Effective Business Continuity Management: ISO 22301

Course Overview

This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Management System for business, government and not-for-profit organizations. This workshop provides practical tools and techniques for creating and maintaining a Business Continuity Plan, and a comprehensive overview and understanding of BCM, its principles, and methodologies, and best practices with a special focus on ISO 22301, the new International Standard for BCM, and related standards including ISO 31000 for RiskManagement and ISO 22398 for Exercising and Testing your BCMS.

Course Objectives

At the conclusion of this course, participants should:

  • Have a solid understanding of the overall Continuity Management lifecycle
  • Have the tools and knowledge required to conduct Risk Assessments and ImpactAnalyses for their organization
  • Know how to identify and select cost-effective Continuity strategies for key business activities and supply chain management
  • Be able to guide their IT and business unit personnel through the development of practical and effective computer recovery and business resumption plans
  • Understand the advantages and disadvantages of plan development software packagesand commercial recovery services
  • Know how to establish the organizational framework required to enable their BusinessContinuity program
  • Be able to implement an effective Crisis Management structure within their organization
  • Know how to keep their plans current and viable
  • Have the tools and knowledge required to plan and coordinate effective tests and exercises
  • Know how to maintain support and commitment for the Business Continuity program
  • Be successful when taking the CCM exam

Course Content

1. Identifying and selecting Business Continuity strategies for:

  • Mitigating risk
  • Reducing impact
  • Recovering computer systems
  • Resuming business operations

2. Risk Assessment and Business Impact Analysis - What threatens your organization?

  • Understanding the need for a Business Continuity program
  • Defining your organization's Business Continuity requirements
    • Conducting a Business Impact Analysis
    • Conducting a Business Continuity Risk Assessment

3. Developing plans for Supply Chain Continuity

  • Identifying and prioritizing critical elements of the supply chain
  • Identifying and developing supply chain options

4. Developing plans for business resumption

  • Initial response and assessment
  • Interim contingencies
  • Resource provisioning
  • Business resumption
  • Return to normal

5. Developing a Crisis Management Plan:

  • Creating a Crisis Management Team
  • Establishing on-site and off-site Command Centers
  • Escalating emergencies and activating Business Continuity teams and plans
  • Crisis management checklists to help the CMT with ‘crisis project management’

6. Key Components in a Crisis Management Plan:

  • Decision-making authority
  • Coordination with public authorities
  • Human resources issues
  • Financial control issues
  • Legal, contractual and regulatory issues

7. Crisis Communications:

  • Dealing with the media and managing corporate image
  • Communicating proactively with customers, suppliers, and other stakeholders
  • Addressing the needs and concerns of employees and their families
  • Communications between the Crisis Management team and Business Continuity teams
  • Guidelines for Effective Media Relations—broadcast interviews, print media, news conferences

8. Awareness and Training

  • Defining your Awareness and Training Requirements
  • Designing your A&T Program
  • Implementing the Program
  • Measuring Program Effectiveness
  • Managing the Ongoing Program

9. What should you test, when should you test, how should you test? Review of Techniques for Validating and Maintaining Business Continuity Plans:

  • Desk Checks; Peer Reviews
  • Structured Walkthroughs
  • Standalone Tests; Integrated Tests
  • Operational Tests
  • Call Tree Tests

10.Test your plan, exercise your people - Review of Techniques for Training and Exercising Business Continuity Teams:

  • Table Top Exercises
  • Simulation Exercises
  • Drills
  • Operational Exercises
  • Mock Disasters

11. Setting Test and Exercise Objectives:

  • Planning and Preparation
  • Measuring Success and Performance
  • Critical Success Factors

12. Plan Maintenance:

  • Establishing a repository for all plan documentation and procedures
  • Implementing a Change Control system
  • Administering the maintenance process
  • Developing and ensuring compliance with corporate policies and standards

13. Plan Evaluation:

  • Reviewing periodic Risk Assessment and Business Impact Analysis
  • Identifying significant changes to business units and key business activities
  • Reviewing current strategies for reducing risk, reducing impact, recovering computer systems, resuming business operations

14. Plan Administration:

  • Administering the plan maintenance process
  • Centralized versus decentralized administration
  • Managing access and dissemination of plan contents
  • Reviewing and updating Business Continuity requirements
  • Auditing the Business Continuity program

Course Methodology

The training is going to be highly interactive combination of lectures, group discussions, questionnaires, individual reflections, role plays, simulations and videos.

Target Audience

This course is designed for new and/or experienced BCM practitioners, executives, managers, business continuity planners and business unit staff who are involved in or manage business continuity planning functions. It is also highly useful for internal and external auditors, records managers, information technology managers, administrative heads, and others responsible for the effective administration of any size of organization.

Duration

5 days (08:30–14:30) with appropriate breaks for tea/refreshments and lunch.

Related Courses

View All Courses