Become a Certified ISO 22301 Lead Auditor

Can you continue your operations even with your key location unavailable?

You are invited to join us in Dallas, TX for the ISO 22301 Lead Auditor training and certification on 10-14 June.

Develop the expertise to perform a Business Continuity Management System (BCMS) audit by applying widely recognized audit principles, procedures and techniques. During this training, you will also acquire the necessary knowledge and skills to plan and carry out internal and external audits in compliance with ISO 19011 and ISO/IEC 17021-1 certification process.

Click here for more registration and information
Advertisements

Business Continuity and Disaster Recovery solutions and services market growth

This report tracks the major market events including product launches, development trends, mergers & acquisitions and the innovative business strategies opted by key market players. Along with strategically analysing the key markets, the report also focuses on industry-specific drivers, restraints, opportunities and challenges in the Business Continuity And Disaster Recovery Solutions And Services market.

This report offers in-depth analysis of the market size, share, major segments and different geographic regions for the next seven years

This research report offers in-depth analysis of the market size (revenue), market share, major market segments and different geographic regions, forecast for the next seven years, key market players and industry trends.

The global disaster recovery solutions market size is expected to reach USD 26.23 billion by 2025, registering a strong CAGR of 36.5% during the forecast period. Top Companies in the Global Business Continuity And Disaster Recovery Solutions And Services Market: IBM, Microsoft, Sungard as, Iland, Infrascale, Bluelock, Recovery Point, NTT Communications, Amazon Web Services, Acronis, Cable & Wireless Communications, Tierpoin, Geminare… and others.

Read entire post Business Continuity and Disaster Recovery solutions and services market growth | Market Trends

Half of UK businesses don’t believe in their business continuity plan

Roughly half of businesses in the UK (46%) are not confident their business continuity plans are up to date, according to fresh reports from Databarracks.

Polling businesses ahead of the Business Continuity Awareness Week (BCAW), the report says that organisations are being regularly exposed to potential business disruptions because of poor BC management. Databarracks’ managing director Peter Groucutt says organisations should be investing in resilience, but “this is not happening across half of UK organisations”.

He believes it is critical for organisations to tweak and test their BC plans on regular basis. A three-year old plan won’t be of much help, as it may refer to employees that retired or left the company in the meantime.

Read entire post Half of UK businesses don’t believe in their business continuity plan | Sead Fadilpašić | ITProPortal

The importance of Business Continuity in developing a more resilient Supply Chain

There is an increased understanding that it is a necessity to fully involve the entire Supply Chain in the Business Continuity Management System of an organization.

Fully including the Supply Chain in the company’s Business Continuity Management System helps safeguard the ability to meet those expectations

Customers expect products and services to be delivered as agreed upon. Fully including the Supply Chain in the company’s Business Continuity Management System helps safeguard the ability to meet those expectations.

The Supply Chain Continuity training helps you do just that!

This two-day training will allow participants to explore and understand the ways Supply Chain Management and Business Continuity Management need to work together to create a more resilient organization.

This training is fully compatible with Business Continuity Management best practices and internationally recognized standards ISO 22301 (Societal security – Business Continuity Management Systems – Requirements), ISO 28000 (Specification for Security Management Systems for the Supply Chain) and ISO 31000 (Risk Management – Guidelines, provides principles, framework).

Audience

This course is designed for all involved in Supply Chain Management who wish to better understand the concepts related to Business Continuity Management and Risk Management. This course is also for those seeking a more in-depth understanding of Supply Chain Continuity planning:

  • All those involved in Supply Chain Management wishing to better understand Business Continuity Management and Risk Management concepts
  • Business Continuity managers and team members
  • Project managers and consultants involved in the implementation of a complete BCMS
  • Risk managers
  • Auditors and compliance managers
  • Anyone seeking a more in-depth understanding of Supply Chain Continuity planning

Objectives

  • Explore the shared interests of Business Continuity and Supply Chain Management
  • Understand the importance of Business Continuity in developing a more resilient Supply Chain
  • Understand the importance of full inclusion of the Supply Chain in Business Continuity planning
  • Identify ways to avoid risky suppliers, vendors, and outsourcing companies

BCM Supply Chain Continuity training schedule

Click the table below to see our complete training schedule

supply chain continuity training schedule

ISO 22301:2019 What will change?

