SlideShare une entreprise Scribd logo

Leveraging Gap Assessments and Internal Audits in ISO 22301

PECB
PECB

A focus on the strategic operation of the assessment and audit function of the BCMS to meet system goals and objectives, maintain conformance and leverage to enhance the awareness and benefits of the BCMS. Topics include the design and methodology of the internal audit plan and opportunities for using proven performance to promote awareness of the BCMS and quantify value of the system. Main points covered: • Gap Assessment and Internal Audit Plan • Methodology • Show ROI on performance Presenter: The presenter of this webinar will be Jan Decker. She is a Consultant in Emergency Management, Crisis Management and related Business Continuity plans, programs, and information systems. She is certified ISO 22301 Lead Implementer and Lead Auditor Trainer. Link of the recorded session published on YouTube: https://youtu.be/7AyikpO6GLA

Formation
1  sur  34
LEVERAGING ASSESSMENTS AND AUDITS IN ISO 22301 Return on Investment through Performance Jan Decker Crisis Management Consulting BCMS Basics www.crisismanagementconsulting.com
Jan Decker Lead consultant and owner of Crisis Management Consulting Jan Decker is a consultant in Emergency Management, Crisis Management and related Business Continuity plans, programs, and information systems. She is certified ISO 22301 Lead Implementer and Lead Auditor Trainer Contact Information Jan.decker@comcast.net www.crisismanagementconsulting.com https://www.linkedin.com/in/jan-decker-6b421b6
A BCMS is a quality system • Planned • Strategic – targeted at goals, objectives and sustained mission achievement • Structured with policies, guidelines, and tangible elements • Can be verified • Operated by norms, processes and practices – repeated • Measured and assessed • Performance Outcomes • Meets or exceeds goals • Multiple outcomes and benefits • Investment is realized into real value • Quality Systems – ISO conformance is voluntary
Built upon and/or aligned to the ISO 22301 standard • Major components – Clauses 4-10 • May share system components of Clauses 9-10 • Note that there are common elements in several Clauses
Organization Mission, Goals and Objectives • Crosswalk the mission, goals and objectives of the organization to the standard • Crosswalk the standard to the organization and the existing/current BC program • Resolve any major gaps at the planning level • The Organization’s Mission is primary • The operation of the BCMS is meet to the Organization’s Mission • The ISO 22301 standard is the guide and criteria • If certification is the goal – then the Standard is primary
Baseline Assessment – Starting Point • If there is no BCMS in place, this is a Gap Assessment with a preliminary comparison with the standard – and a set of gaps that present a work plan for alignment focused on alignment and conformance over quality and performance. • If there is a BCMS in place, this is a Gap Assessment on the following: • Conformance with the ISO 22301 Standard • Achievement of the Mission, Goals and Objectives of the Organization • Current performance with respect to the standard and policy • May include a focus on improvements
Quarterly and Annual Audit Plan • If getting certified, the Assessment/Audit plan is fast tracked for 6-12 months to completed a full cycle of audit/correction action plan/improvement/verification/report and involvement of top management – and then the quarterly and annual plan is implemented.
Quarterly and Annual Audit Plan - 3 year program • Plan to audit all clauses within 3 years • Plan to address major gaps of non-conformance within solution timelines • Plan to audit all major operations at least once a year • Track the audit plan and status with an annual report • Note where auditing in a clause also satisfies an audit in another clause - streamline
Integrate Quarterly and Annual Audit Plan with the BCMS program and the Organizational Business Operation • Integrate audit plan and performance reports with other BCMS programs • Training • Testing and Exercise • Awareness • Competence • Risk Management • Strategic Planning
Gap Assessment and Internal Audit Methodologies A Baseline Gap Assessment is a very comprehensive assessment. It is a comparison of the current program with the ISO Standard elements – there are 213 elements in ISO 22301.
# BCMS Standard Element Comments 1 Top Management Commitment 2 Stakeholders 3 Policy 4 Organization and Assignments 5 Risk Assessment and Risk Treatment, BIA 6 Objectives 7 BC Plans 8 Competency 9 Communications 10 Training and Awareness 11 Tests, Drills and Exercises 12 Incident Documentation 13 After Action Review 14 Non-Conformities 15 Root Cause Analysis 16 Corrective Action Plans 17 Continuous Improvement 18 Audits – Internal 19 Audits – External 20 Annual Report 21 Top Management Review 22 1-3 year program One methodology is to outline the elements into major categories and create a basic checklist.
# BC Plans Comments 1 Site Safety Plan – OSHA 1910.38 2 Business Unit Business Continuity Plans 3 System Disaster Recovery Plan 4 Crisis Management Plan 5 Facilities Damage Assessment and Recovery Plan 6 Public Information and Crisis Communication Plan 7 Security Plan - Facilities 8 IT Security Plan 9 Incident Specific Contingency Plans 10 Community Assistance Plan Example Detail List for Elements
Comprehensive Assessment with the ISO 22301 Standard • Clauses 4-10 • Approximately 213 separate elements • If there are other ISO systems in place, Clauses 9 and 10 may require less review • Group together similar requirements
