You are implementing a business continuity management system (BCMS) for the first time and you discover that one of the requirements is to conduct “internal audits”. What do you do? Who should be the auditor? Do they need to be trained? All valid questions (along with scores of others which you will doubtless ask yourself) which invariably will be rushed through without much thought into what is trying to be achieved (apart from a tick in the BCMS/certification box).
Done well, audits are an excellent way for your business to learn what’s working and what needs to be improved but done badly they soon become robotic and worse, potentially divisive. Internal audits are a requirement of any management system standard so if you are committed to implementing a meaningful BCMS you might as well do it properly from the outset.
The session is part of the Continuity Forum webinar series and was first broadcast in September 2012.
Hilary Estall of Perpetual Solutions is our guest for the session and she outlines how the migration can be more easily made from other standards such as BS 25999-2 to the new ISO and what the auditor is likely to focus on when assessing your system.
FREE WEBCASTS ON IMPLEMENTATION and CERTIFICATION to ISO 22301
Our Webinars focusing on the new ISO Business Continuity Standard 22301 really have been incredibly popular with a response that has even taken us by surprise!
Following on from the Continuity Forum Webcasts in May, June and July we are adding four more sessions starting in late August and through September covering the next steps for organisations. We are now taking bookings and places will be limited so prompt action is recommended.
There are two new Business Continuity books coming out this summer that are likely to find their way on to the book shelves of many of our readers and partners. They are chalk and cheese in their content, but significant publications as they address two topics that feature highly in the questions we receive here at the Continuity Forum.
For many years one of the most consistent questions we have had, especially from those coming to BCM for the first time, has been, "what would we recommend as an introduction?" and we can now add the Dummies Guide to the Practical Business Continuity Management.
More recently, since the launch of ISO 22301, and perhaps at the other end of the scale, the questions have been centred on getting good advice on how to implement the new ISO Standard; and with virtually perfect timing, Hilary Estall brings us her Guide to Implementing ISO 22301.
In May 2012, the International Standardization Organization (ISO) published ISO 22301 – Business continuity management systems – Requirements. Although this standard was long in the making the response has been very positive - and with the promise of ISO 22313 – Business continuity management – Guidance – before the end of this year, it seems it was worth the wait.
ISO 22301 blends the requirements from several national standards, including those from the USA, Japan, Singapore, Canada and Australia. The similarity with BS 25999-2, however, is most evident. A comparison of the BS and ISO standards reveals little difference in the requirements. And in Clause 8 of the ISO, where the business continuity programme requirements reside, the text is identical in many places.
Our Webinars focusing on the new ISO Business Continuity Standard 22301 really have been incredibly popular with a response that has even taken us by surprise!
To meet this interest we have decided to add two extra sessions on the 20th and 27th on June at 09:30 and 16:30 respectively (UK time) for those that have been unable to participate so far
These sessions are being provided free of charge.
We are also running a special breakfast briefing on the new standard on the morning of July 5th in London. Keep an eye out for the details on the news and events pages or send a mail to us here to book a place at this special briefing.
ISO has published an International Standard addressing business continuity management to contribute making organizations in both public and private sectors more resilient.
ISO 22301:2012, Societal security – Business continuity management systems – Requirements, will help organizations, regardless of their size, location or activity, to be better prepared and more confident to handle disruption of any type.
Incidents can disrupt an organization at any time and applying ISO 22301 will ensure that organizations can respond and continue its operations. Incidents take many forms ranging from large scale natural disasters and acts of terror to technology-related accidents and environmental incidents. However, most incidents are small but can have a significant impact and that m
akes business continuity management relevant at all times.
Partner briefings can be arranged for individuals or groups of up to 25 staff initially. Larger sessions will follow shortly.
The opening briefings will look at the background to ISO 22301 and the likely options for transition to the new standard and will help organisations understand how they may be affected.
In addition to the live sesions, we can provide organisation focused and branded versions for internal use or run sessions on behalf of companies to engage with their internal teams, customers or other stakeholders. Sessions can be recorded for reuse.
The ISO 22301 Business Continuity Management System (Requirements) Standard has been approved by vote this week by the ISO Technical Committee (TC223).
Through this vote the way is now clear for the full publication of the Standard that we would expect to be available for purchase from the BSI and others in the early summer.
Users of the British Standard BS 25999 will continue to be certified, at least until the expiration date, but is is likely that many will choose to adopt this the new Global Standard.
There has been some fairly active discussion on a few of the industry forums recently about how standards such as BS25999 and ISO22301 are being seen as potentially even more 'red tape' by many businesses and SME companies in particular.
A key comment made was that many smaller organisations are under tremendous pressure at the moment, with more loaded on them by adding Business Continuity to the mix through the new ISO. It was summed up by the title … "It's unlikely that SME's will welcome the new standard with open arms".
While I have great sympathy with the position taken about the plethora of regulations, legislation and other seemingly nonsense GUMPF* that surrounds us and eats away our time, I confess unsurprisingly though it's very hard to agree this is at all valid when it comes to Business Continuity.
You are implementing a business continuity management system (BCMS) for the first time and you discover that one of the requirements is to conduct “internal audits”. What do you do? Who should be the auditor? Do they need to be trained? All valid questions (along with scores of others which you will doubtless ask yourself) which invariably will be rushed through without much thought into what is trying to be achieved (apart from a tick in the BCMS/certification box). 
The session is part of the Continuity Forum webinar series and was first broadcast in September 2012.
ISO has published an International Standard addressing business continuity management to contribute making organizations in both public and private sectors more resilient.
