Becoming Resilient – The Definitive Guide to ISO 22301 Implementation电子书

COVER

ABOUT THE AUTHOR

LIST OF FIGURES

PREFACE

1. INTRODUCTION

1.1 Why business continuity?

1.2 Why is planning important?

1.3 What business continuity is not

1.4 ISO 22301 puts it all together

1.5 Who should read this book?

1.6 How to read this book

1.7 What this book is not

2. A FIRST GLANCE AT ISO 22301

2.1 International reach

2.2 Terminology

2.3 Where does business continuity belong?

2.4 Short history of business continuity standards and frameworks

2.5 ISO 22301 and ISO

2.6 How is ISO 22301 structured?

2.7 Which organizations can implement this standard

2.8 How to learn more about the standard

3. GETTING THE BUY-IN FROM YOUR MANAGEMENT (AND OTHERS)

3.1 It’s all about benefits

3.2 How to present the benefits to your top management

3.3 Return on investment (ROI)

3.4 Dealing with line managers and other employees

3.5 Dealing with customers

3.6 Dealing with skeptics

3.7 Bridging the gap between IT and the business

4. GETTING READY FOR YOUR PROJECT

4.1 Implementation options

4.2 Project manager, project management team and the sponsor

4.3 How to choose a consultant

4.4 Steps in ISO 22301 implementation & PDCA cycle

4.5 Integrating with ISO 27001 and/or ISO 9001

4.6 How long does it take?

4.7 Using tools and templates

4.8 How detailed the documentation should be

4.9 Budgeting business continuity

5. SETTING UP THE FRAMEWORK FOR MANAGING BUSINESS CONTINUITY

5.1 Understand what your organization does (clause 4.1)

5.2 Procedure for document control (clause 7.5)

5.3 Identifying interested parties and their requirements (clause 4.2)

5.4 Setting the scope of your BCMS (clause 4.3)

5.5 Writing the Business continuity policy (clause 5.3)

5.6 Setting the BCMS objectives (clause 6.2)

5.7 Awareness & training (clauses 7.2 and 7.3)

6. IMPLEMENTING THE CORE BUSINESS CONTINUITY ELEMENTS

6.1 How to define the activities/units

6.2 Developing the risk management methodology (clauses 8.2.1 and 8.2.3)

6.3 Performing risk assessment (clauses 6.1 and 8.2.3)

6.4 Performing risk treatment/mitigation (clauses 6.1 and 8.3.3)

6.5 Developing the Business impact analysis methodology (clauses 8.2.1 and 8.2.2)

6.6 Performing the business impact analysis (clause 8.2.2)

6.7 Developing the Business continuity strategy (clause 8.3)

6.8 Disruption scenarios (clause 8.5)

6.9 Business continuity plan (clause 8.4)

6.10 Crisis management and communication (clauses 7.4 and 8.4.3)

6.11 Incident response plan (clause 8.4.2)

6.12 Recovery plans (clause 8.4.4)

6.13 Specifics for disaster recovery plans (clause 8.4.4)

6.14 Restoration plan (clause 8.4.5)

7. MAKING SURE EVERYTHING WILL WORK

7.1 Exercising and testing (clause 8.5)

7.2 Maintenance of the plans (clause 9.1.2)

7.3 Post-incident review (clause 9.1.2)

7.4 Monitoring and measurement (clause 9.1.1)

7.5 Internal audit (clause 9.2)

7.6 Management review (clause 9.3)

7.7 Corrective actions and improvements (clause 10)

8. GETTING READY FOR THE CERTIFICATION

8.1 Should you go for the certification in the first place?

8.2 How to perform the final check

8.3 Choosing the certification body

8.4 Stages in the certification and how to prepare

8.5 Human perspective of the certification audit

8.6 Arguing with a certification auditor

8.7 Dealing with major nonconformities

9. AT THE END...

APPENDIX A – DIAGRAM OF ISO 22301 IMPLEMENTATION PROCESS

APPENDIX B – CHECKLIST OF ISO 22301 MANDATORY DOCUMENTATION

APPENDIX C – ISO 22301 VS. BS 25999-2: AN INFOGRAPHIC

APPENDIX D – LIST OF RELATED BUSINESS CONTINUITY STANDARDS AND FRAMEWORKS

APPENDIX E – NFPA 1600 VS. ISO 22301

GLOSSARY

BIBLIOGRAPHY

INDEX

RESOURCES

Becoming Resilient: The Definitive Guide to Iso 22301 Implementation