Everything you need to know about ISO 22301

1
Everything you need to know about ISO 22301
www.infosectrain.com sales_at_infosectrain.com
2
ISO 22301 defines the conditions that an
organization must apply to approve a Business
Continuity Management System (BCMS). To comply
with the terms of this standard, the organization
needs to document a model to develop, implement,
operate, monitor, review, maintain, and improve a
BCMS to increase the resilience of an
organization in case of a disaster.
www.infosectrain.com sales_at_infosectrain.com
3
ISO 223012019 is the updated version of the
international standard for Business Continuity
Management Systems. This standard implements a
best practice framework to help organizations
effectively manage the impact of a disruption to
their regular operation. The purpose of the
standard is not necessary to perform the total
reduction of impact from disruption. It is to
support an organization to know the amount and
type of impact it is willing to accept following
a disruption. After which the organization
generates a business continuity system sized
correctly for the organizational need.
What is BCP? Business Continuity is an
organizations capability to maintain primary
functions during and after a disaster has
occurred. Business Continuity Planning builds
risk management processes and procedures that aim
to prevent interruptions to mission-critical
services and re-establish full function to the
organization as quickly and efficiently as
possible. The standard basic business continuity
requirement is to keep essential functions up and
operating during a disaster and recover with as
little downtime as possible. A business
continuity plan considers various irregular
events, such as natural disasters, fires, disease
outbreaks, cyberattacks, and other external
threats.
www.infosectrain.com sales_at_infosectrain.com
4

• What is BCMS?
• The purpose of the Business Continuity Management
  System is to prepare for, provide and maintain
  controls and capabilities for managing an
  organizations overall ability to continue to
  operate during disruptions.
• What are the benefits of BCMS for business?
• Visible Resilience An effective BCMS gives
  evidence to current and potential customers of
  organizational preparedness for disruption. This
  is especially important in sectors where
  disruption can have substantial impacts on
  peoples lives as well as financial impacts,
  including government, financial, defense, and
  social services.
• Competitive Advantage It may win business from
  competitors that are incapable to operate or are
  doing so in a diminished capacity. A company can
  produce reputational benefits that will attract
  customers as well as benefit from stronger
  financial capabilities. A Business Continuity
  Management System helps an organization to bid or
  tender more efficiently.
• Protect Organization Value A BCMS helps to
  decrease the negative impact of a disruptive
  event. This can save the organization a
  significant amount of money, time, and
  reputational implications.

www.infosectrain.com sales_at_infosectrain.com
5
What is the difference between ISO 27001 and ISO
22301? ISO 22301 needs the implementation of a
Business Continuity Management System (BCMS),
which indicates the importance of implementing
and operating controls and measures for managing
an organizations overall ability to manage
disruptive incidents. ISO 27001 needs the
implementation of an Information Security
Management System (ISMS), which maintains the
confidentiality, integrity, and availability of
information. What to implement first ISO 22301
or ISO 27001? If your organization faces a
number of non-IT threats (each of them being able
to stop operations), and if your IT is just
helping your business processes, you might get
more bang for your buck concentrating on
implementing Business Continuity Management,
based on ISO 22301. On the other hand, if you
are not providing any physical deliverables, but
you just deal with digital products and
information technology processes are the heart of
your organization, you should implement an
Information Security Management System based on
ISO 27001.
www.infosectrain.com sales_at_infosectrain.com
6

• The 10 Clauses of ISO 223012019
• ISO 22301 consists of 10 sections, known as
  Clauses. It comes under Clauses 4.0 10.0.
• Clause 1 Scope
• Clause 2 Normative References
• Clause 3 Terms and definition
• Business Continuity
• Business Continuity Management
• Business Continuity Plan
• Business Impact Analysis
• Crisis Management Team
• Disruption
• Invocation
• Maximum Tolerable Period of Disruption (MTPD)
• Minimum Business Continuity Objective (MBCO)

www.infosectrain.com sales_at_infosectrain.com
7

• Clause 4 Context of the organization
• Internal Context
• External Context
• Interested Parties
• Legal and Regulatory
• Scope of the Management System
• Clause 5 Leadership
• Business Continuity Policy
• Roles and Responsibilities
• Evidencing Leadership to an Auditor

www.infosectrain.com sales_at_infosectrain.com
8

• Clause 6 Planning
• Addressing Risk and Opportunities
• Business Continuity Objectives
• Achieving Objectives
• Achieving Objectives
• Clause 7 Support
• Competence
• Awareness
• Communication
• Documented Information
• Clause 8 Operation
• Business Impact Analysis and Risk Assessment
• Business Impact Analysis
• Risk Assessment

www.infosectrain.com sales_at_infosectrain.com
9

• Clause 9 Performance evaluation
• Monitoring, Measurement, Analysis, and Evaluation
• Internal Audit
• Audit Programme Audits
• Management Review
• Clause 10 Improvement
• Nonconformity and Corrective Action
• Root Cause Analysis

www.infosectrain.com sales_at_infosectrain.com
10
Importance of ISO 22301 Certification? Obtaining
ISO 22301 Certification should be high on the
priority list of organizations that need to prove
to their stakeholders that they can immediately
overcome operational disruptions to provide
continued and effective service. Gaining ISO
22301 Certification puts the organization within
an individual group of companies committed to
business resilience. How can I get ISO 22301
certification Training InfosecTrain is one of
the leading IT security training providers. We
offer a comprehensive training program for ISO
22301 Certification. If you want to take the
experts help in getting through the ISO 22301
certification exam, check these ISO 22301
certification training courses offered by Infosec
Trainhttps//www.infosectrain.com/courses/iso223
01f/https//www.infosectrain.com/courses/iso22301
li/https//www.infosectrain.com/courses/iso22301l
a/




www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain

• Established in 2016, we are one of the finest
  Security and Technology Training and Consulting
  company
• Wide range of professional training programs,
  certifications consulting services in the IT
  and Cyber Security domain
• High-quality technical services, certifications
  or customized training programs curated with
  professionals of over 15 years of combined
  experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com