 can be used by numerous standards covering Risk, Information Technology, Business Continuity and Resilience Management to identify just a few.  The guidance it provides is intended to be adaptable, and the use of this guidance can differ depending on the size and level of maturity of an organization’s compliance management system and on the context, nature and complexity of the organizations activities, including its compliancy policy and objectives.
 
You do not need to be a user of ISO standards either as the flexibility provided through the guidance can help with other processes or management systems. ISO 19600:2014 is based on the principles of good governance, proportionality, transparency and sustainability.
 
The deadline for completing the survey is Monday 16th April 2018.
 

Revision of ISO 31000 Risk Management Guidelines - Draft available

 
International Standard Risk Management ISO 31000 Draft ReviewISO 31000, the international standard for Risk Management - ‘Risk Management – Principles and Guidelines’ - is now available for public consultation. 
 
The decision to review ISO 31000 was taken at in Chicago in 2013 and now, 4 years later, a draft version of the proposed updates to the ISO 31000 document is available for users to see.
 
The next steps will be a review of the comments submitted that will modify the text further and then a ballot by ISO members to move to the final publication.  The next ISO meeting is being held in San Francisco in July 2017 and this suggests publication of the revised risk management standard perhaps early in 2018. 
 
The draft of the standard for review and comment is now available on the BSI Draft Review system at https://standardsdevelopment.bsigroup.com/projects/76477a8f8de94a1e1d5c675e02973077. [registration required - Closing date for comments 11th April 2017] 
 
Click to Visit and View BSI DRAFT REVIEW SYSTEM
 

The future for ISO 31000 | TC 262 Risk Management Survey | Standards

 
BSI Home pageISO Home page
The future of ISO 31000
Risk Management
HAVE YOUR SAY

 
We would really like your contribution to the future developemnt of ISO 31000 – Risk management - Principles and guidance and ISO Guide 73 - Risk management- Terminology.  These important ISO guidance documents are currently being considered for revision and the ISO technical committee, TC/262 – Risk Management –responsible for this work and the BSI has established a group to obtain feedback from risk professionals, users of the standards, and other relevant stakeholders.  
 
Your input into this review is very important and will be fed directly into ISO TC/262.
 
We are looking for your thoughts and use of Risk Management standards to help us develop a better understanding of how ISO 31000 can evolve and what aspects could be developed further. 
 
For more details please contact the Continuity Forum here or call Sara McKenna on +44 (0) 208 993 1599
 

Risk Management Workshop Series - Edinburgh - London - Bristol

 
Continuity Forum Risk Management workshop series Risk Management Workshop series
 
Edinburgh - London - Bristol
24th January, 14th & 19th February 
 
These Risk Management Workshop sessions form part of the process of review and feedback on the developing nature of Risk Management standards and have been developed by the Continuity Forum and the BSI. 
 
They have been designed to flow together, creating engagement and drawing people into meaningful discussions on key issues surrounding Risk Management Standards and how it connects to other professional disciples that use Risk Management techniques such as Business Continuity, Resilience and Security Management. 
 
In addition, we are seeking to develop insight and support on the potential for Standards based Risk Management to positively contribute to the UK's management of Climate Risk through the National Adaption Programme (NAP).  
 

ISO 22313 GUIDANCE for Business Continuity published (ISO 22301)

 

Visit the BSI Shop
Introducing the latest international standard ISO 22313
 
The Guidance for Business Continuity management standard ISO 22301
 
BS ISO 22313 Societal security — Business continuity management systems — Guidance offers global best practice to organizations implementing an effective Business Continuity Management System (BCMS).
 
Acting as the guidance document for ISO 22301, the standard provides a more intuitive framework to those pursuing business continuity best practice. It is a key milestone to support the uptake and implementation of effective BCM worldwide.
Together, these BCM standards seek to support organizations in their on-going challenge to improve business resilience in the face of unforeseen circumstances such as bad weather or civil unrest.
 

ISO Business Continuity Standard 22301 to replace BS 25999-2

 
BSI Business Continuity The BSI has confirmed that the new International Standard for Business Continuity - ISO 22301 Societal Security Business Continuity Management Systems  Requirements - will be officially published in mid May.
 
We expect that copies will be available for purchase from around the 15th May from this official link.  
 
With the publication of ISO 22301 it is expected that many countries around the world will formally adopt the International Standards Organization Standard for Business Continuity, enabling much greater international consistency to be realised between national requirements and better meeting the needs of global organizations.
 
In addition, as part of the ISO framework of standards, the new format helps create opportunities to manage what have often been independent systems in a more integrated way through common terms and processes. This should assist in better embedding of the various management systems available from ISO within organisations. 
 

ISO Call for Comments DIS 22313 Guidance for Business Continuity

The International Standards Organisation open consultation stage for ISO 22313 is still open and gives you the opportunity to review and comment on the draft public version of the standard. ISO 22313 provides the guidance relating to Business Continuity and ISO 22301 the specification standard.
 
This process is key the development process and represents the Draft International Standard (DIS 22313) is still open though and closes on the 11th of April 2012.
 
Its a great opportunity to review and feedback your comments on the draft version before it moves into the final stages of review and publication. All comments are reviewed and are an important part of the process. Do visit the link below to take part: 
 
THE REVIEW PERIOD IS NOW CLOSED 
 
For more information or advice please do get in touch directly here.
 

* ISO 22301 is the equivalent to BS 25999 part 2 and ISO 22313 to part 1 
Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...