Università degli studi di Roma La Sapienza
Dipartimento di Informatica:
La continuità operativa negli standard BS 25999 e ISO 22301
Relatore: Laura Schiavon
Roma 4 giugno 2012
17/05/2012 - | 1
La Business Continuity è oggi un tema centrale per
tutte le aziende ed organizzazioni e la sua gestione è un
elemento strategico per il controllo dei rischi.
La capacità di un’organizzazione di mantenere attivi i
propri processi strategici anche in caso di incidenti o
eventi anomali e la sua velocità di ripristino della piena
operatività, possono rappresentare un concreto e
difendibile vantaggio competitivo.
Contenuti del seminario
17/05/2012 - | 2
• Avviare in maniera strutturata lo studio dello
standard BS 25999;
• Introdurre il nuovo standard ISO 22301;
• Descrivere i requisiti della norma;
• Valutare i benefici dell’implementazione di un
BCMS;
• Identificare i criteri di integrazione con altri
standard operativi nelle organizzazioni.
Obiettivi del seminario
17/05/2012 - | 3
72% of companies surveyed had experienced at least
one disruption to their supply chain.
83% had experienced disruption over all.
Why we need a BCM?
17/05/2012 - | 4 Courtesy of BSI
83% AGREE BCM is important/very important yet…*
58% of CEO’s surveyed say they have BCM plans in place
50% of organizations with BCM report that it includes plans for
handling the media
45% of organizations with BCM do not require any supply chain
partners to have their own plans
50% of organizations with BCM exercise their plans once a year.
Around 25% fail to exercise their plans on a regular basis.
* BSI/BCI/Cabinet Office survey 2012 with Chartered
Management Institute (CMI)
Are organisations ready for the
next crisis?
17/05/2012 - | 5 Courtesy of BSI
CEO’s main focus:
•Reputational Impairment
•Market Share Loss
•Increased Customer Confidence
•Governance Expectation “The Right Thing To Do”
Business Continuity
Management - Drivers
17/05/2012 - | 6 Courtesy of BSI
Continuità operativa:
BS 25999
Strategic and tactical capability of the organization to plan
for and respond to incidents and business disruptions in
order to continue business operations at an acceptable
predefined level
ISO 22301
?
BC management
BC programe
Definizioni
17/05/2012 - | 7 Courtesy of BSI
A management system is a set of interrelated or
interacting elements of an organization to establish
policy and objectives, and processes to achieve those
objectives
Definizioni
17/05/2012 - | 8 Courtesy of BSI
PAS 56 BS 25999 ISO 22301
2003 2006 2012
• Started as a “PAS” (Publicly Available Specification) by
BSI
• Became British Standard BS 25999 in 2006
• New ISO 22301 (16 May 2012)
La storia
17/05/2012 - | 9 Courtesy of BSI
ISO 22301 supersedes BSI’s British Standard
BS 25999 – the world’s most recognised & adopted
BCM standard.
BS 25999 sold in over 100 countries.
Certificates in 43 countries.
Certificate applications in another 15 countries*
800 sites already certified by BSI with 400 pending*
Market leaders in BS 25999 certification.
La storia
17/05/2012 - | 10 Courtesy of BSI
17/05/2012 - | 11
BS 25999 global adoption
Courtesy of BSI
17/05/2012 - | 12
BS 25999 – multi-sector adoption
Courtesy of BSI
• Allows organizations to benefit from global BCM best practice, regardless of whether they are planning to certify or not
• Provides a foundation and a common vocabulary for BCM best practice and guidance
• Saves you having to reinvent the wheel
Benefici nell’adozione dello
Standard
17/05/2012 - | 13 Courtesy of BSI
• The ‘Plan Do Check Act’ cycle
• Business continuity policy
• Business impact analysis
• Risk assessment and risk treatments
• Business continuity plans and strategy
• Exercising
• Internal audit
• Management review
• Non conformity and corrective action
• Improvement actions
Elementi costitutivi dei due
standard
17/05/2012 - | 14 Courtesy of BSI
New international standard for business continuity
management (BCM)
Its official title is ISO 22301 Societal Security - Business
continuity management system - Requirements
All core business continuity elements in BS 25999-2 are
present in ISO 22301
La nuova ISO 22301
17/05/2012 - | 15 Courtesy of BSI
Provides the requirements for a business continuity
management system (BCMS)
Based on global BCM best practice
Created in response to strong interest in the original
British Standard BS 25999-2 and other regional
standards
BS 25999-2 key source text in its development
For those certified to or aligned with BS 25999-2, the
additional requirements are not onerous
La nuova ISO 22301
17/05/2012 - | 16 Courtesy of BSI
Il titolo:
ISO 22301 Societal Security - Business continuity
management system - Requirements
ISO 22301 now comes under a wider societal security
remit
This acknowledges the important role that BCM has to
play in protecting society and ensuring our ability to
respond to incidents, emergencies and disasters.
