
What is the purpose of business continuity. General information about business continuity as a concept.
About the ISO 22301 and other related standards. The structure of ISO 22301:2019.
What is a management system. General information about the business continuity management system.
Examples of internal and external issues that are relevant to the organization.
Who are the interested parties (stakeholders). Examples of needs and expectations.
What is the scope of the BCMS. How the organization can decide the scope of its business continuity management system
About the 2024 amendment to ISO 22301:2019 about climate change. Determinig whether climate change is a relevant issue and acknowledging the relevant interersted parties can have requirements related to climate change
The top management shall demonstrate leadership and commitment with regards to the BCMS. How to do that.
What should the business continuity policy include. What are the requirements with regards to the communication and availability of the policy.
The persons responsible for managing the BCMS. What are their responsibilities and authorities.
Risks and opportunities related to the BCMS. Examples of risks and opportunities and the process for their identification and treatment.
There shall be business continuity objectives. The organization is required to monitor the achievement of its objectives. Examples of business continuity objectives and plans for their achievement.
The organization shall control the changes to its business continuity arrangements so that negative impacts are avoided or mitigated.
The resources needed for the BCMS. Who should provide the resources.
The process for ensuring competency. Actions to address the gap between existing and required competence.
The importance of awareness for business continuity. What should an awareness program include.
Internal and external communications relevant for the BCMS.
The documentation that supports the Business Continuity Management System. Types of documents. Controls for documented information.
How the business impact analysis can be performed. What impacts can be considered. Concepts like MTPD (Maximum Tolerable Period of Disruption), RTO (Recovery Time Objective), MBCO (Minimum Business Continuity Objective) or RPO (Recovery Point Objective).
The process to identify, analyze, assess and treat risks that can lead to disruptions. Aspects to consider in the risk assessment process and details as to how the risk assessment can be performed.
Using the information from the business impact analysis and the risk assessment the organization shall articulate its business continuity strategies and solutions. What elements should normally include a business continuity strategy.
An incident response structure shall be formally appointed. Who should be part of the incident response structure and what are the responsibilities of this structure
Communication is very important in case of a disruption. What and with whom the organization should communicate.
The organization shall document and maintain business continuity plans and procedures. Those document detail how the organization will respond to a disruption and how activities are to be resumed. What should be included in a business continuity plan.
The business continuity arrangements shall be tested periodically. The organization shall develop and implement an exercise programme. Different types of exercises that can be performed.
The business impact analysis, the risk assessment, business continuity strategies and solutions, plans and procedures shall be evaluated periodically
The organization is required to monitor and measure its BCMS. The data generated from monitoring and measuring shall be analyzed and evaluated. Examples of key performance indicators for the BCMS.
The BCMS shall be audited internally at planned intervals. About the internal audit programme, the auditors and the documents generated from the internal audit process.
The top management of the organization is required to review periodically the BCMS to ensure that it remains suitable, adequate and effective. About the input elements to the management review and about what should be the outcomes of the reviews.
Nonconformities are addressed by implementing corrections and corrective actions. Definitions and examples.
The organization shall continually improve its the suitability, adequacy and effectiveness of its Business continuity management systems.
How an organization can obtain and maintain the certification to ISO 22301:2019. The migration from the 2012 version of ISO 22301 to the 2019 version.
Certification of persons as business continuity professionals.
The course discusses the concept of business continuity and the requirements of ISO 22301:2019 - the international standard that defines the requirements for a Business Continuity Management System (BCMS).
The course follows the structure of the standard covering the following requirements:
- Context of the organization - internal and external issues that affect the organization, the needs and expectations of interested parties and the scope of the business continuity management system
- Leadership - top management commitment for business continuity, business continuity policy, roles, responsibilities and authorities
- Planning - Actions to address risks and opportunities, business continuity objectives and the planning of changes
- Support - Resources, competence and awareness, communication and documented information
- Operation - Business impact analysis, risk assessment, business continuity strategies and solutions, business continuity plans and procedures, warning and communication, the incident response structure, the exercise programme and the evaluation of business continuity documentation and capabilities
- Performance evaluation - Monitoring and measurement, analysis and evaluation, the internal audit of the BCMS, management review
- Improvement - Nonconformity and corrective action; continual improvement.
The information is valuable to any professional involved in business continuity and disaster recovery related activities.
After going through the lessons here you will have a clear image of how a business continuity management system (BCMS) should be shaped, what are it's main elements, what documents should exist and how they should be implemented.
The information in the course is valuable for professionals who want to participate in business continuity auditing - of suppliers, partners or for certification purposes.
If you are looking to become a certified business continuity professional then the information in this course will be of great help.
If your organization intends to become certified to ISO 22301:2019 and you have responsibilities for the BCMS then I am sure you will find a lot of support in this course.