Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator...
Transcript of Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator...
![Page 1: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/1.jpg)
Writing a business continuity plan according to ISO 22301
Presenter: Dejan Kosutic
![Page 2: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/2.jpg)
©2017 27001Academy www.advisera.com/27001academy
• Open and close your Panel
• View, Select, and Test your audio
• Submit text questions – they will be addressed throughout the session
• Raise your hand
GoToWebinar Control Panel
2
![Page 3: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/3.jpg)
©2017 27001Academy www.advisera.com/27001academy 3
Elements of the business continuity plan required by ISO 22301
If you’re starting to develop the BCP…
… make sure you didn’t forget anything
![Page 4: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/4.jpg)
©2017 27001Academy www.advisera.com/27001academy 4
BCP is used in case of a real emergency – if you want it to be useful, make sure you prepare it
properly!
![Page 5: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/5.jpg)
©2017 27001Academy www.advisera.com/27001academy
Agenda
5
• BCP in the BCM process
• Business continuity plan elements
• ISO 22301 requirements for BCP
• ISO 22301 requirements for incident response
• Main elements of recovery plans
• Specifics for disaster recovery plans
• Roles in the BCP development
• Biggest challenges with BCP
![Page 6: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/6.jpg)
©2017 27001Academy www.advisera.com/27001academy
BCP in the BCM process
6
6
Analysis
Risk assessm
ent
Business impact
analysis
BCM Strategy
BC Plans
Testing Excerci
sing
BCM Policy
![Page 7: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/7.jpg)
©2017 27001Academy www.advisera.com/27001academy
Business continuity plan elements
7
Business continuity plan
Incident
response
plan
Disaster
recovery
plan
Recovery
plans
Incident
![Page 8: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/8.jpg)
©2017 27001Academy www.advisera.com/27001academy
ISO 22301 requirements for BCP…
8
Plans must collectively contain:
• defined roles and responsibilities
• process for activating the response
• details to manage immediate consequences
• details on how and with whom to communicate, including media response
• how to continue or recover activities within the RTOs
• process for standing down
![Page 9: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/9.jpg)
©2017 27001Academy www.advisera.com/27001academy
…ISO 22301 requirements for BCP
9
Additionally, each plan must define:
• purpose and scope
• objectives
• internal and external interdependencies and interactions
• resource requirements
• information flow and documentation processes
![Page 10: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/10.jpg)
©2017 27001Academy www.advisera.com/27001academy
ISO 22301 requirements for Incident response
10
• define impact thresholds for plan initiation
• assess nature, extent and impact of an incident
• define how to activate appropriate response
• define processes for handling the response
• have available resources
• communication with interested parties
![Page 11: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/11.jpg)
©2017 27001Academy www.advisera.com/27001academy
Main elements of recovery plans
11
• Recovery time objective
• Responsibilities / authorizations
• Key tasks
• Minimum acceptable capacity
• Resources
• Who must be notified
• Contact information – all parties involved
• Recovery steps for critical activity – to be developed by each recovery team
![Page 12: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/12.jpg)
©2017 27001Academy www.advisera.com/27001academy
Specifics for disaster recovery plans
12
• Recovery plans for IT infrastructure
• Usually the shortest RTO
• The same plan template
• Much more detailed for each IT system –appendices
• Each step in recovery is determined by RTO of other critical activities
![Page 13: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/13.jpg)
©2017 27001Academy www.advisera.com/27001academy
Roles in the BCP development
13
• BCM Coordinator develops the plans templates
• BCM Coordinator writes/coordinates the main part of the plan
• BCM Coordinator writes/coordinates Incident response plan
• Department heads develop recovery plans and disaster recovery plans; BCM Coordinator coordinates them
• Final approval by top management
![Page 14: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/14.jpg)
©2017 27001Academy www.advisera.com/27001academy
Biggest challenges with the business continuity plans
14
• Top management involvement and budget
• How big a BCP needs to be? What details/components to cover?
• How to ensure a BCP can cater to most of the worst case scenarios
• How can the BCP be automated, what are the possible tools?
• Get BCP to the staff for education, trainings and exercising
![Page 15: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/15.jpg)
©2017 27001Academy www.advisera.com/27001academy
Conclusion
15
Business continuity plans require careful preparation
If you skip some of the steps, you’ll produce plans that won’t be usable
when you need them
![Page 16: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/16.jpg)
Q & A
Dejan Kosutic
![Page 17: Writing a business continuity plan according to ISO …...main part of the plan •BCM Coordinator writes/coordinates Incident response plan •Department heads develop recovery plans](https://reader034.fdocuments.net/reader034/viewer/2022050605/5fac80358f5d830ac156c412/html5/thumbnails/17.jpg)
www.advisera.com/27001academy/webinars
Thank you!