Example – Top Management and Audits 5. 5.4 Organizational Roles, Responsibilities and Authorities b. Reports on performance to top management The audit reports are summarized and communicated to TOP MANAGEMENT - generally annually. Auditors should also meet with TOP MANAGEMENT during audits for the close out meeting and report. 5. 5.2 Management Commitment o. Ensure internal audits are conducted 9. 9.3 Management Review · Results of the BCMS audits and reviews, including suppliers and partners
Use a Score Card for the first assessment
Track Performance and Scores through Audit Tools
Example – Quarterly Plan by BCMS Element
Example – Quarterly Plan by ISO 22301 Clause 6. 6.2 Business Continuity Objectives and Plans Top Management SHALL ensure Business Continuity objectives are established and communicated for relevant functions and levels within the organization Business Continuity objectives are both high level and are from the Business Impact Analysis. The most common are: RTO, RPO, MAO, MBCO - there may be others.
Example – Quarterly Plan by ISO 22301 Clause – by Organizational Component
Strategic 3 Year Audit Plan and Tracking
Overview – 3 Year Internal Audit Plan by Clause
Self Assessment – Survey Tool Supplement to Interviews and Quarterly data collection • Survey selected elements and organizational units. • Collect and review responses • Collate data • Select specific units for verification
Group Interviews and Review Meetings • Multiple Departments and Units • Conduct full survey of Program Components • Conduct survey of ISO Clauses • Combine with training • See plans and documents • Communicate goals, objectives, expectations • Bring in top management for communication
Benefits and Advantages of Leveraging the Internal Audit Program • Raises Awareness of the Goals, Objectives and Components of the BCMS • Continuous Training through activities • Promotes the update and maintenance of the plans, procedures and processes • Encourages participation of the review and improvement plan
Benefits and Advantages of Leveraging the Internal Audit Program • Completes the cycle of findings, solutions to gaps, implementation of solutions, and verification • Regular performance tracking proves that the BCMS is operational • Increases assurances that people and plans are ready • Continual improvement of the BCMS is aligned with the growth and expansion of the organization
Performance and Reporting is the opportunity to show VALUE • Annual reporting highlights the avoided loss and the resilience of the organization – a success of the BCMS and a work product of the audits • Non-conformances equal potential failures and losses – conformance is a savings and an investment – validated by audits • Use a methodology to show risk reduction and increased sustainability as performance and continuous improvement is measured • Show the correlation between the BCMS and operational performance – highlight any incidents and recovery
Return on Investment of the BCMS – through the Audit Program • Protection of the Value of the Organization – cost of the BCMS is a very small percentage of the gross annual operational value Cost of BCMS Services Contracts Dedicated Staff Training Time May limit this to the AUDIT cost Gross Annual Operational Value Total Revenue Total Sales Total Delivery of Services ($ Value) Organization Retail Value
Return on Investment of the BCMS – through the Audit Program • Protection of the Value of the Organization – cost of the BCMS is a very small percentage of the gross annual operational value $100,000 $10,000,000 1%
Return on Investment of the BCMS – through the Audit Program • Annual reporting highlights the avoided loss and the resilience of the organization – a success of the BCMS and a work product of the audits Avoided loss results in profits and/or the achievement of the mission of the organization This is proven through the audit program which reviews the performance tracking
Return on Investment of the BCMS – through the Audit Program • Use a methodology to show risk reduction and increased sustainability as performance and continuous improvement is measured Performance of the BCMS has resulted in a 40% reduction in the overall risk score – validated through the audit program and annual reporting. This can be quantified into higher or greater resilience and therefore value to the organization.
Leveraging the Internal Audit program with the other operational activities of the BCMS – maximize the effectiveness of the audit function • Include auditors in tests and exercises – they are trained, have greater understanding of what they are auditing and can provide an audit report to augment the audit plan • Plan training and awareness programs just before audits – audits reinforce the training • Use the audit findings for training and promotion of performance – champion good performance
Leveraging the Internal Audit program with the other operational activities of the BCMS • Rotate internal auditors from one department to another – leverage the understanding within the organization of the high level objectives and integration of the plans and processes – cross training raises performance for the auditor in their own role and function in the BCMS • Notify auditor or supplement reports as solutions are implemented and updates are made – make this part of continuous improvement. • Treat auditors as a key component of performance.
ISO 22301 Training Courses  ISO 22301 Introduction 1 Day Course  ISO 22301 Foundation 2 Days Course  ISO 22301 Lead Implementer 5 Days Course  ISO 22301 Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://pecb.com/iso-22301-training-courses| www.pecb.com/events
THANK YOU ? Jan.decker@comcast.net www.crisismanagementconsulting.com https://www.linkedin.com/in/jan-decker-6b421b6

