Services

×

Business Continuity Management System - ISO 22301 Consulting Overview

An organisation achieving ISO 22301 certification implies it has recovery and restoration capability for each outage scenario, be it technology, site, vendor, people/skill or any other dependency. We have a 7 phase approach that starts with understanding your business and continuity objectives. This is followed by Business Impact Analysis (BIA), and Risk Assessment (RA) to determine your minimum business continuity objectives.

Each of our ISO 22301 consulting assignment involves transfer of knowledge, skills, documented plans, and testing of each of those plans. We create two layer plans that includes restoration of minimum as well as full restoration.

We have implemented ISO 22301 for large Telecoms covering multiple locations, Financial Institutions, and Insurance Companies. Each of them are successfully ISO 22301 certified.

What makes us unique is our involvement in the engagement that ensures your business is capable of successful recovery. Our methodologies of understanding a business, business impact analysis, risk assessment, continuity strategies (focus on outage rather than events), individual restoration plans, Disaster Recovery Plans, rigorous testing, and zero defect ISO 22301 certification – each of these features contribute to a better return of your business continuity investment.

What are the ISO 22301: 2019 Certification Requirements?

The standard is divided into 10 following clauses. For ISO 22301 certification only Clause 4 to 10 is applicable.

  • Clause 1 – Scope
  • Clause 2 – Normative References
  • Clause 3 – Terms and definitions
  • Clause 4 – Context of the organization
  • Clause 5 – Leadership
  • Clause 6 – Planning
  • Clause 7 – Support
  • Clause 8 – Operation
  • Clause 9 – Performance Monitoring
  • Clause 10 – Improvement

Our ISO 22301 Consulting Methodology has the following broad phases

We bring our world-class experience in delivery BCMS ISO 22301 implementation leading to successful certification.

PHASE I

Determination of Objectives

Understanding the business objectives, and business continuity objectives.

PHASE II

Gap Analysis

Business impact analysis (BIA) and risk assessment.

PHASE III

Recovery Strategy

Management Strategy for recovery

PHASE IV

Documentation

Documenting and communication individual plans.

PHASE V

Testing

Testing each of the Individual Plans.

PHASE VI

Internal Audit

Internal audit followed by a formal review of the program gives organisation an independent perspective, and enables them to be ready for final attestation.

PHASE VII

Implementation

This has two stages Stage
1 – Documentation Audit, and
2 – implementation verification

We support you in all phases to help you achieve ISO 22301 certification. Upon successful completion an ISO 22301 certificate is issued which has a validity of 3 years subject to annual surveillance.

Training

We provide bespoke training, listed below are our offerings.

  • Shorter Sessions from 1 hour to 4 hours
  • Interpretation of the ISO 27001 requirements
  • 1 Day Awareness Session
  • 2 Days Internal Audit Course
  • 3 Days Implementation Course covering 10+ hands on exercises

Upon receiving your request, we will provide you further details.

Documentation Toolkit

ISO 27001 requires documentation of policies, procedures and records. As a result of several consulting assignments, we have some of the best content available that covers all the requirements. Our documentation has the following salient features:

  • Alignment with all ISO 27001-documentation requirements
  • Our experiences turned into documentation templates
  • Project Tracking tools to support the implementation
  • Q & A support

Upon receiving your request, we will provide you further details.

Internal Audit

An independent assessment helps to assess the state of compliance. Our internal audit methodology includes people, process, technology and measurements to assure and provide management the degree of ISO 27001 compliance. Typically 3-5 days is required to perform a comprehensive internal audit. Upon receiving your request, we will provide you further details.

 

Business Impact Analysis and Risk Assessment

Business Impact Analysis results in identification of mission critical services and activities, determining their outage tolerance, and determine their priority in restoration. Risk Assessment is the analysis of strength or weakness of ‘continuity capability’ to restore services based in technology, site, suppliers and personnel’s. We have one of the most comprehensive risk assessment approach that includes ‘continuity capability, ‘individual ISO 22301 requirements’, and ‘individual BC plans’. Let us know if you are interested.

Upon receiving your request, we will provide you further details.

Program Management

ur consulting methodology experience has helped us to understand – what it takes to design and maintain a successful ISO 22301 compliance. The outsourcing model removes the compliance responsibility to an external team, whereas the management focuses on customer/business delivery.

Upon receiving your request, we will provide you further details.

Exercises

Business continuity plans are as good as they are tested. We can help you design and test range of tests that includes (but not limited)

  • Crisis Communication
  • Cyber Attack Simulation
  • IT restoration and recovery in sequence

Upon receiving your request, we will provide you further details.