BS-25999: Business Continuity Management System PS-Prep: The Voluntary Private Sector Preparedness Program Kathleen Lucey, FBCI Practice Manager, EMC 516-384-6437.

Slides:

Advertisements

Similar presentations

Organizational Governance

Advertisements

1 Advisory Council April 1, 2011 Child Care Development Fund – State Plan for Federal Fiscal Years 2012 and 2013.

1 EEC Board Meeting May 10, 2011 Child Care Development Fund – State Plan for Federal Fiscal Years 2012 and 2013.

KEITH CANTANDO, CBCP CORPORATE SECURITY - PROGRAMS PROGRESS ENERGY PS-Prep (DHS – Voluntary Private Sector Preparedness Accreditation.

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.

Massachusetts Digital Government Summit October 19, 2009 IT Management Frameworks An Overview of ISO 27001:2005.

Accreditation 1. Purpose of the Module - To create knowledge and understanding on accreditation system - To build capacity of National Governments/ focal.

Conformity Assessment Practical Implications InterAgency Committee on Standards Policy June 2007 Gordon Gillerman Conformity Assessment Advisor Homeland.

Session 6 Integrated Emergency Management. Objectives of the Session Students will be able to 6.1 Define the principle of integration. 6.2Discuss the.

Copyright © 2014 by ABET Amanda Reid, Esq. ABET Adjunct Accreditation Director for Applied Science BACKGROUND.

ISO 9000 Series of Quality Management and Assurance Standards 1979 the British Standard Institute (BSI) submitted a formal proposal to the International.

1 FSTC’s 2008 Annual Conference On the Innovative Edge: Successful Strategies for Financial Services Industry Navigators The Financial Services Technology.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Presenter’s Name Presentation Date PS-Prep™ Program The Voluntary PS-Prep™ Accreditation and Certification Program [Insert date here]

Greg Shaw How do we turn private sector preparedness into an investment rather than a cost of doing.

Environmental Management Systems Refresher

Office of Inspector General (OIG) Internal Audit

Consumer Work Group Presentation Federal Health IT Strategic Plan January 9, 2015 Gretchen Wyatt Office of Planning, Evaluation, and Analysis.

External Quality Assessments

Purpose of the Standards

Overview of EMS and ISO Environmental Management Systems Development Course Raleigh, NC July 24, 2001 Beth Graves NC Division of Pollution Prevention.

ISO 9000:2000 Quality system standards adopted in 1987 by International Organization for Standardization; revised in 1994 and 2000 Technical specifications.

Preparing Your Organization for Disaster Joint Engineer Training Symposium August 28, 2014.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

Crisis and Risk Communication Course Development Update Damon Coppola June 7, 2011.

Overview of NSF Standards Process and Joint Committee Formation Sustainable Water Contact Products Stakeholder Meeting October 30, 2012.

Quality Management Systems P.Suriya Prakash Final Mech Vcet

Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,

1 FCC Advisory Committee on Diversity for Communications in the Digital Age: Transactional Transparency and Related Outreach Subcommittee January 26, 2004.

The Institute of Internal Auditors

Basics of OHSAS Occupational Health & Safety Management System

National Preparedness All Hazards Consortium Corey Gruber Assistant Deputy Administrator, National Preparedness National Preparedness.

Translating Knowledge to On-the-Ground Results Henry L. Green, Hon. AIA National Institute of Building Sciences Congressional.

Overview of EMS and ISO Environmental Management Systems Workshop Mobile, AL June 20-21, 2001 Beth Graves NC Division of Pollution Prevention and.

IAEA International Atomic Energy Agency Reviewing Management System and the Interface with Nuclear Security (IRRS Modules 4 and 12) BASIC IRRS TRAINING.

COMMUNITY AWARENESS / EMERGENCY RESPONSE BEST PRACTICE EXAMPLES AND TOOLS David Sandidge Director, Responsible Care American Chemistry Council May 31,

Hazards Risk Management Course Revision Project Update George Haddow June 2012.

2008 New York - Member Forum Council for Responsible Jewellery Practices, Ltd. Overview of CRJP.

Corporate Governance in the Caribbean Environment “The Caribbean Corporate Governance Forum” Trevor E Blake General Manager – ECSE.