Recommandé

Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systems
PECB
 
Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?
PECB
 
Risk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesRisk Management in QMS Processes - examples
Risk Management in QMS Processes - examples
Centauri Business Group Inc.
 
Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinking
Ramasubramanian S
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
Satya Yadav
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review Course
Desmond Devendran
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
Jeremy Cheng
 
Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015
Muhamad Bustaman Abdul Manaf
 

Recommandé

Key considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systemsKey considerations for an appropriate scope for all management systems
Key considerations for an appropriate scope for all management systems
PECB
 
Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?Is it Necessary to Document the BCMS plan?
Is it Necessary to Document the BCMS plan?
PECB
 
Risk Management in QMS Processes - examples
Risk Management in QMS Processes - examplesRisk Management in QMS Processes - examples
Risk Management in QMS Processes - examples
Centauri Business Group Inc.
 
Risk based thinking
Risk based thinkingRisk based thinking
Risk based thinking
Ramasubramanian S
 
Business continuity management www.reconglobal.in
Business continuity management www.reconglobal.inBusiness continuity management www.reconglobal.in
Business continuity management www.reconglobal.in
Satya Yadav
 
Chap6 2007 Cisa Review Course
Chap6 2007 Cisa Review CourseChap6 2007 Cisa Review Course
Chap6 2007 Cisa Review Course
Desmond Devendran
 
Internal Audit Strategic Framework
Internal Audit Strategic FrameworkInternal Audit Strategic Framework
Internal Audit Strategic Framework
Jeremy Cheng
 
Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015Risk based thinking in ms iso 9001 2015
Risk based thinking in ms iso 9001 2015
Muhamad Bustaman Abdul Manaf
 
What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business?
Ardea International
 
Implementing a New QMS Improvement System
Implementing a New QMS Improvement SystemImplementing a New QMS Improvement System
Implementing a New QMS Improvement System
PECB
 
Maintenance Performance delivery improvement process
Maintenance Performance delivery improvement process Maintenance Performance delivery improvement process
Maintenance Performance delivery improvement process
Neeraj Kumar
 
8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training 8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training
Qualsys Ltd
 
Iso Internal Auditor
Iso Internal AuditorIso Internal Auditor
Iso Internal Auditor
Danyah Hejaij
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
Sandeep Kashyap
 
ISQC 1 training for smp's
ISQC 1 training for smp'sISQC 1 training for smp's
ISQC 1 training for smp's
Ransford Armah
 
Quality Management System (QMS) for training providers
Quality Management System (QMS) for training providers Quality Management System (QMS) for training providers
Quality Management System (QMS) for training providers
Linda Meyer
 
Cmmi (2)
Cmmi (2)Cmmi (2)
Cmmi (2)
Chintakunta Hariteja
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
Nimonik
 
Internal audit training
Internal audit trainingInternal audit training
Internal audit training
Muhammad Zubair
 
Asset Lifecycle Conceptual Models
Asset Lifecycle Conceptual ModelsAsset Lifecycle Conceptual Models
Asset Lifecycle Conceptual Models
Alex Chatha
 
Asset Management Presentation
Asset Management PresentationAsset Management Presentation
Asset Management Presentation
Neeraj Kumar
 