Novità
17/05/2012 - | 17 Courtesy of BSI
Notable shifts in emphasis from BS 25999-2:2007:
First standard written in accordance with Guide 83
Change in the way an organization is defined
Clearer expectations on management
Preventive action has been replaced with “actions to
address risks and opportunities” and features earlier
ISO 22301 puts a much greater emphasis on setting the
objectives, monitoring performance and metrics –
aligning BC to top management strategic thinking
Cambiamenti più significativi
17/05/2012 - | 18 Courtesy of BSI
22301 requires more careful planning for and preparing the resources needed for ensuring business continuity
Communication elements more demanding and there is a responsibility to the wider community defined
BIA similar but with some changes to terminology
There is a stronger link to the organizations approach to risk
To reflect the societal security approach some new terminology has been introduced, see ISO 22300
Cambiamenti più significativi
17/05/2012 - | 19 Courtesy of BSI
• Context of the organization
• Interested parties
• Leadership
• Maximum acceptable outage (MAO)
• Minimum business continuity objective (MBCO)
• Performance evaluation
• Prioritized timeframes
• Warning and communication
Nuovi concetti ed attività,
qualche dettaglio in più
17/05/2012 - | 20 Courtesy of BSI
Certification certificates will remain valid during the
two year transitional period
Organizations will need to complete their transition to
the new revision by 1 June 2014
Failure to do this will result in the expiry of their
certificate
Transition plan
17/05/2012 - | 21 Courtesy of BSI
Il confronto migliora il lavoro di tutti,Il confronto migliora il lavoro di tutti,
grazie per le vostre domandegrazie per le vostre domande
17/05/2012 - | 22
Chi siamo
17/05/2012 - | 25
Enigma Defense affronta ogni incarico con approccio
strutturato e metodologie accreditate, avvalendosi
delle forti competenze ed esperienze progettuali dei
propri Soci e Collaboratori su molteplici aree della
sicurezza e della continuità operativa (business
continuity/disaster recovery)
Enigma Defense affronta ogni incarico con approccio
strutturato e metodologie accreditate, avvalendosi
delle forti competenze ed esperienze progettuali dei
propri Soci e Collaboratori su molteplici aree della
sicurezza e della continuità operativa (business
continuity/disaster recovery)
Enigma Defense offre un insieme completo di
soluzioni e servizi, a partire dalla valutazione dei
livelli di sicurezza presenti e necessari, alla
progettazione di soluzioni e piattaforme di sicurezza
complesse ed integrate, sino agli aspetti di
Governance e formazione
Enigma Defense offre un insieme completo di
soluzioni e servizi, a partire dalla valutazione dei
livelli di sicurezza presenti e necessari, alla
progettazione di soluzioni e piattaforme di sicurezza
complesse ed integrate, sino agli aspetti di
Governance e formazione
Enigma Defense è un'azienda giovane, che nasce dalla spinta
di professionisti accreditati decisi a far convergere in questa
entità la loro esperienza e capacità
L’offerta
17/05/2012 - | 26
Principali Clienti
17/05/2012 - | 27
Le competenze ed
esperienze maturate da
Enigma Defense associate
alle specifiche
competenze dei nostri
Partner hanno favorito e
favoriscono nuove
iniziative di business
17/05/2012 - | 28
PartnershipIl nostro approccio
Principali Partnership
17/05/2012 - | 29
Top Related