Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advancing the Profession Through Global Standards: ISO/TC 292

Published by Modified over 6 years ago

Similar presentations

Presentation on theme: "Advancing the Profession Through Global Standards: ISO/TC 292"— Presentation transcript:

1 Advancing the Profession Through Global Standards: ISO/TC 292
Dr. Wolfgang H. Mahr, M.Sc., BBA, FBCI, CISA governance & continuuuity gmbh CH-8408 Winterthur, Switzerland LinkedIn, XING, Twitter, YouTube

2 Contents Abstract Why Standards? Before ISO Standards
Basic Principles of ISO How is ISO working? History, Composition and Deliverables of ISO/TC 292 Business-Continuity-related Deliverables (WG2) ISO 22301:2012, ISO 22313:2012, ISO/TS 22317:2015 ISO/TS 22318:2015, ISO/DIS 22316 ISO/TS :2014 Work in Progress Conclusions

3 Abstract ISO, the International Organization for Standardization, through their Technical Committee 292 (formerly 223) has developed a range of standards in the continuity and resilience fields. Developed by experts from dozens of countries and adopted by a solid majority of national standards associations, these standards advance the profession by providing practitioners, regulators, management and customers with valuable implementation and auditing tools. Find out about the deliverables provided by this Technical Committee and how they may support you.

4 Why Standards?   Standards serve to raise the level of competencies of involved parties Standards help understand involved parties’ degree of preparation and maturity Standards help training of key personnel Standards enable certification of organizations against publicly accepted criteria International standards enable global organizations to achieve compliance in a number of jurisdictions Management system standards enable a continuous improvement

5 Before ISO standards   Many countries had local standards (UK, US, Israel, Singapore, Australia,…) Many countries had no standards (Switzerland, Germany,…) International organizations faced uncertainties British standard BS25999 served as de facto international standard

6 Basic principles of ISO
Equal representation: one vote per country Voluntary membership: ISO does not have the authority to force adoption of its standards Business orientation: ISO only develops standards for which a market demand exists Consensus approach: looking for a large consensus among the different stakeholders International Corporation: over 160 member countries plus liaison bodies

7 How is ISO working?   ISO is a network of national standardization bodies from about 160 countries The final results of ISO developments are published as International Standards Over 20,000 standards have been published since Standards are sold via or national standards associations Table of contents of most standards can be viewed

8 History of ISO/TC 292 Amalgamation of three technical committees:
ISO/TC 223 Societal security ( ) ISO/TC 247 Fraud countermeasures and controls ( ) ISO/PC 284 Management system for quality of PSC operations ( ) In June 2014 the Technical management Board of ISO (TMB) took the decision to create a new ISO Technical committee called ISO/TC 292 where three committees were merged into one. More info:

9 Composition of ISO/TC 292 WG 1 Terminology
WG 2 Continuity and organizational resilience WG 3 Emergency management (no change) WG 4 Authenticity, integrity and trust for products and documents WG 5 Community resilience WG 6 Protective security

10 Deliverables of ISO/TC 292
General ISO Societal security – Terminology ISO/TR Societal security – Technological capabilities

11 Deliverables of ISO/TC 292
Business continuity management ISO Societal security – Business continuity management systems – Requirements ISO Societal security – Business continuity management systems – Guidance ISO/TS Societal security – Business continuity management systems – Guidelines for business impact analysis ISO/TS Societal security – Business continuity management systems – Guidelines for supply chain continuity ISO/IEC/TS Conformity assessment – Requirements for bodies providing audit and certification of management systems – Part 6: Competence requirements for auditing and certification of business continuity management systems

12 Deliverables of ISO/TC 292
Emergency management ISO Societal security – Emergency management – Requirements for incident response ISO Societal security – Emergency management – Guidelines for public warning ISO Societal security – Emergency management – Guidelines for colour coded alert ISO/TR Societal security – Emergency management – Message structure for exchange of information

13 Deliverables of ISO/TC 292
Community resilience ISO Societal security – Mass evacuation – Guidelines for planning ISO Societal security – Guidelines for establishing partnering arrangements ISO Societal security – Guidelines for exercises

14 Deliverables of ISO/TC 292
Authenticity, integrity and trust for products and documents ISO Performance criteria for authentication solutions used to combat counterfeiting of material goods ISO Guidelines for interoperable object identification and related authentication systems to deter counterfeiting and illicit trade

15 Deliverables of ISO/TC 292
Protective security ISO Societal security – Video-surveillance – Export interoperability* ISO Management system for private security operations - Requirements with guidance for use ISO Specification for security management systems for the supply chain ISO Security management systems for the supply chain - Best practices for implementing supply… ISO Security management systems for the supply chain - Development of resilience in the supply chain… ISO Security management systems for the supply chain - Requirements for bodies providing audit and certification … ISO Security management systems for the supply chain - Guidelines for the implementation of ISO (Part 1-4)

16 Deliverables of ISO/TC 292 WG2
(Selection)   BIA Supply Chain 22317 22300 22316 22318 Other TC/292 Standards Glossary 22313 Audit 22301 17021 Emergency Management Audit BCMS Guidance WIP BCMS Specifications WIP Organizational Resilience Lifecycle: The Business Continuity Institute

17 ISO 22301:2012 BCMS   Published 2012, revision process under evaluation Based on ISO 22300 Management System for Business Continuity Management Based on ISO Management System Guidelines Similar structure as ISO 9001, ISO 27001, etc. Certifiable standard: Specification (”shall”) Varying acceptance worldwide Non-mandatory except when prescribed by jurisdiction Based on the Plan-Do-Check-Act Cycle 22301

18 ISO 22301:2012 BCMS 22301 Contents: Introduction Scope
Normative references Terms and definitions Context of the organization Leadership Planning Support Operation Performance evaluation Improvement Bibliography 22301

19 ISO 22301:2012 BCMS Plan – Do – Check – Act Cycle 22301
Reference: ISO 22301:2012

20 ISO 22301:2012   22301

21 ISO 22313:2012 22313 Published 2012, revision process under evaluation
Based on ISO and ISO 22301 Identical structure as ISO 22301 Non-certifiable standard: Guidance (”should”) 22313

22 ISO/TS on BIA   Published in September 2015 Based on ISO 22301, ISO and ISO 22300 Non-certifiable standard: Guidance (”should”) Focus on Performing the BIA: Project Planning and Management Product and Service Prioritisation Process Prioritisation Activity Prioritisation Analysis and Consolidation Top Management Endorsement of BIA Results Annexes on Terminology Mapping Information Collection Methods 22317

23 Challenges when doing a BIA
Commitment Level of effort “Right” effort Correctness /Completeness No excessive overlap / no white spots 22317

24 ISO/TS 22318 on Supply Chain Continuity
Published in 2015 Based on ISO 22301, ISO 22300 Non-certifiable standard: Guidance (”should”) Focus on Supply Chain Continuity: Why supply chain continuity is important Analysis of the supply chain SCCM strategies (Supply Chain Continuity Management) Managing a disruption in the supply chain Performance evaluation 22318

25 ISO/TS 17021-6 Competence Requirements
Published in 2014 Based on ISO and ISO 17021 Developed in cooperation with ISO CASCO Conformity Assessment Full title: Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 6: Competence requirements for auditing and certification of business continuity management systems Non-certifiable standard: Guidance (”should”) Focus on Auditor Competencies: Generic competence requirements Competence requirements for the Auditors and personnel reviewing audit reports and making certification decisions Conducting the application review to determine or the team competence required, to select the audit's team members, and to determine that audit time Annex A: Knowledge for the BCMS auditing and certification

