- Documentation
-
Don't reinvent the wheel! Speed up your cyber security implementation with a tool accepted by professionals worldwide.
-
- Books
-
SECURE & SIMPLE: A SMALL-BUSINESS GUIDE TO IMPLEMENTING ISO 27001 ON YOUR OWN
In this book Dejan Kosutic, an author and experienced information security consultant, is giving away all his practical know-how on successful ISO 27001 implementation. No matter if you’re new or experienced in the field; this book gives you everything you will ever need to implement ISO 27001 on your own.
Becoming Resilient: The Definitive Guide to ISO 22301 Implementation
Author and experienced business continuity consultant Dejan Kosutic has written this book with one goal in mind: to give you the knowledge and practical step-by-step process you need to successfully implement ISO 22301. Without any stress, hassle or headaches.
FREE eBOOK: 9 STEPS TO CYBERSECURITY
9 Steps to Cybersecurity from expert Dejan Kosutic is a free eBook designed specifically to take you through all cybersecurity basics in an easy-to-understand and easy-to-digest format. You will learn how to plan cybersecurity implementation from top-level management perspective.
-
- Virtual Consultant
-
LEARN EACH STEP TOWARD EFFECTIVE ISO 27001/22301 IMPLEMENTATION
Speak to our resident ISO 27001/22301 consultants to understand what steps you and your organization need to take.
If things get confusing, you need expert advice.
-
- Tools
-
Conformio is a smart online tool for ISO compliance - implement and maintain ISO 9001, ISO 14001, or ISO 27001 in your company with ease. Streamline your team effort with a single tool for managing documents, projects, and communication.
START FOR FREEISO 27001 Gap Analysis Tool
An ISO 27001 tool, like our free gap analysis tool, can help you see how much of ISO 27001 you have implemented so far – whether you are just getting started, or nearing the end of your journey. The simple question-and-answer format allows you to visualize which specific elements of a information security management system you’ve already implemented, and what you still need to do.
ACCESS THE TOOLISO 27001/ISO 22301 Implementation Duration Calculator
This calculator will help you estimate the time needed for your ISO 27001 or ISO 22301 implementation. Since these two standards are equally complex, the factors that influence the duration of both of these standards are similar, so this is why you can use this calculator for either of these standards.
CALCULATE DURATION
-
- eTRAINING
-
ISO 27001:2013 FOUNDATIONS COURSE
Learn everything you need to know about ISO 27001, including all the requirements and best practices for compliance. This online course is made for beginners. No prior knowledge in information security and ISO standards is needed.
ISO 27001:2013 INTERNAL AUDITOR COURSE
In this online course you’ll learn all the requirements and best practices of ISO 27001, but also how to perform an internal audit in your company. The course is made for beginners. No prior knowledge in information security and ISO standards is needed.
Learn smarter and save money at the same time! Take the ISO 27001 course online, at your own tempo. You can learn and rehearse completely for free. You will only pay for the exam, if you need it.
-
ISO 22301 Basics
Browse through sections:
What is ISO 22301?
The full name of this standard is ISO 22301:2012 Societal security – Business continuity management systems – Requirements. This standard is written by leading business continuity experts and provides the best framework for managing business continuity in an organization.
One of the features that differentiates this standard from other business continuity frameworks/standards is that an organization can become certified by an accredited certification body, and will therefore be able to prove its compliance to its customers, partners, owners and other stakeholders .
Relationship with BS 25999-2
ISO 22301 has replaced 25999-2 – these two standards are rather similar, but ISO 22301 could be considered an upgrade from BS 25999-2. For differences between these two standards see ISO 22301 vs. BS 25999-2 infographic
What are the benefits of business continuity?
When implemented properly, business continuity management will decrease the possibility of a disruptive incident, and if such incident does occur, an organization will be ready to respond in an appropriate way, thus drastically decreasing the potential damage of such incident.
Who can implement this standard?
Any organization – large or small, for profit or non-profit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization.
How does business continuity fit into overall management?
Business continuity is part of overall risk management in a company, with areas that overlap with information security management and IT management.
Note: Risk management is part of overall corporate management.
Basic terms used in a standard
- Business Continuity Management System (BCMS) – part of an overall management system that makes sure business continuity is planned, implemented, maintained, and continually improved
- Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD)
- Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered
- Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored
- Minimum Business Continuity Objective (MBCO) – the minimum level of services or products an organization needs to produce after resuming its business operations
Content of ISO 22301
The standard includes these sections:
Introduction
0.1 General
0.2 The Plan-Do-Check-Act (PDCA) model
0.3 Components of PDCA in this International Standard
1 Scope
2 Normative references
3 Terms and definitions
4 Context of the organization
4.1 Understanding of the organization and its context
4.2 Understanding the needs and expectations of interested parties
4.3 Determining the scope of the management system
4.4 Business continuity management system
5 Leadership
5.1 General
5.2 Management commitment
5.3 Policy
5.4 Organizational roles, responsibilities and authorities
6 Planning
6.1 Actions to address risks and opportunities
6.2 Business continuity objectives and plans to achieve them
7 Support
7.1 Resources
7.2 Competence
7.3 Awareness
7.4 Communication
7.5 Documented information
8 Operation
8.1 Operational planning and control
8.2 Business impact analysis and risk assessment
8.3 Business continuity strategy
8.4 Establish and implement business continuity procedures
8.5 Exercising and testing
9 Performance evaluation
9.1 Monitoring, measurement, analysis and evaluation
9.2 Internal audit
9.3 Management review
10 Improvement
10.1 Nonconformity and corrective action
10.2 Continual improvement
Bibliography
Mandatory documentation
If an organization wants to implement this standard, the following documentation is mandatory:
- List of applicable legal, regulatory and other requirements
- Scope of the BCMS
- Business Continuity Policy
- Business continuity objectives
- Evidence of personnel competences
- Records of communication with interested parties
- Business impact analysis
- Risk assessment, including risk appetite
- Incident response structure
- Business continuity plans
- Recovery procedures
- Results of preventive actions
- Results of monitoring and measurement
- Results of internal audit
- Results of management review
- Results of corrective actions
Click here to see detailed explanation of each mandatory document.
Related standards
Other standards that are helpful in implementation of business continuity are:
ISO/IEC 27031 – Guidelines for information and communication technology readiness for business continuity
PAS 200 – Crisis management – Guidance and good practice
PD 25666 – Guidance on exercising and testing for continuity and contingency programmes
PD 25111 – Guidance on human aspects of business continuity
ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services
ISO/PAS 22399 – Guideline for incident preparedness and operational continuity management
ISO/IEC 27001 – Information security management systems – Requirements
Download our free white paper, “What is ISO 22301?” which discusses ISO 22301 and the advantages it provides for both large and small businesses.
- Find out how a business continuity plan saved an organization after a major pipe burst in their office building.
- Learn 4 key benefits of implementing ISO 22301.
- Find out what documents are required for ISO 22301 certification.
- Discover how ISO 22313 differs from ISO 22301, but still complements the standard.
Free Return on Security Investment Calculator
Did you ever face a situation where you were told that your security measures were too expensive? Or where you found it very difficult to explain to your management what the consequences could be if an incident occurred? Proving that it is worth investing in security is tough, but our Return on Security Investment (ROSI) calculator can help you. It’s completely free.
Free ISO 27001 / ISO 22301 Consultation
We have ISO 27001 & ISO 22301 consultants ready to talk to you about where your organization is and what actions to take next. We know how complicated things can get, and we’re here to provide guidance you can rely on.
Advanced Search
Search here for any material about
ISO 27001 and ISO 22301 implementation
English
