You are implementing a business continuity management system (BCMS) for the first time and you discover that one of the requirements is to conduct “internal audits”. What do you do? Who should be the auditor? Do they need to be trained? All valid questions (along with scores of others which you will doubtless ask yourself) which invariably will be rushed through without much thought into what is trying to be achieved (apart from a tick in the BCMS/certification box).
Done well, audits are an excellent way for your business to learn what’s working and what needs to be improved but done badly they soon become robotic and worse, potentially divisive. Internal audits are a requirement of any management system standard so if you are committed to implementing a meaningful BCMS you might as well do it properly from the outset.
The session is part of the Continuity Forum webinar series and was first broadcast in September 2012.
Hilary Estall of Perpetual Solutions is our guest for the session and she outlines how the migration can be more easily made from other standards such as BS 25999-2 to the new ISO and what the auditor is likely to focus on when assessing your system.
Following on from the Continuity Forum Webcasts in May, June and July we are adding four more sessions starting in late August and through September covering the next steps for organisations. We are now taking bookings and places will be limited so prompt action is recommended.
On the 6th September in London the BSI will be hosting the 2012 Business Continuity Management Conference. This will be the sixth of these annual events and this years event is titled "ISO 22301 and Beyond"
Through this conference the BSI is giving you the chance to get behind the scenes of ISO 22301 and ISO 22313 standard developments to discover why they are needed and what this means for business continuity professionals worldwide.
There are two new Business Continuity books coming out this summer that are likely to find their way on to the book shelves of many of our readers and partners. They are chalk and cheese in their content, but significant publications as they address two topics that feature highly in the questions we receive here at the Continuity Forum.
For many years one of the most consistent questions we have had, especially from those coming to BCM for the first time, has been, "what would we recommend as an introduction?" and we can now add the Dummies Guide to the Practical Business Continuity Management.
More recently, since the launch of ISO 22301, and perhaps at the other end of the scale, the questions have been centred on getting good advice on how to implement the new ISO Standard; and with virtually perfect timing, Hilary Estall brings us her Guide to Implementing ISO 22301.
In May 2012, the International Standardization Organization (ISO) published ISO 22301 – Business continuity management systems – Requirements. Although this standard was long in the making the response has been very positive - and with the promise of ISO 22313 – Business continuity management – Guidance – before the end of this year, it seems it was worth the wait.
ISO 22301 blends the requirements from several national standards, including those from the USA, Japan, Singapore, Canada and Australia. The similarity with BS 25999-2, however, is most evident. A comparison of the BS and ISO standards reveals little difference in the requirements. And in Clause 8 of the ISO, where the business continuity programme requirements reside, the text is identical in many places.
Our Webinars focusing on the new ISO Business Continuity Standard 22301 really have been incredibly popular with a response that has even taken us by surprise!
To meet this interest we have decided to add two extra sessions on the 20th and 27th on June at 09:30 and 16:30 respectively (UK time) for those that have been unable to participate so far
These sessions are being provided free of charge.
We are also running a special breakfast briefing on the new standard on the morning of July 5th in London. Keep an eye out for the details on the news and events pages or send a mail to us here to book a place at this special briefing.
ISO has published an International Standard addressing business continuity management to contribute making organizations in both public and private sectors more resilient.
ISO 22301:2012, Societal security – Business continuity management systems – Requirements, will help organizations, regardless of their size, location or activity, to be better prepared and more confident to handle disruption of any type.
Incidents can disrupt an organization at any time and applying ISO 22301 will ensure that organizations can respond and continue its operations. Incidents take many forms ranging from large scale natural disasters and acts of terror to technology-related accidents and environmental incidents. However, most incidents are small but can have a significant impact and that m
akes business continuity management relevant at all times.
The new international standard ISO 22301 for Business Continuity has now been published and can be purchased and immediately downloaded from the BSI Shop HERE.
This ISO standard builds on one of the most successful management standards ever created by the BSI, BS 25999 that delivered both the guidance and requirements aspects needed to create Continuity and Build resilience.
ISO 22301 is the requirements specification that sets out the details that should feature in your business continuity management programme to achieve recognised good practice. The associated guidance documents, ISO 22313, are currently in draft production and will be available later in the year or in early 2013.
For those who have already implementated or aligned with the leading national standards (such as BS 25999, the US version BCM.01 from ASIS and the BSI or SPC.01 the general framework for example) the general approach by the ISO will appear very familiar.
Most organisations will be able to effect a 'relatively' straightforward transition to ISO 22301- through a transition period - with most of the work being concentrated on the development of the BCMS process documentation.
Partner briefings can be arranged for individuals or groups of up to 25 staff initially. Larger sessions will follow shortly.
The opening briefings will look at the background to ISO 22301 and the likely options for transition to the new standard and will help organisations understand how they may be affected.
In addition to the live sesions, we can provide organisation focused and branded versions for internal use or run sessions on behalf of companies to engage with their internal teams, customers or other stakeholders. Sessions can be recorded for reuse.
There has been some fairly active discussion on a few of the industry forums recently about how standards such as BS25999 and ISO22301 are being seen as potentially even more 'red tape' by many businesses and SME companies in particular.
A key comment made was that many smaller organisations are under tremendous pressure at the moment, with more loaded on them by adding Business Continuity to the mix through the new ISO. It was summed up by the title … "It's unlikely that SME's will welcome the new standard with open arms".
While I have great sympathy with the position taken about the plethora of regulations, legislation and other seemingly nonsense GUMPF* that surrounds us and eats away our time, I confess unsurprisingly though it's very hard to agree this is at all valid when it comes to Business Continuity.