Audit Quality Control
Audit Quality ControlAudit Quality Control
Audit Quality Control
Anh Ho
 
It Audit
It AuditIt Audit
It Audit
robinslides
 
Measuring People, Process and System
Measuring People, Process and SystemMeasuring People, Process and System
Measuring People, Process and System
Jeremy Cheng
 
Asset Management Abstract
Asset Management AbstractAsset Management Abstract
Asset Management Abstract
atavane
 
IAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar OneIAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar One
International Federation of Accountants
 
What’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation ProcessesWhat’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation Processes
International Federation of Accountants
 
How to Determine the Root Cause Analysis Techniques in a Management System?
How to Determine the Root Cause Analysis Techniques in a Management System?How to Determine the Root Cause Analysis Techniques in a Management System?
How to Determine the Root Cause Analysis Techniques in a Management System?
PECB
 
Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMS
PECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 

Contenu connexe

Tendances

Implementing a New QMS Improvement System
Implementing a New QMS Improvement SystemImplementing a New QMS Improvement System
Implementing a New QMS Improvement System
PECB
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
Sandeep Kashyap
 
Quality Management System (QMS) for training providers
Quality Management System (QMS) for training providers Quality Management System (QMS) for training providers
Quality Management System (QMS) for training providers
Linda Meyer
 
Asset Lifecycle Conceptual Models
Asset Lifecycle Conceptual ModelsAsset Lifecycle Conceptual Models
Asset Lifecycle Conceptual Models
Alex Chatha
 
Asset Management Abstract
Asset Management AbstractAsset Management Abstract
Asset Management Abstract
atavane
 
What’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation ProcessesWhat’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation Processes
International Federation of Accountants
 
How to Determine the Root Cause Analysis Techniques in a Management System?
How to Determine the Root Cause Analysis Techniques in a Management System?How to Determine the Root Cause Analysis Techniques in a Management System?
How to Determine the Root Cause Analysis Techniques in a Management System?
PECB
 

Tendances (20)

What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business? What do the changes to ISO14001 mean for business?
What do the changes to ISO14001 mean for business?
 
Implementing a New QMS Improvement System
Implementing a New QMS Improvement SystemImplementing a New QMS Improvement System
Implementing a New QMS Improvement System
 
Maintenance Performance delivery improvement process
Maintenance Performance delivery improvement process Maintenance Performance delivery improvement process
Maintenance Performance delivery improvement process
 
8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training 8D problem solving for NCR management: Beginners training
8D problem solving for NCR management: Beginners training
 
Iso Internal Auditor
Iso Internal AuditorIso Internal Auditor
Iso Internal Auditor
 
Business continuity planning
Business continuity planningBusiness continuity planning
Business continuity planning
 
ISQC 1 training for smp's
ISQC 1 training for smp'sISQC 1 training for smp's
ISQC 1 training for smp's
 
Quality Management System (QMS) for training providers
Quality Management System (QMS) for training providers Quality Management System (QMS) for training providers
Quality Management System (QMS) for training providers
 
Cmmi (2)
Cmmi (2)Cmmi (2)
Cmmi (2)
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
 
Internal audit training
Internal audit trainingInternal audit training
Internal audit training
 
Asset Lifecycle Conceptual Models
Asset Lifecycle Conceptual ModelsAsset Lifecycle Conceptual Models
Asset Lifecycle Conceptual Models
 
Asset Management Presentation
Asset Management PresentationAsset Management Presentation
Asset Management Presentation
 
Audit Quality Control
Audit Quality ControlAudit Quality Control
Audit Quality Control
 
It Audit
It AuditIt Audit
It Audit
 
Measuring People, Process and System
Measuring People, Process and SystemMeasuring People, Process and System
Measuring People, Process and System
 
Asset Management Abstract
Asset Management AbstractAsset Management Abstract
Asset Management Abstract
 
IAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar OneIAASB Quality Management Webinar Series: Webinar One
IAASB Quality Management Webinar Series: Webinar One
 
What’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation ProcessesWhat’s New for Firms’ Monitoring and Remediation Processes
What’s New for Firms’ Monitoring and Remediation Processes
 
How to Determine the Root Cause Analysis Techniques in a Management System?
How to Determine the Root Cause Analysis Techniques in a Management System?How to Determine the Root Cause Analysis Techniques in a Management System?
How to Determine the Root Cause Analysis Techniques in a Management System?
 

En vedette

Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMS
PECB
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
PECB
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
PECB
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
PECB
 
Verification Planning of Food Safety System
Verification Planning of Food Safety SystemVerification Planning of Food Safety System
Verification Planning of Food Safety System
PECB
 
How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?
PECB
 
Corporate Social Responsibility: Balancing the Risks and Rewards
Corporate Social Responsibility: Balancing the Risks and RewardsCorporate Social Responsibility: Balancing the Risks and Rewards
Corporate Social Responsibility: Balancing the Risks and Rewards
PECB
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?
PECB
 
ISO 50001 – Why EnMS is important for organizations?
ISO 50001 – Why EnMS is important for organizations?ISO 50001 – Why EnMS is important for organizations?
ISO 50001 – Why EnMS is important for organizations?
PECB
 
Integración entre la ISO 27001 y la certificación en continuidad de negocio I...
Integración entre la ISO 27001 y la certificación en continuidad de negocio I...Integración entre la ISO 27001 y la certificación en continuidad de negocio I...
Integración entre la ISO 27001 y la certificación en continuidad de negocio I...
PECB
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety Excellence
PECB
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management
PECB
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
PECB
 

En vedette (16)

Building Practical Risk Application into your QMS
Building Practical Risk Application into your QMSBuilding Practical Risk Application into your QMS
Building Practical Risk Application into your QMS
 
How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?How to determine a proper scope selection based on ISO 27001?
How to determine a proper scope selection based on ISO 27001?
 
How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation? How to minimize threats in your information system using network segregation?
How to minimize threats in your information system using network segregation?
 
The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015The influence of Deming's 14 points to ISO 9001:2015
The influence of Deming's 14 points to ISO 9001:2015
 
Verification Planning of Food Safety System
Verification Planning of Food Safety SystemVerification Planning of Food Safety System
Verification Planning of Food Safety System
 
Risk assessment techniques a critical success factor
Risk assessment techniques a critical success factorRisk assessment techniques a critical success factor
Risk assessment techniques a critical success factor
 
How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?How Climate Change is shaping the Future of Business?
How Climate Change is shaping the Future of Business?
 
ISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
ISO 37001 Implementation - The Key to Protecting Your Company’s ReputationISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
ISO 37001 Implementation - The Key to Protecting Your Company’s Reputation
 
Corporate Social Responsibility: Balancing the Risks and Rewards
Corporate Social Responsibility: Balancing the Risks and RewardsCorporate Social Responsibility: Balancing the Risks and Rewards
Corporate Social Responsibility: Balancing the Risks and Rewards
 
We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?We've been hacked! Now, what's the BCP?
We've been hacked! Now, what's the BCP?
 
ISO 50001 – Why EnMS is important for organizations?
ISO 50001 – Why EnMS is important for organizations?ISO 50001 – Why EnMS is important for organizations?
ISO 50001 – Why EnMS is important for organizations?
 
Integración entre la ISO 27001 y la certificación en continuidad de negocio I...
Integración entre la ISO 27001 y la certificación en continuidad de negocio I...Integración entre la ISO 27001 y la certificación en continuidad de negocio I...
Integración entre la ISO 27001 y la certificación en continuidad de negocio I...
 
How to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety ExcellenceHow to Establish a Culture of Safety Excellence
How to Establish a Culture of Safety Excellence
 
Soluciones para la administración de Riesgos
Soluciones para la administración de RiesgosSoluciones para la administración de Riesgos
Soluciones para la administración de Riesgos
 
6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management6 Pitfalls when Implementing Enterprise Risk Management
6 Pitfalls when Implementing Enterprise Risk Management
 
7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation7 Key Problems to Avoid in ISO 27001 Implementation
7 Key Problems to Avoid in ISO 27001 Implementation
 

Similaire à Leveraging Gap Assessments and Internal Audits in ISO 22301

Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Nimonik
 
New Techniques to Elevate QA to Program Assurance
New Techniques to Elevate QA to Program AssuranceNew Techniques to Elevate QA to Program Assurance
New Techniques to Elevate QA to Program Assurance
Susan Schanta
 
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness TrainingISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
Operational Excellence Consulting
 
PECB Webinar: Continuous improvement and project measurements when implementi...
PECB Webinar: Continuous improvement and project measurements when implementi...PECB Webinar: Continuous improvement and project measurements when implementi...
PECB Webinar: Continuous improvement and project measurements when implementi...
PECB
 
Management 5 - 7
Management 5 - 7Management 5 - 7
Management 5 - 7
Tim Arroyo
 
What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?
PECB
 
Best Practices for FPA and Month-End Close - FENG Workshop
Best Practices for FPA and Month-End Close - FENG WorkshopBest Practices for FPA and Month-End Close - FENG Workshop
Best Practices for FPA and Month-End Close - FENG Workshop
John Clinton, CPA
 

Similaire à Leveraging Gap Assessments and Internal Audits in ISO 22301 (20)

SFC Plan of engagement
SFC Plan of engagementSFC Plan of engagement
SFC Plan of engagement
 
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
 
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
 
Strategic Performance Management System
Strategic Performance Management SystemStrategic Performance Management System
Strategic Performance Management System
 
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
BCM Institute MTE Jeremy Wong - Business Continuty Management Benchmarking i...
 
PPT-for-report-march-19.pptx
PPT-for-report-march-19.pptxPPT-for-report-march-19.pptx
PPT-for-report-march-19.pptx
 
ReshmaDurjan.pdf
ReshmaDurjan.pdfReshmaDurjan.pdf
ReshmaDurjan.pdf
 
An introduction to the PDCA cycle
An introduction to the PDCA cycle An introduction to the PDCA cycle
An introduction to the PDCA cycle
 
The EISA Audit Presentation
The EISA Audit PresentationThe EISA Audit Presentation
The EISA Audit Presentation
 
Unit 5_Controlling.pptx
Unit 5_Controlling.pptxUnit 5_Controlling.pptx
Unit 5_Controlling.pptx
 
Program management scope management
Program management scope managementProgram management scope management
Program management scope management
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality Audits
 
New Techniques to Elevate QA to Program Assurance
New Techniques to Elevate QA to Program AssuranceNew Techniques to Elevate QA to Program Assurance
New Techniques to Elevate QA to Program Assurance
 
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness TrainingISO 22301:2019 (Business Continuity Management Systems) Awareness Training
ISO 22301:2019 (Business Continuity Management Systems) Awareness Training
 
PECB Webinar: Continuous improvement and project measurements when implementi...
PECB Webinar: Continuous improvement and project measurements when implementi...PECB Webinar: Continuous improvement and project measurements when implementi...
PECB Webinar: Continuous improvement and project measurements when implementi...
 
Management 5 - 7
Management 5 - 7Management 5 - 7
Management 5 - 7
 
Perforamance measurement
Perforamance measurementPerforamance measurement
Perforamance measurement
 
What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?What ISO Management Systems can learn from Balanced Scorecard?
What ISO Management Systems can learn from Balanced Scorecard?
 
Best Practices for FPA and Month-End Close - FENG Workshop
Best Practices for FPA and Month-End Close - FENG WorkshopBest Practices for FPA and Month-End Close - FENG Workshop
Best Practices for FPA and Month-End Close - FENG Workshop
 
Internal Audit
Internal AuditInternal Audit
Internal Audit
 

Plus de PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 

Plus de PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 

Dernier

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
Association for Project Management
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 

Dernier (20)

How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)Accessible Digital Futures project (20/03/2024)
Accessible Digital Futures project (20/03/2024)
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...Making communications land - Are they received and understood as intended? we...
Making communications land - Are they received and understood as intended? we...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 

Leveraging Gap Assessments and Internal Audits in ISO 22301

  • 1. LEVERAGING ASSESSMENTS AND AUDITS IN ISO 22301 Return on Investment through Performance Jan Decker Crisis Management Consulting BCMS Basics www.crisismanagementconsulting.com
  • 2. Jan Decker Lead consultant and owner of Crisis Management Consulting Jan Decker is a consultant in Emergency Management, Crisis Management and related Business Continuity plans, programs, and information systems. She is certified ISO 22301 Lead Implementer and Lead Auditor Trainer Contact Information Jan.decker@comcast.net www.crisismanagementconsulting.com https://www.linkedin.com/in/jan-decker-6b421b6
  • 3. A BCMS is a quality system • Planned • Strategic – targeted at goals, objectives and sustained mission achievement • Structured with policies, guidelines, and tangible elements • Can be verified • Operated by norms, processes and practices – repeated • Measured and assessed • Performance Outcomes • Meets or exceeds goals • Multiple outcomes and benefits • Investment is realized into real value • Quality Systems – ISO conformance is voluntary
  • 4. Built upon and/or aligned to the ISO 22301 standard • Major components – Clauses 4-10 • May share system components of Clauses 9-10 • Note that there are common elements in several Clauses
  • 5. Organization Mission, Goals and Objectives • Crosswalk the mission, goals and objectives of the organization to the standard • Crosswalk the standard to the organization and the existing/current BC program • Resolve any major gaps at the planning level • The Organization’s Mission is primary • The operation of the BCMS is meet to the Organization’s Mission • The ISO 22301 standard is the guide and criteria • If certification is the goal – then the Standard is primary
  • 6. Baseline Assessment – Starting Point • If there is no BCMS in place, this is a Gap Assessment with a preliminary comparison with the standard – and a set of gaps that present a work plan for alignment focused on alignment and conformance over quality and performance. • If there is a BCMS in place, this is a Gap Assessment on the following: • Conformance with the ISO 22301 Standard • Achievement of the Mission, Goals and Objectives of the Organization • Current performance with respect to the standard and policy • May include a focus on improvements
  • 7. Quarterly and Annual Audit Plan • If getting certified, the Assessment/Audit plan is fast tracked for 6-12 months to completed a full cycle of audit/correction action plan/improvement/verification/report and involvement of top management – and then the quarterly and annual plan is implemented.
  • 8. Quarterly and Annual Audit Plan - 3 year program • Plan to audit all clauses within 3 years • Plan to address major gaps of non-conformance within solution timelines • Plan to audit all major operations at least once a year • Track the audit plan and status with an annual report • Note where auditing in a clause also satisfies an audit in another clause - streamline
  • 9. Integrate Quarterly and Annual Audit Plan with the BCMS program and the Organizational Business Operation • Integrate audit plan and performance reports with other BCMS programs • Training • Testing and Exercise • Awareness • Competence • Risk Management • Strategic Planning
  • 10. Gap Assessment and Internal Audit Methodologies A Baseline Gap Assessment is a very comprehensive assessment. It is a comparison of the current program with the ISO Standard elements – there are 213 elements in ISO 22301.
  • 11. # BCMS Standard Element Comments 1 Top Management Commitment 2 Stakeholders 3 Policy 4 Organization and Assignments 5 Risk Assessment and Risk Treatment, BIA 6 Objectives 7 BC Plans 8 Competency 9 Communications 10 Training and Awareness 11 Tests, Drills and Exercises 12 Incident Documentation 13 After Action Review 14 Non-Conformities 15 Root Cause Analysis 16 Corrective Action Plans 17 Continuous Improvement 18 Audits – Internal 19 Audits – External 20 Annual Report 21 Top Management Review 22 1-3 year program One methodology is to outline the elements into major categories and create a basic checklist.
  • 12. # BC Plans Comments 1 Site Safety Plan – OSHA 1910.38 2 Business Unit Business Continuity Plans 3 System Disaster Recovery Plan 4 Crisis Management Plan 5 Facilities Damage Assessment and Recovery Plan 6 Public Information and Crisis Communication Plan 7 Security Plan - Facilities 8 IT Security Plan 9 Incident Specific Contingency Plans 10 Community Assistance Plan Example Detail List for Elements
  • 13. Comprehensive Assessment with the ISO 22301 Standard • Clauses 4-10 • Approximately 213 separate elements • If there are other ISO systems in place, Clauses 9 and 10 may require less review • Group together similar requirements
  • 14. Example – Top Management and Audits 5. 5.4 Organizational Roles, Responsibilities and Authorities b. Reports on performance to top management The audit reports are summarized and communicated to TOP MANAGEMENT - generally annually. Auditors should also meet with TOP MANAGEMENT during audits for the close out meeting and report. 5. 5.2 Management Commitment o. Ensure internal audits are conducted 9. 9.3 Management Review · Results of the BCMS audits and reviews, including suppliers and partners
  • 15. Use a Score Card for the first assessment
  • 16. Track Performance and Scores through Audit Tools
  • 17. Example – Quarterly Plan by BCMS Element
  • 18. Example – Quarterly Plan by ISO 22301 Clause 6. 6.2 Business Continuity Objectives and Plans Top Management SHALL ensure Business Continuity objectives are established and communicated for relevant functions and levels within the organization Business Continuity objectives are both high level and are from the Business Impact Analysis. The most common are: RTO, RPO, MAO, MBCO - there may be others.
  • 19. Example – Quarterly Plan by ISO 22301 Clause – by Organizational Component
  • 20. Strategic 3 Year Audit Plan and Tracking
  • 21. Overview – 3 Year Internal Audit Plan by Clause
  • 22. Self Assessment – Survey Tool Supplement to Interviews and Quarterly data collection • Survey selected elements and organizational units. • Collect and review responses • Collate data • Select specific units for verification
  • 23. Group Interviews and Review Meetings • Multiple Departments and Units • Conduct full survey of Program Components • Conduct survey of ISO Clauses • Combine with training • See plans and documents • Communicate goals, objectives, expectations • Bring in top management for communication
  • 24. Benefits and Advantages of Leveraging the Internal Audit Program • Raises Awareness of the Goals, Objectives and Components of the BCMS • Continuous Training through activities • Promotes the update and maintenance of the plans, procedures and processes • Encourages participation of the review and improvement plan
  • 25. Benefits and Advantages of Leveraging the Internal Audit Program • Completes the cycle of findings, solutions to gaps, implementation of solutions, and verification • Regular performance tracking proves that the BCMS is operational • Increases assurances that people and plans are ready • Continual improvement of the BCMS is aligned with the growth and expansion of the organization
  • 26. Performance and Reporting is the opportunity to show VALUE • Annual reporting highlights the avoided loss and the resilience of the organization – a success of the BCMS and a work product of the audits • Non-conformances equal potential failures and losses – conformance is a savings and an investment – validated by audits • Use a methodology to show risk reduction and increased sustainability as performance and continuous improvement is measured • Show the correlation between the BCMS and operational performance – highlight any incidents and recovery
  • 27. Return on Investment of the BCMS – through the Audit Program • Protection of the Value of the Organization – cost of the BCMS is a very small percentage of the gross annual operational value Cost of BCMS Services Contracts Dedicated Staff Training Time May limit this to the AUDIT cost Gross Annual Operational Value Total Revenue Total Sales Total Delivery of Services ($ Value) Organization Retail Value
  • 28. Return on Investment of the BCMS – through the Audit Program • Protection of the Value of the Organization – cost of the BCMS is a very small percentage of the gross annual operational value $100,000 $10,000,000 1%
  • 29. Return on Investment of the BCMS – through the Audit Program • Annual reporting highlights the avoided loss and the resilience of the organization – a success of the BCMS and a work product of the audits Avoided loss results in profits and/or the achievement of the mission of the organization This is proven through the audit program which reviews the performance tracking
  • 30. Return on Investment of the BCMS – through the Audit Program • Use a methodology to show risk reduction and increased sustainability as performance and continuous improvement is measured Performance of the BCMS has resulted in a 40% reduction in the overall risk score – validated through the audit program and annual reporting. This can be quantified into higher or greater resilience and therefore value to the organization.
  • 31. Leveraging the Internal Audit program with the other operational activities of the BCMS – maximize the effectiveness of the audit function • Include auditors in tests and exercises – they are trained, have greater understanding of what they are auditing and can provide an audit report to augment the audit plan • Plan training and awareness programs just before audits – audits reinforce the training • Use the audit findings for training and promotion of performance – champion good performance
  • 32. Leveraging the Internal Audit program with the other operational activities of the BCMS • Rotate internal auditors from one department to another – leverage the understanding within the organization of the high level objectives and integration of the plans and processes – cross training raises performance for the auditor in their own role and function in the BCMS • Notify auditor or supplement reports as solutions are implemented and updates are made – make this part of continuous improvement. • Treat auditors as a key component of performance.
  • 33. ISO 22301 Training Courses  ISO 22301 Introduction 1 Day Course  ISO 22301 Foundation 2 Days Course  ISO 22301 Lead Implementer 5 Days Course  ISO 22301 Lead Auditor 5 Days Course Exam and certification fees are included in the training price. https://pecb.com/iso-22301-training-courses| www.pecb.com/events
  • 34. THANK YOU ? Jan.decker@comcast.net www.crisismanagementconsulting.com https://www.linkedin.com/in/jan-decker-6b421b6