1 / 28

ISO 22301:2019 (Business Continuity Management Systems) Awareness Training

[To download this presentation, visit: https://www.oeconsulting.com.sg/training-presentations]

Download Presentation

ISO 22301:2019 (Business Continuity Management Systems) Awareness Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. ISO 22301:2019 Security & Resilience – Business Continuity Management Systems © Operational Excellence Consulting © Operational Excellence Consulting. All rights reserved.

  2. NOTE: This is a PARTIAL PREVIEW. To download the complete presentation, please visit: https://www.oeconsulting.com.sg LEARNING OBJECTIVES Describe the audit approach and learn useful tips for handling an audit session Provide background knowledge of ISO 22301 Gain an overview of the ISO 22301:2019 structure Understand the ISO 22301:2019 certification process 2 © Operational Excellence Consulting

  3. CONTENTS 02 03 04 05 01 OVERVIEW OF ISO 22301 ISO 22301:2019 STRUCTURE ISO 22301:2019 CERTIFICATION PROCESS HANDLING AN AUDIT SESSION AUDIT APPROACH 3 © Operational Excellence Consulting

  4. 95% of global business leaders report that their crisis management capabilities need improvement. 4 Source: PwC Global Crisis Survey 2021 © Operational Excellence Consulting

  5. 51% of companies across the globe don’t have a business continuity plan. 5 Source: Mercer, 2020 © Operational Excellence Consulting

  6. WHAT IS ISO 22301? ISO 22301 is an International Standard for implementing and maintaining effective business continuity plans, systems and processes ● It establishes a framework for industrial plants or entire companies to manage all aspects of business continuity ● Applies to all types and sizes of organizations ● 6 © Operational Excellence Consulting © Operational Excellence Consulting

  7. OBJECTIVE OF ISO 22301 ISO 22301:2019 specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. 7 © Operational Excellence Consulting

  8. WHAT IMPROVEMENTS WERE MADE TO ISO 22301:2019? The structure of the standard has been reviewed to make it easier to read and implement, with greater clarification of what is required The language and terminology have been simplified to remove duplication and better reflect today’s thinking in the business continuity industry The High Level Structure (HLS) has been streamlined to remain in line with all other ISO management system standards 8 © Operational Excellence Consulting

  9. WHO CAN USE ISO 22301? ISO 22301 is applicable to all types and sizes of organizations that: Implement, maintain and improve a BCMS Seek to ensure conformity with stated business continuity policy Need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption Seek to enhance their resilience through the effective application of the BCMS 9 © Operational Excellence Consulting

  10. BENEFITS TO AN ORGANIZATION FOR IMPLEMENTING A BUSINESS CONTINUITY MANAGEMENT SYSTEM Improved business performance and organizational resilience Companies with multiple sites can rely on the same consistent approach Provides ability to reassure clients, suppliers, regulators and other stakeholders Help organizations respond to, and recover from, disruptions effectively A better understanding of critical issues and areas of vulnerability Reduced costs and less impact on business performance should something go wrong 10 © Operational Excellence Consulting

  11. ADVANTAGES OF CERTIFICATION Certification to ISO 22301 is voluntary ● Independent check of conformity by a third party ● Indicates an effective Business Continuity Management System ● National/International recognition ● Provides competitive advantage ● Improves company image ● © Operational Excellence Consulting © Operational Excellence Consulting 11 11

  12. RISK-BASED THINKING Scope, Context, Criteria Identifying potential risks, likelihood and consequences ● Risk Assessment MONITORING & REVIEW COMMUNICATION & CONSULTATION Risk Documenting assumptions and criteria ● Identification Risk Analysis Identifying activities by risk classification in order of priority ● Risk Evaluation Allocating necessary resources to risk management plan ● Risk Treatment RECORDING & REPORTING Documenting results and develop a Risk Management Action plan ● 12 © Operational Excellence Consulting

  13. ISO 22301:2019 IS BASED ON THE ISO HIGH-LEVEL STRUCTURE FOR MANAGEMENT SYSTEM STANDARDS 1. Scope 6. Planning 2. Normative References 7. Support 3. Terms & Definitions 8. Operation 4. Context of the Organization 9. Performance Evaluation 5. Leadership 10. Improvement 13 © Operational Excellence Consulting

  14. HLS –THE SAME CORE ELEMENTS Environment ISO 14001 Quality Management ISO 9001 THE SAME CORE ELEMENTS Occupational Health & Safety ISO 45001 Food Safety ISO 22000 14 © Operational Excellence Consulting

  15. ISO 22301:2019 IS BASED ON THE PDCA MODEL SCOPE OF THE BUSINESS CONTINUITY MANAGEMENT SYSTEM ESTABLISH BCMS INTERNAL & EXTERNAL ISSUES Do Plan INTENDED OUTCOMES OF THE BCMS MAINTAIN & IMPROVE THE BCMS IMPLEMENT & OPERATE THE BCMS NEEDS & EXPECTATIONS OF INTERESTED PARTIES Check Act MONITOR & REVIEW THE BCMS 15 Source: Adapted from ISO © Operational Excellence Consulting

