You are previewing A Manager's Guide to ISO22301.
O'Reilly logo
A Manager's Guide to ISO22301

Book Description

Understand ISO22301 Business Continuity

Have you ever wondered whether your business continuity plan is any good, or whether you've even got a business continuity plan? When something goes wrong it is no longer acceptable to 'shoot from the hip' or 'wing it'. Corporate governance codes and company law require directors to have thought of, and planned for, interruptive incidents so that there is at least some hope of an effective response.

A Manager's Guide to ISO22301 shows you how to develop and implement a business continuity management (BCM) and disaster recovery plan, ensuring you get back on your feet with the minimum of fuss, should the unthinkable happen.

Providing a comprehensive introduction to the topic, this book includes practical, detailed guidance on developing and implementing a BCM system certifiable to the ISO22301 standard, using detailed and illustrative examples. A BCM policy and other useful document templates are provided in the appendices.

A guide to the new business continuity standard

A Manager's Guide to ISO22301:

  • Starts with an overview of business continuity, how it relates to IT Disaster Recovery (ITDR) and how ISO22301 differs from its predecessor, BS25999.
  • Describes the BCM policy and related policy statement and gives an overview of the BCM process. A summary of the sections and main components of ISO22301 is provided.
  • Discusses business impact analysis (BIA) and risk assessment in the context of business continuity.
  • Outlines key areas of BCM including strategy, procedures, testing, evaluation and improvement.
  • Examines BCM culture, document management, reporting and certification, and briefly considers BCM standards and codes of practice.

As an international standard, ISO22301 is likely to become the benchmark that is used to judge how a business will cope with disaster. Although only some public bodies are required by law to have business continuity plans, an ISO22301 compliant system will give you peace of mind, reassure your customers and business partners and help you to meet your legal obligations.

"

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. About The Author
  5. Contents
  6. Introduction
  7. Chapter 1: Introducing Business Continuity Management
    1. What is business continuity management?
    2. BCM policy
  8. Chapter 2: Overview of the BCM Process
    1. Context of the organisation
    2. Leadership
    3. Planning
    4. Support
    5. Operation
    6. Performance evaluation and improvement
  9. Chapter 3: Business Impact Analysis and Risk Assessment
    1. Business impact analysis
    2. Risk identification, assessment and management
  10. Chapter 4: Business Continuity Strategy
    1. IT disaster recovery
    2. People
    3. The rest of the resource spectrum
    4. Deliverables
  11. Chapter 5: Business Continuity Procedures
    1. The incident response structure
    2. Triggering the BCM response – activation
    3. Business continuity planning
  12. Chapter 6: Exercising and Testing
    1. Exercises
  13. Chapter 7: Performance Evaluation
    1. Monitoring and measurement
    2. The BCMS
  14. Chapter 8: Improvement
    1. Non-conformity and corrective action
    2. Documentation
    3. Continual improvement
  15. Chapter 9: BCM Culture
    1. Making business continuity effective
  16. Chapter 10: Document Management and Control
    1. Reliability
    2. Usability
    3. Version control
    4. Document history
    5. Security
  17. Chapter 11: Reporting and Assurance
    1. Corporate governance
    2. Supplier assurance
    3. Due diligence
  18. Chapter 12: Certification
    1. System compliance
    2. BCMS implementation
    3. Certification
    4. Certification bodies
  19. Chapter 13: Standards and Codes of Practice
    1. The Combined Code on Corporate Governance (UK)
    2. Turnbull
    3. Sarbanes-Oxley
    4. Basel II
    5. ISO27031
    6. ISO27001
  20. Bibliography
  21. Appendix 1: A BCM Policy
  22. Appendix 2: BCM Competencies
  23. Appendix 3: A Risk Register
  24. Appendix 4: A Crisis Management Team
  25. Appendix 5: A Communication Cascade
  26. Appendix 6: Document Templates
  27. Appendix 7: A Document Register
  28. Appendix 8: Acronyms and Abbreviations
  29. ITG Resources