22301transition_bsi20110321
TRANSCRIPT
ISO 22301 - the Transition
Lorraine King BSI
© The British Standards Institution 2011
2
What is ISO 22301What is ISO 22301
Societal securitySocietal security -Preparedness and continuity
management systems –Requirements
ds In
stitu
tion
2011
Requirements
© T
he B
ritis
h S
tand
ard
Widely expected to supersede BS 25999 - 2
©
What is a DIS?3
What is a DIS?
New Work Item
Committee Draft (CD)
Published Standard
ds In
stitu
tion
2011
© T
he B
ritis
h S
tand
ard
Draft International
Standard (DIS)
Final Draft International
Standard (FDIS)
©
4
What ISO 22301 DISWhat ISO 22301 DIS
What is ISO 22301?What is ISO 22301?Very similar to BS 25999 – 2
Wh t th K diff ?What are the Key differences?Monitoring performance
ds In
stitu
tion
2011 Introduces requirement for BCM/BCMS Metrics e.g. BIA update
frequency, number of plans , number exercises completed etc
Operational planning and control
© T
he B
ritis
h S
tand
ard Operational planning and control
Emphasis on operational planning and setting controls for the BCMS
©
5
ISO 22301 anticipated timelineISO 22301 anticipated timeline
• February 28th 2011 – deadline for UK publicFebruary 28 2011 deadline for UK public comment
• April 26th 2011 – deadline for international public p pcomment
• June 2011 – committee vote
ds In
stitu
tion
2011 • Quarter three 2011 – publication of the FDIS
• Quarter one 2012 – final publication of ISO 22301
© T
he B
ritis
h S
tand
ard Quarter one 2012 final publication of ISO 22301
©
6
What happens to BS 25999-2What happens to BS 25999-2
ISO 22301 is published and is ISO 22301 is published as completely different to BS
25999-2.
Little or no overlap
expected with little variation from the DIS
Significant or full overlap
BS 25999-2 may remain as a British standard
ISO 22301 may still be
BS 25999-2 likely to be withdrawn as a British
standard
ds In
stitu
tion
2011
ISO 22301 may still be introduced as a certification
standard
Organisations can choose to
ISO 22301 becomes certification standard for
business continuity
© T
he B
ritis
h S
tand
ard Organisations can choose to
certify to BS 25999-2, ISO 22301 or both
Organisations choose to certify to ISO 22301 or not at
all
©
7
Certified organisations - transitionCertified organisations - transition
Decided by UKAS at the point of publicationDecided by UKAS at the point of publication
• Certified organisations have 12 to 18 months to transition although could be up to 3 yearsg p y
• Part of continuing assessment visits
• Additional visits may be necessary
ds In
stitu
tion
2011
• Additional visits may be necessaryDifferences between ISO 22301 and BS 25999-2
Organisation size and BCMS Scope
© T
he B
ritis
h S
tand
ard Organisation size and BCMS Scope
• Agreed with your certification body at the time
©
8
Working towards BS 25999-2?Working towards BS 25999-2?
Do you expect to be ready for certification beforeDo you expect to be ready for certification before ISO 22301 is published?
ds In
stitu
tion
2011 Yes No
© T
he B
ritis
h S
tand
ard
©
9
Ready for certificationReady for certification
Certify to BS 25999-2Certify to BS 25999 2
Transition to ISO 22301 in accordance with the UKAS processUKAS process
ds In
stitu
tion
2011
© T
he B
ritis
h S
tand
ard
©
10
Not ready for certificationNot ready for certification
Continue working towards BS 25999-2Continue working towards BS 25999 2
Review ISO 22301 development
After publication schedule a gap analysis to ISO 22301
ds In
stitu
tion
2011 Certify directly to ISO 22301
© T
he B
ritis
h S
tand
ard
©
11
SummarySummary
Continue with everything you are doingContinue with everything you are doing to progress your business continuity
management system and overallmanagement system and overall business continuity maturity
ds In
stitu
tion
2011 ‘Keep calm and carry on’
© T
he B
ritis
h S
tand
ard
©