CERTIFICATION In the Electronics Recycling Industry © 2007 IAER Web Site - -

STANDARDS OVERVIEW Wednesday, April 30, 2015 KAREN RECZEK, STANDARDS COORDINATION OFFICE, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

1 NFPA 1600 Standard for Disaster / Emergency Management and Business Continuity Programs 2004 Edition Dean R. Larson NFPA 1600 Committee.

Overview of WECC and Regulatory Structure

Private & Confidential1 (SIA) 13 Enterprise Risk Management The Standard should be read in the conjunction with the "Preface to the Standards on Internal.

ISO GENERAL REQUIREMENTS. ISO Environmental Management Systems 2 Lesson Learning Goals At the end of this lesson you should be able to: 

Disaster Recover Planning & Federal Information Systems Management Act Requirements December 2007 Central Maryland ISACA Chapter.

National Quality Infrastructure TRTA3 Approach

Solutions4Business Inc. “Your Consulting Partner for Strategic Supply Chain Initiatives” Mark Hehl Senior Consultant Solutions4Business Inc.

The Quality Enhancement Plan from a SACSCOC Perspective 1 Leadership Orientation for 2016-A Institutions January 27, 2014 Michael S. Johnson Senior Vice.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

Developing a programme for the implementation of the 2008 SNA and supporting statistics Seminar on Developing a programme for the implementation of the.

Panelists ASIS International – Dr. Marc Siegel, Security Management System Consultant, ASIS International Disaster Recovery Institute International (DRII)

Slide 1 Federation des Experts Comptables Méditerranéens 4 th FCM Conference Capri, 3-4 May 2004 The Globalisation of Small and Medium-sized Enterprises.

The University of Toledo Finance and Audit Committee Meeting “Internal Audit and Compliance Update” September 21, 2015.

NATIONAL INCIDENT MANAGEMENT SYSTEM Department of Homeland Security Executive Office of Public Safety.

Information Security tools for records managers Frank Rankin.

FROM GAPS TO CAPS Risk Management Capability Based on Gaps Identification in the BSR Project Lead Partner: Fire and Rescue Department under the Ministry.

Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.

National Emergency Communications Plan Update National Association of Regulatory Utility Commissioners Winter Committee Meeting February 16, 2015 Ron Hewitt.

Internal Audit Quality Assessment Guide

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 19 – Social Policy and Employment.

ANSI-ASQ National Accreditation Board A PS-Prep example - Supply Chain ANSI Homeland Security Standards Panel Washington DC, October 2009.

1 Presented by David Thompson, TIA December 14, 2005 NFPA 1600 and Emergency Communications.

Proposal to Adopt Three Standards

What Is ISO ISO 27001, titled "Information Security Management - Specification With Guidance for Use", is the replacement for BS It is intended.

Following Up on Internal Audit Reports Workshop on IIA Standard 2500

QUALITY MATTERS - OVERVIEW OF ISO QUALITY MANAGEMENT SYSTEM

Voluntary Private Sector Preparedness Certification Program

Panelists ASIS International – Dr. Marc Siegel, Security Management System Consultant, ASIS International Disaster Recovery Institute International (DRII)

Presentation transcript:

BS-25999: Business Continuity Management System PS-Prep: The Voluntary Private Sector Preparedness Program Kathleen Lucey, FBCI Practice Manager, EMC

BS 25999: Overview 2

BS 25999: Part 1 BS : 2006 Code of Practice for Business Continuity Management. A code of practice that takes the form of guidance and recommendations. Establishes the process, principles and terminology of BCM, providing a basis for understanding, developing, and implementing business continuity within an organization and to provide confidence in business-to- business and business-to-customer dealing. “Should” 3

BS 25999: Part 2 BS : 2007 Specification for business continuity management. A specification that provides requirements for establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented Business Continuity Management System within the context of managing an organization’s overall business risks. It is to this specification that an organization (or part of it) is audited: “Shall”= auditable. 4

Establish the Need for BS Set Policy 2 Establish Awareness 3 Perform BIA, CRRA, and RA 4 Develop Strategy 5 Implement Strategy in a BCM Plan 6 Test and Improve 7 Embed the BCMS in the Culture 8 Ready for BS Certification Get Ready for Certification 5

