Scribd
Upload
43 views25 pages

Chapter 02

The document discusses standards for business continuity, including ISO, ANSI, ASIS and NFPA standards. It explains key aspects of the standards like their organization, processes, and use of the PDCA (Plan-Do-Check-Act) model. The standards are designed to provide auditable criteria for organizations to build business continuity management systems.

Uploaded by

Saketh Raju
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
43 views25 pages

Chapter 02

The document discusses standards for business continuity, including ISO, ANSI, ASIS and NFPA standards. It explains key aspects of the standards like their organization, processes, and use of the PDCA (Plan-Do-Check-Act) model. The standards are designed to provide auditable criteria for organizations to build business continuity management systems.

Uploaded by

Saketh Raju
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 25

Understanding the Standards

Introduction
 Business Continuity Standards provide auditable
criteria
 Written for organizations of any size
 Designed to integrate with similar standards and
management systems
 ISO Standards developed by technical committees
of subject matter experts
 Request made to ISO by interested parties
 Consensus standards
 American National Standards Institute (ANSI)
Process Approach
 Process is a set of interrelated activities that
transform inputs into outputs
 Process approach is the application of a system of
processes to achieve organizational objectives
 Types of processes include:
 Organizational Management
 Resource Management
 Measurement, Analysis, and Improvement
Process
Process Approach
 Steps to implement process approach (ISO):
 Identify the Processes of the Organization
 Process Planning
 Implementation and Measurement
 Analysis
 Corrective Action and Improvement
Process Approach
 Horizontal and Vertical Management
 Management System is the framework of
processes and procedures used to ensure that
an organization can fulfill all tasks required to
achieve a set of related business objectives
Plan, Do, Check, Act (PDCA)
 Structures the Management System
 PDCA used in most ISO Management
Standards
 PDCA an Interactive Four Step Process
 Business Process Improvement
 Decision Making
 Dr. Walter Shewhart
Plan, Do, Check, Act (PDCA)
 Dr. William Edwards Deming
 Variants
 PDSA
 OPDCA

 Plan (Establish)
 Define Objectives, Targets, Controls,
Processes, and Procedures
 Inputs from Dependent or Upstream
Processes
 Project Planning
Plan, Do, Check, Act (PDCA)
 Do (Implement and Operate)
 Implement Processes Indentified in
Planning Stage
 May require PDCA Sub-process
 Check (Monitor and Review)
 Develop Metrics and Track Performance
 Corrective Actions
Plan, Do, Check, Act (PDCA)
 Act (Maintain and Improve)
 Implement Corrective Actions

 Continuous Improvement

 PDCA is an Iterative Cycle


 Applied Strategically and Tactically
Plan, Do, Check, Act (PDCA)

ISO 22301 Clauses Associated with PDCA Steps


Plan, Do, Check, Act (PDCA)

Example of PDCA Application


Organization of the Standards
 ISO 22301
 First Three Clauses do not Contain any
‘Requirements’
 Applies also to ASIS Standard
 Clause 0 – Introduction
 Summarizes Concept of Business Continuity
Management System
 Clause 1 – Scope
 Explains Intent and Scope

 Provides the ‘What’ but Not the ‘How’


Organization of the Standards
 Clause 2 – Normative References
 Documents that Reader Must Understand or
Reference
 Clause 3 – Terms and Definitions
 “Shall” – Required Without Modification or
Deviation
 “Should” – Recommendation and Not Required
 “May” – Something is Permitted
 “Can” – Something is Possible
Organization of the Standards
 Clause 4 – Context of the Organization
 Defines the Management System Requirements
of the Organization
 Context of the Organization
 Needs and Expectations of Interested Parties
 Legal and Regulatory Environment
 Scope of the Management System
Organization of the Standards
 Clause 5 – Leadership
 Roles, Requirements, and Responsibilities of
Management
 Integrate Support, Active Involvement, and
Continuous Improvement
 Demonstrated Through (Non-inclusive):
 Communication and Enforcement of Policy
 Compliance with Requirements
 Participation on Steering Committee
Organization of the Standards
 Clause 6 – Planning
 Refers Back to Clause 4
 Planning the Project to Develop Management
System
 Responsibilities

 Tasks

 Milestones

 Risk

 Documentation
Organization of the Standards
 Set context for BIA and Risk Assessment
 Continuous Improvement
 Clause 7 – Support
 Identify and Provide Resources Necessary to
Support Program
 Competence
 Awareness
 Communication
 Documented Information
Organization of the Standards
 Clause 8 – Operation
 Represents the “Do” Component of PDCA
 Operational Planning and Control
 Business Impact Analysis and Risk Assessment
 Supply Chain
 Business Continuity Strategy
 Resource Requirements

 Mitigation and Response


Organization of the Standards
 Establish Documented Procedures
 Incident Response Structure
 Warning and Communication

 Business Continuity Plans

 Exercising and Testing


 Clause 9 – Performance Evaluation
 Establish Metrics and Trending
 Internal Audit
Organization of the Standards
 Management Review
 Deficient Performance
 Clause 10 – Improvement
 Documentation
 Corrective Actions
 Extent of Condition
 Effective Reviews
 Continuous Improvement
Organization of the Standards
 ASIS SPC.1-2009
 Organizational Resilience (OR) Management
system
 Many of safe requirements as ISO 22301
 Comprehensive Emergency Management
 Four Clauses
Organization of the Standards

ASIS Clauses Associated with PDCA


Organization of the Standards
 NFPA 1600-2010
 2010 Edition Amended to Align with PDCA
 Language not Business Friendly
 Addresses Elements of Comprehensive
Emergency Management
 Requires Incident Action Plans or Management
by Objectives
Review
 ISO Standards Developed by Technical Committees
of Subject Matter Experts
 Provide Auditable Criteria
 Mandate the “What” not the “How” to build a
Business Continuity Management System
 Management System Structured with Deming’s Plan,
Do, Check, Act
Review
 Clauses 0-3 of ISO and ASIS do not Contain
Requirements
 Clauses 4 – 10 aligned with PDCA
 ASIS Spells Out Many of Same Requirements
as ISO 22301 but more direct
 NFPA not as Business Friendly
 Uses Some Elements of ICS

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy