Organizational Resilience – Positioning Against ISO 22301-Based Business Continuity
Wolfgang Mahr
Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was...
Approaches and methods to successfully and sustainably run businesses are being rapidly developed. Recently, the term of Organizational Resilience was interpreted as being the new expression for the term Business Continuity. According to industry sources,...
Business Continuity Management vs. Information Security vs. IT Disaster Recovery
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and...
For outsiders, it’s not easy to distinguish among the specific purposes of Business Continuity Management (BCM), Information Security (IS), and IT Disaster Recovery (IT DR). All three areas have something to do with “security,” “losses,”...
Beyond the BCM Manager: Additional roles to consider during the disruptive incident
Rhand Leal
A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this,...
A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based...
ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care
Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of...
Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of products and services to customers during disruptions. But, what do industries need in order to...
Where does information security fit into a company?
Dejan Kosutic
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate...
Very often, I hear controversial discussions about whether information security is part of IT, or whether it should be separate from it, part of some compliance or risk department, etc. But, before we determine who...
Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these...
Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information...
How to use ISO 22301 for the implementation of business continuity in ISO 27001
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management....
One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO...
How to perform business continuity exercising and testing according to ISO 22301
Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too...
Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too much, while others maintain that it has no purpose because they cannot perform the full...
The most popular ISO 27001 & ISO 22301 blog posts
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have...
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas...
Setting the business continuity objectives in ISO 22301
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301...
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have problems like these: Which types of objectives...
New book – Becoming Resilient: The Definitive Guide to ISO 22301 Implementation
As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO...
As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. So, if you are a business continuity practitioner looking for some tips on...
The purpose of Business continuity policy according to ISO 22301
Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This...
Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster recovery practitioners are asking themselves, so here’s...
Activation procedures for business continuity plan
Having a business continuity plan is nice, but if you don’t know when and how to start using it, the...
Having a business continuity plan is nice, but if you don’t know when and how to start using it, the money you’ve invested in it was spent in vain. Even worse, you’ll likely lose quite...
Is it possible to calculate the Return on Security Investment (ROSI)?
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of...
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of your job: to convince your management that investment in information security/business continuity makes sense. Traditionally,...
Does ISO 27001 mean that information is 100% secure?
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy...
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy outage – what you also probably know is that this outage was caused by Amazon...
How to deal with BCM sceptics?
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major...
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major disaster occurs”? If you implemented business continuity management, you probably did. Naturally, such an attitude...
How to write business continuity plans?
If you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans....
If you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans. Why is it so difficult? Well, you have to think of various scenarios under which...
Can business continuity strategy save your money?
You are thinking about implementing the business continuity management/BS 25999-2 standard? But then you hear it will cost you a...
You are thinking about implementing the business continuity management/BS 25999-2 standard? But then you hear it will cost you a lot? It probably will cost you, but not necessarily as much as you thought –...
RTO and RPO: What is the difference between Recovery Time Objective and Recovery Point Objective?
Updated: December 13, 2023. When developing Business Continuity Plans (BCPS) or Disaster Recovery Plans (DRPs), two terms appear quite often:...
Updated: December 13, 2023. When developing Business Continuity Plans (BCPS) or Disaster Recovery Plans (DRPs), two terms appear quite often: Recovery Time Objective (RTO) and Recovery Point Objective (RPO). While paramount to the definition of...