What to do if you are interested 1. Purchase BS Parts 1 and 2; read them carefully. 2. Set the scope of your BCMS 3. Think about self-assessment and/or an external gap analysis 4. Consider training needs and consultant options When you consider yourself ready to be certified: 1. Submit an application to BSI 2. Consider an optional pre-assessment 3. Achieve certification 4. Implement annual assessment visits. 6

Other Information Part 1 and Part 2 are still available in the US at the reduced price of $19.99 each until publication by PS- Prep of the selected standard(s) in the Federal Register (normal price is $ each). Over 40 organizations have certified at least some of their operations. For more information go to: Certification-services/Management-systems/Business- areas/Business-continuity-management/ 7

For Discussion: WHY would you want to become certified?? 8

The Voluntary Private Sector Preparedness Accreditation and Certification Program 9

History of the PS-Prep Program Basic requirements from Title IX of Public Law (Recommendations of the 9/11 Commission) nationwide resilience Purpose: To enhance nationwide resilience in an all-hazards environment by improving private sector preparedness in disaster management, emergency management, and business continuity. Set up governance Select an Accreditation Entity and Program Adopt Standard(s) Oversee the certification of private sector entities Continuous program monitoring Special consideration to the needs of small businesses is mandated by Title IX 10

What is PS-Prep? – A Review Assigned to DHS/FEMA Focuses on private sector organizations Addresses operational risk including disaster/emergency management and business continuity Provides for an independent third party certification Voluntary; no “incentives” 11

DHS/FEMA is responsible for: 1. Selecting standards for use in the program 2. Supporting the development of the certification process by designating and funding the accrediting body 3. Developing and communicating the business case for the program to the private sector. 12

Current Status & History Accrediting body (ANAB – ANSI/ASQ National Accreditation Board) designated  Substantial outreach by DHS/FEMA and ANAB to private sector entities  Small and Medium-Size Business Advisory Council was to be set up by ANAB  Criteria to be used in designating preparedness standards have been announced in Federal Register  13

Current Status Oct. 16, 2009: Federal Register Notice  Nov. 4, 2009: Public Announcement of Selected Standards  Announced a series of 10 public meetings were to be held to discuss PS-Prep across the country.  Comment period extended to January 15,  14

Standards Selected ASIS SPC Organizational Resilience: Security Preparedness, and Continuity Management Systems – the American Society for Industrial Security. ASIS SPC British Standard :2007 Business Continuity Management – the British Standards Institute (BSI). British Standard :2007 National Fire Protection Association 1600:2007/10 Standard on Disaster/Emergency Management and Business Continuity Programs – the National Fire Protection Association. National Fire Protection Association 15

PS-Prep: Where Are We Now?? Likely next steps include the following: Formal designation of standard(s) in Federal Register ANAB finalizes its accreditation processes Certifying bodies are accredited by ANAB Businesses could then seek voluntary certification from certifying bodies. 16

PS-Prep: Remaining to be Done… Formal adoption of standards: Spring 2010 Develop accreditation and certification program (ANAB): Summer 2010 Perform initial accreditation of certifying bodies: Winter 2010 Begin voluntary certifications: Winter

PS-Prep: Where Are We Now??  Formal adoption of standards: Spring 2010  Develop accreditation and certification program (ANAB): Summer 2010: Delayed  Perform initial accreditation of certifying bodies: Winter 2010: Probably Delayed  Begin voluntary certifications: Winter : Probably Delayed 18

Where are We Now? Waiting for an announcement of the selected standard(s). Note: ANAB requires that any standard that it certifies have an ISO-accepted auditor training entity. Only BS has such training at the moment. No Federal Register announcement yet… Count on the Deepwater Horizon oil spill to have diverted FEMA resources and government attention! 19

References BS 25999: PS Prep: 20

Questions for Discussion What are the implications of the PS-Prep Program for small businesses? What are the implications of the cost of certification? Ideas? What are the most important factors for the Critical Infrastructure and Key Resources Sector? What is the business case for implementing the PS-Prep Program? 21

22 For more information: Kathleen Lucey, FBCI Practice Manager, EMC (MAS) Tel: