Role of understanding the context in Business Continuity Management

Experience from ISO 22301 compliant BCMS implementation

Juris Puce analytica.lv

“Understanding the organization and its context”

• Included in ISO “management system standards” requirements

Assumption: understanding the context AND organization is especially important in cases for

Business Continiuity

Experience• We have experience in implementation of

– Business Process Management– Information Security Management Systems (both ISO 27001 and

alternative)– IT Service Management systems (ISO 20000-1; ITIL, other principles)– Quality Management Systems (ISO 9001 and alternative approaches)– Risk management systems...

All include the idea of “understanding the organization and its context”

Another point of view

• Understanding the organization and its context usually can be done at a “general level”– What services/products– Structure of organization– Basic grasp of “culture”

Not that easy in effective BCP (Business Continuity Planning)

BCMS (Business Continuity Management System)

• Requires much more in-depth understanding of the organization and its context– not arguing: technically any process/management system needs the

understanding too

– But these sometimes can easily be misguided/misunderstood

• BCMS requires in-depth understanding of:– Processes, Functions– Consequences if not done, done partially, or done late– Resources the organization is ready to invest to prevent failures/maintain

processes

Reasonable BCMS implementation?

Minimum effort (just

rebuild everything)

Maximum effort (lets

make it complicated enough so

nobody understand

s it)

Truth is in the

middle?

Conclusion

• Doing Business Continuity (BC) Business Impact Analysis (BIA) properly allow organization to have a “clear head” view on the organization and related risks

• Useful in: risk analysis, information security, quality management, information system planning....

COMMENTS WELCOME

Juris Puce @linkedinanalytica.lv