View
88
Download
3
Category
Tags:
Preview:
Citation preview
Role of understanding the context in Business Continuity Management
Experience from ISO 22301 compliant BCMS implementation
Juris Puce analytica.lv
“Understanding the organization and its context”
• Included in ISO “management system standards” requirements
Assumption: understanding the context AND organization is especially important in cases for
Business Continiuity
Experience• We have experience in implementation of
– Business Process Management– Information Security Management Systems (both ISO 27001 and
alternative)– IT Service Management systems (ISO 20000-1; ITIL, other principles)– Quality Management Systems (ISO 9001 and alternative approaches)– Risk management systems...
All include the idea of “understanding the organization and its context”
Another point of view
• Understanding the organization and its context usually can be done at a “general level”– What services/products– Structure of organization– Basic grasp of “culture”
Not that easy in effective BCP (Business Continuity Planning)
BCMS (Business Continuity Management System)
• Requires much more in-depth understanding of the organization and its context– not arguing: technically any process/management system needs the
understanding too
– But these sometimes can easily be misguided/misunderstood
• BCMS requires in-depth understanding of:– Processes, Functions– Consequences if not done, done partially, or done late– Resources the organization is ready to invest to prevent failures/maintain
processes
Reasonable BCMS implementation?
Minimum effort (just
rebuild everything)
Maximum effort (lets
make it complicated enough so
nobody understand
s it)
Truth is in the
middle?
Conclusion
• Doing Business Continuity (BC) Business Impact Analysis (BIA) properly allow organization to have a “clear head” view on the organization and related risks
• Useful in: risk analysis, information security, quality management, information system planning....
Recommended