26 ISO/DIS 22316 on Organizational Resilience
To be published in 2016 Based on ISO 22301, ISO 22300 Non-certifiable standard: Guidance (”should”) Focus on Organizational Resilience: Principles and approach Attributes and activities for organizational resilience Evaluating the organization's strategy for organizational resilience Annex A: Relevant vocabulary Annex B: Relevant management disciplines 22316

27 Work In Progress WIP Within WG2: standards on …
Human factors in business continuity (based on an UK standard) Standard on business continuity strategy WIP

28 Conclusions Standards… serve to promote good practices
allow an assessment of a situation may serve as a base for certification serve to promote confidence in suppliers take some time to for their development reflect the knowledge of a range of subject matter experts facilitate international operations and trade may serve as minimum requirements as prescribed by a regulator

29 Thank you  

Download ppt "Advancing the Profession Through Global Standards: ISO/TC 292"

Similar presentations

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.

International Federation of Accountants International Education Standards for Professional Accountants Mark Allison, Executive Director Institute of Chartered.
ISO 9001: Countdown to 2015 Presented by Ellen Diggs Ellen Diggs Consulting ekdiggs@verizon.net February 11, 2015 It’s Not Just for Manufacturing Anymore!

ISO 9001: Countdown to 2015 Presented by Ellen Diggs Ellen Diggs Consulting February 11, 2015 It’s Not Just for Manufacturing Anymore!
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Miles Shepherd Chairman ISO Technical Committee 258.

Miles Shepherd Chairman ISO Technical Committee 258.
© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.

© 2006 IBM Corporation Introduction to z/OS Security Lesson 9: Standards and Policies.
Quality Management Systems

Quality Management Systems
RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.

RC14001 ® Update GPCA Responsible Care Committee September 23, 2013.
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
ISO 9001:2015 Revision overview - General users

ISO 9001:2015 Revision overview - General users
Introduction to ISO 14000. International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,

Introduction to ISO International Organization for Standardization (ISO) n Worldwide federation of national standards bodies from over 100 countries,
The Institute of Internal Auditors

The Institute of Internal Auditors
Software Quality Assurance Lecture 4. Lecture Outline ISO ISO 9000 Series of Standards ISO 9001: 2000 Overview ISO 9001: 2008 ISO 9003: 2004 Overview.

Software Quality Assurance Lecture 4. Lecture Outline ISO ISO 9000 Series of Standards ISO 9001: 2000 Overview ISO 9001: 2008 ISO 9003: 2004 Overview.
1 2007 05 20 Prague EOQ GA Thomas Szabo ÖVQ © QualityAustria 2007 EOQ liaisons to ISO Thomas Szabo Standardisation Representative ÖVQ.

Prague EOQ GA Thomas Szabo ÖVQ © QualityAustria 2007 EOQ liaisons to ISO Thomas Szabo Standardisation Representative ÖVQ.
Environmental Management System Definitions

Environmental Management System Definitions
Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.

Paul Hardiman and Rob Brown SMMT IF Planning and organising an audit.
Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.

Information Security 14 October 2005 IT Security Unit Ministry of IT & Telecommunications.
Solutions4Business Inc. “Your Consulting Partner for Strategic Supply Chain Initiatives” Mark Hehl Senior Consultant Solutions4Business Inc.

Solutions4Business Inc. “Your Consulting Partner for Strategic Supply Chain Initiatives” Mark Hehl Senior Consultant Solutions4Business Inc.
International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.

International Security Management Standards. BS ISO/IEC 17799:2005 BS ISO/IEC 27001:2005 First edition – ISO/IEC 17799:2000 Second edition ISO/IEC 17799:2005.
International Organization

International Organization
Dr. Trevor Smith Chair ISO/TC 176 Quality Management & Quality Assurance Worldwide Quality Director Global Manufacturing & Logistics Eastman Kodak Company.

Dr. Trevor Smith Chair ISO/TC 176 Quality Management & Quality Assurance Worldwide Quality Director Global Manufacturing & Logistics Eastman Kodak Company.

Similar presentations

Ads by Google