BCMS厶卺 ISO22301 JIS Q22301 の動匇 · PDF filebcms厶卺 iso22301 jis q22301 の動匇 2015年11⽉13⽇ 小野高宏 1
John Zeppos - BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard
-
Upload
global-risk-forum-grfdavos -
Category
Education
-
view
607 -
download
4
description
Transcript of John Zeppos - BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard
John Zeppos OTE Group Business Continuity Management Deputy Director August 2012
BS25999-2:2007 Certification & Transition to new
ISO22301 BCM Standard
How has Business Continuity Management Developed?
1970s
USA - Natural Disasters
UK - Irish Terrorist attacks resulted in the “Disaster-Recovery” approach in the UK to deal with the aftermath of an event
1980s
BCM professionals recognised the need to understand the Impact to the Business – hence BIA, Risk Assessment etc
1990s
Holistic approach intended to reduce risks and resulting impacts
US standard NFPA 1600 – a recommended approach for Disaster Management – based on Natural, Human or Technological disasters
2000s
Standards Start to be developed 2003/2004 PAS56 - UK - never
developed into a full standard NFPA1600 USA – became programme
based BS25999 – Code of Practice &
Specification (2006/7) – organisations able to be independently certified o Management System approach aligned
with existing Management Systems o Lifecycle to ensure that the business is
protected – not Disaster and then Recover
Current situation
BS25999 formed the key input to the ISO22301
ISO22301 Standard May 2012
2 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
2003
2006/2007
2012
3 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
Why should one decide to undertake certification ?
BS25999 / ISO22301 is the most appropriate standard containing both the Continuity and Crisis Management
They are is based on a Management System approach fully aligned with ISO9001 and ISO27001
They provide independent proof that one’s BCMS is fit for purpose
Senior Management confidence that the approach that they are being asked to underwrite is appropriate.
Certificate could significantly reduce Insurance costs
Certification Programme
Initial pre-assessment by qualified independent auditors ( gap analysis )
Certification project internal kick off meeting with all relevant functions
Stage 1 Assessment – finalise scope and agree timing
Stage 2 Assessment – Certification Audit
1 Month later - Certificate can be officially issued
BCMS Certification
4 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
ISO22301:2012
ISO22301 published w/b May 15
BS25999-2 will be withdrawn in November 2012
No new applications for certification after 22nd October 2012
Scope extensions for existing certifications supported to end October 2013
After 1st November 2012 all visits based on ISO 22301
Existing certificates remain valid until the end of transitional period (30th May 2014)
No new certificates or renewals after 31st December 2013
1st May 2012 UKAS transition project under way
with internal actions, document
preparation, internal training etc.
31st October 2012 No new applications accepted for
accreditation to BS 25999-2
1st November 2012 Transition Assessments begin as part
of the normal surveillance cycle
31st October 2013 No new BS 25999-2 scope extensions
accepted by UKAS
31st December 2013 No new BS 25999-2 certificates to be
issued by CABs
30th May 2014 All CABS to have transitioned to ISO
22301
All CAB clients to have transitioned
within one year of Accreditation to
ISO 22301.
5 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
ISO TC 223
ISO TC 223 is the Technical Committee responsible
TC 223 deals with all matters regarding Societal Security
o provision of International Standards to enhance all actors capacity in society to handle all phases before, during and after disruptive events
45 countries are participating members
All standards from this committee are prefixed “Societal Security” and are number 223xx
Other standards being developed include:
o Mass evacuation
o Emergency Management Command and Control
6 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
7 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
Contributors
ISO22301:2012 Source documents included
o BS25999-2 o NFPA 1600 o ASIS OR standard o Singapore standards o ISO27031 o ISO Guide 73 o ISO/PAS22399
So ISO 22301 is not simply an international version of BS25999-2:2007
ISO moving towards standardization of management systems headings and text
o In development as it was being written o Agreed now and published as ISO Guide 83 o Rules on how to apply this were not always clear so had to be changed
Hence our interpretation may differ in detail from others like ISO 27001 – all management systems
standards will follow Guide 83’s standardized headings and text
Integration of management systems will be easier
8 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
ISO22301:2012
ISO 22301 is the requirements document
ISO 22313 is the guidance document that accompanies ISO22301
o It was originally planned to publish these together but in practicality 22301 has run ahead of the guidance
o It is aligned to 22301, clearly BS25999-1 was not
ISO 22313 should be published early next year
o Currently at DIS
9 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos
John Zeppos [email protected] +30 697 9666844
Twitter : @jzeppos http://www.linkedin.com/in/johnzeppos
10 John Zeppos / BS25999-2:2007 Certification & Transition to new ISO22301 BCM Standard / 31.08.2012 @ Davos