Show me desktop version

The ISO 27001 & ISO 22301 Blog

Enabling communication during disruptive incidents according to ISO 22301

Disasters and disruptive business incidents push people and organizations to their limits, and one of the first impacted elements are communication systems. Depending on incident type and magnitude, increased demand for communication, or communication infrastructure capability reduction, may render communication impossible, adding more confusion to an already chaotic situation. ISO …

Read More ...

Organizational resilience according to ISO 22316 – Is this another buzzword?

Both management systems standards on information security (ISO 27001) and business continuity (ISO 22301), while trying to encompass the whole organization, still lack components and dimensions to holistically protect an enterprise. The concept of resilience expands these approaches and enhances the preparedness and development of organizations. Resilience – What’s this? …

Read More ...

Beyond the BCM Manager: Additional roles to consider during the disruptive incident

A crisis or disaster is something that no organization, regardless of its size, wants to go through. Because of this, many of them adopt business continuity practices, such as Business Continuity Management Systems (BCMS) based on ISO 22301, to minimize the chances of such events occurring and, if they occur, …

Read More ...

ISO 22301 Case study in the travel industry: Business continuity as a necessity in customer care

Business continuity protects an organization from the impacts of business disruptions. The goal is to provide a certain level of products and services to customers during disruptions. But, what do industries need in order to take care of their customers themselves? As usual, a normal project start… As a case …

Read More ...

Incidents in ISO 22301 vs. ISO 27001 vs. ISO 20000 vs. ISO 28003

Management system standards, especially those dealing with security and interruptions of business processes, use the term “incident management.” As these management system standards deal with different aspects of managing business processes (IT Service Management, Information Security, Business Continuity, Supply Chain Security, and possibly others), the term is widely used but …

Read More ...

The blessing of continuous improvement in ISO 22301

As with any other ISO management standard, not improving is not an option in ISO 22301. Best results can be achieved if improvements are applied to different aspects of the BCM approach. What improvement area or areas may have high priority is mainly dictated by the actual situation of the …

Read More ...

The challenging role of the ISO 22301 BCM Manager

The Business Continuity Management (BCM) manager plays a pivotal role in the implementation of a BCM approach. As such, the role faces multiple challenges, from both top management and key process owners within the organization. As BCM is considered to be a cost factor in the first place, proper funding and …

Read More ...

How to implement integrated management systems

Recently, we saw the release of new versions of two of the best-known ISO standards: ISO 9001 (requirements for Quality Management Systems) and ISO 14001 (requirements for Environmental Management Systems). Like ISO 22301 and ISO 27001:2013, these standards follow a similar structure, based on Annex SL, Appendix 2 of ISO/IEC Directives (for more …

Read More ...

3 phases of delivering an ISO 27001/ISO 22301 consulting job

If you’re an independent consultant at the beginning of your career, you’re probably wondering how to perform your first consulting job for ISO 27001 or ISO 22301 implementation. But, don’t worry – here’s what you need to do. Steps before you start the project If this is really your first job, …

Read More ...

Understanding IT disaster recovery according to ISO 27031

Section A.17.1 of Annex A of ISO 27001 has as its objective that an organization shall embed information security continuity in its business continuity management systems. To support that, this section provides controls related to business continuity procedures (BCPs), recovery plans and redundancies. However, like all management system standards, ISO 27001 describes only what …

Read More ...

Infographic: The brain of an ISO auditor – What to expect at a certification audit

  If your company is going for the ISO certification (e.g., ISO 9001, ISO 14001, OHSAS 18001, ISO 20000, ISO 22000, ISO 22301, or ISO 27001), you’re probably not very happy about it – certification auditors are usually perceived as persons who are not very open minded and who will …

Read More ...

How to use ISO 22301 for the implementation of business continuity in ISO 27001

One of the biggest mysteries in ISO 27001 implementation is the Annex A section A.17, which speaks about business continuity management. How does business continuity relate to information security, and why is it included in ISO 27001? Unfortunately, ISO 27001 does not provide much detail when it comes to business continuity. …

Read More ...

How to perform business continuity exercising and testing according to ISO 22301

Exercising and testing of business continuity plans is quite a controversial topic – some people say that it costs too much, while others maintain that it has no purpose because they cannot perform the full testing, anyway. Well, both of these might be true, but the fact is: without exercising …

Read More ...

Explanation of the basic terminology in ISO standards

Updated 2015-12-11: Number of mandatory clauses When I deliver various trainings for ISO 27001 and ISO 22301, it always turns out that one of the hottest topics is about which policies and procedures need to be documented, and which do not. Of course, there are some other heated discussions as well, …

Read More ...

ISO 27001 & ISO 22301
Free Downloads

 

Upcoming free webinar
ISO 27001 & ISO 22301: Why is it better to implement them together?
Wednesday - March 1, 2017
Show posts:
Request callback
Request callback

Or call us directly

International calls
+1 (646) 759 9933