ISO 22301 – 2019Business Continuity Management System (BCMS)
7 Phase Successful ISO 22301 Implementation
Business Continuity Management System - ISO 22301 Consulting Overview
An organisation achieving ISO 22301 certification implies it has recovery and restoration capability for each outage scenario, be it technology, site, vendor, people/skill or any other dependency. We have a 7 phase approach that starts with understanding your business and continuity objectives. This is followed by Business Impact Analysis (BIA), and Risk Assessment (RA) to determine your minimum business continuity objectives.
Each of our ISO 22301 consulting assignment involves transfer of knowledge, skills, documented plans, and testing of each of those plans. We create two layer plans that includes restoration of minimum as well as full restoration.
We have implemented ISO 22301 for large Telecoms covering multiple locations, Financial Institutions, and Insurance Companies. Each of them are successfully ISO 22301 certified.
What makes us unique is our involvement in the engagement that ensures your business is capable of successful recovery. Our methodologies of understanding a business, business impact analysis, risk assessment, continuity strategies (focus on outage rather than events), individual restoration plans, Disaster Recovery Plans, rigorous testing, and zero defect ISO 22301 certification – each of these features contribute to a better return of your business continuity investment.
What are the ISO 22301: 2019 Certification Requirements?
Our ISO 22301 Consulting Methodology has the following broad phases
PHASE IDetermination of Objectives
Understanding the business objectives, and business continuity objectives.
PHASE IIGap Analysis
Business impact analysis (BIA) and risk assessment.
PHASE III Recovery Strategy
Management Strategy for recovery
PHASE IVDocumentation
Documenting and communication individual plans.
PHASE V Testing
Testing each of the Individual Plans.
PHASE VIInternal Audit
Internal audit followed by a formal review of the program gives organisation an independent perspective, and enables them to be ready for final attestation.
PHASE VIIImplementation
This has two stages Stage
1 – Documentation Audit, and
2 – implementation verification.
We support you in all phases to help you achieve ISO 22301 certification. Upon successful completion an ISO 22301 certificate is issued which has a validity of 3 years subject to annual surveillance.
Training
We provide bespoke training, listed below are our offerings.
- Shorter Sessions from 1 hour to 4 hours
- Interpretation of the ISO 27001 requirements
- 1 Day Awareness Session
- 2 Days Internal Audit Course
- 3 Days Implementation Course covering 10+ hands on exercises
Upon receiving your request, we will provide you further details.
Documentation Toolkit
ISO 27001 requires documentation of policies, procedures and records. As a result of several consulting assignments, we have some of the best content available that covers all the requirements. Our documentation has the following salient features:
- Alignment with all ISO 27001-documentation requirements
- Our experiences turned into documentation templates
- Project Tracking tools to support the implementation
- Q & A support
Upon receiving your request, we will provide you further details.
Internal Audit
An independent assessment helps to assess the state of compliance. Our internal audit methodology includes people, process, technology and measurements to assure and provide management the degree of ISO 27001 compliance. Typically 3-5 days is required to perform a comprehensive internal audit. Upon receiving your request, we will provide you further details.
Business Impact Analysis and Risk Assessment
Business Impact Analysis results in identification of mission critical services and activities, determining their outage tolerance, and determine their priority in restoration. Risk Assessment is the analysis of strength or weakness of ‘continuity capability’ to restore services based in technology, site, suppliers and personnel’s. We have one of the most comprehensive risk assessment approach that includes ‘continuity capability, ‘individual ISO 22301 requirements’, and ‘individual BC plans’. Let us know if you are interested.
Upon receiving your request, we will provide you further details.
Program Management
Our consulting methodology experience has helped us to understand – what it takes to design and maintain a successful ISO 22301 compliance. The outsourcing model removes the compliance responsibility to an external team, whereas the management focuses on customer/business delivery.
Upon receiving your request, we will provide you further details.
Exercises
Business continuity plans are as good as they are tested. We can help you design and test range of tests that includes (but not limited)
- Crisis Communication
- Cyber Attack Simulation
- IT restoration and recovery in sequence
Upon receiving your request, we will provide you further details.
