Transforming IT Blog
Join us in the Transforming IT HP Blog where we will discuss reinventing IT to overcome obstacles and take advantage of Instant on Enterprise opportunities.

The New Standard for Business Continuity - ISO 22301:2012

Disaster Word Cloud.jpgIn May of this year the ISO 22301:2012 Standard for Business Continuity was released.  This international standard codifies only those requirements that can be objectively audited and a demonstration of successful implementation can be made.  The standard provides a foundation of common vocabulary for business continuity best practices and processes.  Something that has been longing in the business continuity planning (BCP) arena for years.

 

The primary components of the standard are found in its clauses where BCP is formulated into a Business Continuity Management System (BCMS):

 

  • Clause 4: Context of the Organization – Determine external and internal issues that are relevant to BCMS’ purpose and that affect its ability to achieve the expected outcomes.
  • Clause 5: Leadership – Require top management to demonstrate an ongoing commitment to the BCMS. Through its leadership and actions, management can create an environment in which different actors are fully involved and in the BCMS operating effectively in synergy with the objectives of the organization.
  • Clause 6: Planning – Defined as a critical stage as it relates to establishing strategic objectives and guiding principles for the BCMS as a whole. The objectives of a BCMS are the expression of the intent of the organization to treat the risks identified and/or to comply with requirements of organizational needs.
  • Clause 7: Support – The day-to-day management of an effective BCMS relies on using the appropriate resources for each task. These include competent staff with relevant (and demonstrable) training and supporting services, awareness and communication.
  • Clause 8: Operation – After planning the BCMS, an organization must put it in operation including the execution of A) Business Impact Analysis, B) Risk Assessment, C) Business Continuity Strategy, D) Business Continuity Strategies, and E) Exercising and Testing the BCMS.
  • Clause 9: Performance Evaluation – Once the BCMS is implemented, ISO 22301 requires permanent monitoring of the system as well as periodic reviews to improve its operation.
  • Clause 10: Improvement – Continual improvement can be defined as all the actions taken throughout the organization to increase effectiveness and efficiency (cost/benefit) of security processes and controls to bring increased benefits to the organization and its stakeholders.

I suggest purchasing a copy of ISO 22301:2012 to see how your BCP program stacks up against the aforementioned clauses.

 

To see what HP is doing to protect information and assets against disaster check out HP's Continuity Services.

 

How will the new ISO 22301 Standard affect your BCP and DRP programs? Follow me on Twitter @SecureMartini for more security insights.

Comments
thirumaran(anon) | ‎10-17-2013 11:17 AM

Great Information! While developing software or building a company that works with technology or engineering-related projects, it might be worthwhile for you to apply for <a href="http://www.iasiso.com">ISO Certification</a>.

ISO 27001(anon) | ‎10-19-2013 11:35 AM

The Information ISO 22301 is very useful and Thanks for sharing Information.

 

<a href="http://www.isocertificationias.com/">ISO Certification</a>

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Search
Showing results for 
Search instead for 
Do you mean 
About the Author
Tari is a Distinguished Technologist with 30 years of IT and cyber security experience. He is dual board certified in information security/b...


Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.