  16. ISO 22301:2019KEY CLAUSE STRUCTURE (4-10) PLAN DO CHECK ACT 4. Context of the organization 5. Leadership 6. Planning 7. Support 8. Operation 9. Performance evaluation 10. Improvement 4.1 Understanding the organization and its context 5.1 Leadership and commitment 6.1 Actions to address risks and opportunities 7.1 Resources 8.1 Operational planning and control 9.1 Monitoring, measurement, analysis and evaluation 10.1 Nonconformity and corrective action 4.2 Understanding the needs and expectations of interested parties 5.2 Policy 6.2 Business continuity objectives and plans to achieve them 7.2 Competence 8.2 Business impact analysis and risk assessment 9.2 Internal audit 10.2 Continual improvement 4.3 Determining the scope of the BCMS 5.3 Roles, responsibilities and authorities 6.3 Planning changes to the BCMS 7.3 Awareness 8.3 Business continuity strategies and solutions 9.3 Management review 4.4 Business continuity management system 7.4 Communication 8.4 Business continuity plans and procedures 7.5 Documented information 8.5 Exercise programme 8.6 Evaluation of business continuity documentation and capabilities © Operational Excellence Consulting

  17. THE PDCA CYCLE IS THE ENGINE OF CONTINUOUS IMPROVEMENT Continuous Improvement A P D C New Standard A P D Improvement C Consolidation through Standardization Current Standard Time 17 © Operational Excellence Consulting

  18. BECOMING ISO 22301:2019 CERTIFIED The certification body examines the BCMS for conformity to the ISO 22301:2019 standard ● The BCMS audit is a compliance audit ● Certification means the organization has a documented BCMS that is fully implemented and meets ISO 22301:2019 requirements ● 18 18 © Operational Excellence Consulting © Operational Excellence Consulting

  19. ISO 22301:2019 CERTIFICATION PROCESS Conduct Internal Audit and Review Result by Top Management Confirmation of Registration Stage 1 Audit 2 4 6 1 3 5 7 Implementation of BCMS Selection of a Certification Body Stage 2 Audit Continual Improvement and Surveillance Audits 19 © Operational Excellence Consulting

  20. WHAT DOES CERTIFICATION ASSURE? Regular assessment to continually monitor and improve processes Credibility that the system can achieve its intended outcomes Consistency in the outputs designed to meet stakeholder expectations Reduced risk and uncertainty and increase market opportunities 20 © Operational Excellence Consulting

  21. WHAT IS AN AUDIT? Systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which audit criteria are fulfilled ● Audit criteria ● Processes or procedures ○ Standards ○ 21 21 © Operational Excellence Consulting © Operational Excellence Consulting

  22. WHAT ARE AUDITS USED FOR? Looking at the overall process Assessing for certification Auditing conformity Investigating problems Auditing effectiveness Way of improving Approving external service providers Highlight examples of good practice 22 © Operational Excellence Consulting

  23. AUDIT APPROACH Focuses on employees’ understanding of the organization’s processes and verifies that these processes are: ● complied with o under control o achieving the desired results o Provide evidence, e.g. records, meeting minutes, reports, data and emails ● © Operational Excellence Consulting © Operational Excellence Consulting 23 23

  24. AUDIT FINDINGS MAJOR NONCONFORMITY MINOR NONCONFORMITY OBSERVATION § A minor nonconformity is an observed lapse in your systems ability to meet the requirements of the standard or your internal systems, while the overall process remains intact § An observation or opportunity for improvement relates to a matter about which the Auditor is concerned but which cannot be clearly stated as a non- conformity § A major nonconformity relates to the absence or total breakdown of a required process or a number of minor nonconformities listed against similar areas § A major nonconformity at the Registration Audit would defer recommendation for registration until that major has been closed § Observations also indicate trends which may result in a future nonconformity 24 © Operational Excellence Consulting

  25. HOW TO HANDLE AN AUDIT SESSION? Do not panic Offer evidence and explain patiently Take note of improvement areas highlighted by the auditor Ask and clarify Show internal audit report, when necessary Admit obvious non-conformities 25 © Operational Excellence Consulting

  26. AUDITEE’S CONDUCT Polite ● Professional ● Positive / Receptive ● Sincere ● Commitment ● Formal but not overly serious ● © Operational Excellence Consulting © Operational Excellence Consulting 26 26

  27. INTERACTING WITH AUDITORS –DO’S Be honest and open Turn mobile phones to silent mode ● ● Recognize they may be experts Get the right person in to answer the question ● ● Realize they may not be subject matter experts ● Listen carefully and understand each question before answering – Be sure responses are complete and accurate ● Understand the purpose of the meeting and review related records prior to interviews ● 27 © Operational Excellence Consulting

  28. ABOUT OPERATIONAL EXCELLENCE CONSULTING Operational Excellence Consulting is a management training and consulting firm that assists organizations in improving business performance and effectiveness. Based in Singapore, the firm’s mission is to create business value for organizations through innovative design and operational excellence management training and consulting solutions. For more information, please visit www.oeconsulting.com.sg © Operational Excellence Consulting

More Related