Show me desktop version

The ISO 27001 & ISO 22301 Blog

Beyond the BCM Manager: Additional roles to consider during the disruptive incident

A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based on ISO 22301, to minimize the chances of such events occurring and, if they occur, …

Read More ...

ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care

Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of products and services to customers during disruptions. But, what do industries need in order to take care of their customers themselves? As usual, a normal project start… As a case …

Read More ...

Where does information security fit into a company?

Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who should be handling information security and from which organizational unit, let’s see first the conceptual …

Read More ...

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...

How to use ISO 22301 for the implementation of business continuity in ISO 27001

One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO 27001? Unfortunately, ISO 27001 does not provide much detail when it comes to business continuity. …

Read More ...

How to perform business continuity exercising and testing according to ISO 22301

Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too much, while others maintain that it has no purpose because they cannot perform the full testing, anyway. Well, both of these might be true, but the fact is: without exercising …

Read More ...

The most popular ISO 27001 & ISO 22301 blog posts

This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas I have – right now, I have at least 10 new topics in mind. But …

Read More ...

Setting the business continuity objectives in ISO 22301

Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives exist? What are they used for? How are they set? Let’s see… Purpose of business …

Read More ...

New book – Becoming Resilient: The Definitive Guide to ISO 22301 Implementation

As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. So, if you are a business continuity practitioner looking for some tips on how to implement this standard, here’s a brief overview of the book so that you …

Read More ...

The purpose of Business continuity policy according to ISO 22301

Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster recovery practitioners are asking themselves, so here’s why ISO 22301 (a leading business continuity management standard) says it’s mandatory. Main purpose The …

Read More ...

How long does it take to implement ISO 27001 / BS 25999?

This is probably the second most common question I hear about ISO 27001 and BS 25999 (the first one is How much does it cost?). Well, the answer is not really encouraging – most of the people I speak to expect it to be a few months. But this is …

Read More ...

Activation procedures for business continuity plan

Having a business continuity plan is nice, but if you don’t know when and how to start using it, the money you’ve invested in it was spent in vain. Even worse, you’ll likely lose quite a lot of money because your business operations will be disrupted. What is a business …

Read More ...

Is it possible to calculate the Return on Security Investment (ROSI)?

If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of your job: to convince your management that investment in information security/business continuity makes sense. Traditionally, “making sense” for management means that the revenues that will result from the investment will …

Read More ...

Does ISO 27001 mean that information is 100% secure?

You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy outage – what you also probably know is that this outage was caused by Amazon Web Services (AWS), their cloud computing service provider. What you probably didn’t know is that …

Read More ...

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 & ISO 22301: Why is it better to implement them together?
Wednesday - March 1, 2017
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933