STRUCTURED EXTERNAL ASSIGNMENT

profilesan394
Chapter_02overview.pptx
Home>Information Systems homework help>STRUCTURED EXTERNAL ASSIGNMENT

Chapter 2

Understanding the Standards

Introduction

Business Continuity Standards provide auditable criteria

Written for organizations of any size

Designed to integrate with similar standards and management systems

ISO Standards developed by technical committees of subject matter experts

Request made to ISO by interested parties

Consensus standards

American National Standards Institute (ANSI)

Process Approach

Process is a set of interrelated activities that transform inputs into outputs

Process approach is the application of a system of processes to achieve organizational objectives

Types of processes include:

Organizational Management

Resource Management

Measurement, Analysis, and Improvement Process

Process Approach

Steps to implement process approach (ISO):

Identify the Processes of the Organization

Process Planning

Implementation and Measurement

Analysis

Corrective Action and Improvement

Process Approach

Horizontal and Vertical Management

Management System is the framework of processes and procedures used to ensure that an organization can fulfill all tasks required to achieve a set of related business objectives

Plan, Do, Check, Act (PDCA)

Structures the Management System

PDCA used in most ISO Management Standards

PDCA an Interactive Four Step Process

Business Process Improvement

Decision Making

Dr. Walter Shewhart

Plan, Do, Check, Act (PDCA)

Dr. William Edwards Deming

Variants

PDSA

OPDCA

Plan (Establish)

Define Objectives, Targets, Controls, Processes, and Procedures

Inputs from Dependent or Upstream Processes

Project Planning

Plan, Do, Check, Act (PDCA)

Do (Implement and Operate)

Implement Processes Indentified in Planning Stage

May require PDCA Sub-process

Check (Monitor and Review)

Develop Metrics and Track Performance

Corrective Actions

Plan, Do, Check, Act (PDCA)

Act (Maintain and Improve)

Implement Corrective Actions

Continuous Improvement

PDCA is an Iterative Cycle

Applied Strategically and Tactically

Plan, Do, Check, Act (PDCA)

ISO 22301 Clauses Associated with PDCA Steps

Plan, Do, Check, Act (PDCA)

Example of PDCA Application

Organization of the Standards

ISO 22301

First Three Clauses do not Contain any ‘Requirements’

Applies also to ASIS Standard

Clause 0 – Introduction

Summarizes Concept of Business Continuity Management System

Clause 1 – Scope

Explains Intent and Scope

Provides the ‘What’ but Not the ‘How’

Organization of the Standards

Clause 2 – Normative References

Documents that Reader Must Understand or Reference

Clause 3 – Terms and Definitions

“Shall” – Required Without Modification or Deviation

“Should” – Recommendation and Not Required

“May” – Something is Permitted

“Can” – Something is Possible

Organization of the Standards

Clause 4 – Context of the Organization

Defines the Management System Requirements of the Organization

Context of the Organization

Needs and Expectations of Interested Parties

Legal and Regulatory Environment

Scope of the Management System

Organization of the Standards

Clause 5 – Leadership

Roles, Requirements, and Responsibilities of Management

Integrate Support, Active Involvement, and Continuous Improvement

Demonstrated Through (Non-inclusive):

Communication and Enforcement of Policy

Compliance with Requirements

Participation on Steering Committee

Organization of the Standards

Clause 6 – Planning

Refers Back to Clause 4

Planning the Project to Develop Management System

Responsibilities

Tasks

Milestones

Risk

Documentation

Organization of the Standards

Set context for BIA and Risk Assessment

Continuous Improvement

Clause 7 – Support

Identify and Provide Resources Necessary to Support Program

Competence

Awareness

Communication

Documented Information

Organization of the Standards

Clause 8 – Operation

Represents the “Do” Component of PDCA

Operational Planning and Control

Business Impact Analysis and Risk Assessment

Supply Chain

Business Continuity Strategy

Resource Requirements

Mitigation and Response

Organization of the Standards

Establish Documented Procedures

Incident Response Structure

Warning and Communication

Business Continuity Plans

Exercising and Testing

Clause 9 – Performance Evaluation

Establish Metrics and Trending

Internal Audit

Organization of the Standards

Management Review

Deficient Performance

Clause 10 – Improvement

Documentation

Corrective Actions

Extent of Condition

Effective Reviews

Continuous Improvement

Organization of the Standards

ASIS SPC.1-2009

Organizational Resilience (OR) Management system

Many of safe requirements as ISO 22301

Comprehensive Emergency Management

Four Clauses

Organization of the Standards

ASIS Clauses Associated with PDCA

Organization of the Standards

NFPA 1600-2010

2010 Edition Amended to Align with PDCA

Language not Business Friendly

Addresses Elements of Comprehensive Emergency Management

Requires Incident Action Plans or Management by Objectives

Review

ISO Standards Developed by Technical Committees of Subject Matter Experts

Provide Auditable Criteria

Mandate the “What” not the “How” to build a Business Continuity Management System

Management System Structured with Deming’s Plan, Do, Check, Act

Review

Clauses 0-3 of ISO and ASIS do not Contain Requirements

Clauses 4 – 10 aligned with PDCA

ASIS Spells Out Many of Same Requirements as ISO 22301 but more direct

NFPA not as Business Friendly

Uses Some Elements of ICS