The first edition of ISO 22301 was launched in May 2012. It was the first truly internationally accepted standard on business continuity, and it consists of requirements to implement a Business Continuity Management System according to ISO Annex SL. As such, it stood in line with its prominent predecessors such as ISO 9001 and ISO/IEC 27001.

When ISO/TC 292 (ISO Technical Committee 292 on SEcurity and Resilience), its workgroup WG 2 – responsible for this standard – first asked within the community about the need to update it, there was an astonishingly little response.

We, as members, could not believe that nobody had the intention or desire to update this international standard. However, all of a sudden, the interest exploded and teh respective Project Team within WG 2 was challenged within an unprecendented volume of change requests concerning ISO 22301:2012.

Read entire post ISO 22301:2019 What will change? | PECB Insights

 

Cyber resilience vs business resilience

This article is divided in two parts. First, it guides you into thinking about cyber-resilience: What is it about? What are its characteristics and its differences with the more traditional cases of unavailability of information technologies? The second part proposes an exploration of responses through the development of a “Cyber Resilience Plan” integrated with the other plans of the Business Continuity Management System.

The question is no longer when you will be impacted, but how you will react when faced with three major risks:

    • Your data is destroyed or corrupted
    • Your activities suddenly stop
    • Communication is no longer possible
Read entire post Cyber-resilience vs business resilience | PECBInsights

Discover the Certified ISO 22301 Lead Implementer training

ico ISO22301-LI-p4-EnglishISO 22301 Lead Implementer training course enables you to develop the necessary expertise to support an organization in establishing, implementing, managing and maintaining a Business Continuity Management System (BCMS) based on ISO 22301.

During this training course, you will also gain a thorough understanding of the best practices of Business Continuity Management Systems and be able to provide a framework that allows the organization to continue operating efficiently during disruptive events.

Check out our complete Certified ISO 22301 Lead Implementer training schedule.


Audience
  • Managers or consultants involved in Business Continuity Management
  • Expert advisors seeking to master the implementation of a Business Continuity Management System
  • Individuals responsible for maintaining conformance with BCMS requirements
  • BCMS team members

Delivery and duration

Objectives
  • Acknowledge the correlation between ISO 22301 and other standards and regulatory frameworks
  • Master the concepts, approaches, methods and techniques used for the implementation and effective management of a BCMS
  • Learn how to interpret the ISO 22301 requirements in the specific context of an organization
  • Learn how to support an organization to effectively plan, implement, manage and maintain a BCMS
  • Acquire the expertise to advise an organization in implementing Business Continuity Management System best practices

General information
  • Exam and certification fees are included in the training price
  • Training material containing over 450 pages of information and practical examples will be distributed
  • A certificate of attendance will be issued to the participants
  • In case of failure of the exam, participants are allowed to retake it for free under certain conditions

Examination and certification

The “Certified ISO 22301 Lead Implementer” exam is available in different languages including English, French, Spanish and Portuguese.

After successfully completing the exam, participants can apply for the credentials of Certified ISO 22301 Provisional Implementer, Certified ISO 22301 Implementer or Certified ISO 22301 Lead Implementer, depending on their level of experience. A certificate will be issued to participants who successfully passed the exam and comply with all the other requirements related to the selected credential.

Check out our complete Certified ISO 22301 Lead Implementer training schedule.


Testimonials

”The training went great and much of that was Jan’s ability to bring the material to life. Training with a small group allowed us to fully explore the material while sharing insights and building a budding network of continuity practitioners to lean on moving forward.”
November 2017 – Portland, OR, USA

”Very satisfied with the course/content. I am happy to recommend to colleagues. Very good trainer. Interacted well with the group, very friendly and very good at putting people at ease. Overall excellent course.”
June 2016 – London, UK

”The trainer showed in-depth practical knowledge of the topic with excellent examples. He managed to turn a relatively dry and boring standard into a fascinating course. Important or more applicable examples from our business perspective were discussed in detail. I recommend the trainer”
September 2015 – Strasbourg, France

Business Continuity Awareness Week 2019

Business Continuity Awareness Week (BCAW) is an annual global event that is facilitated by the BCI and is a key vehicle to raising the awareness of the profession and demonstrating the value effective business continuity management can have to organizations of all types of sizes.

This year’s theme is “investing in resilience”.

  • See our collection of news and articles about Businesss Continuity and BCAW2019
  • Raise awareness of Business Continuity within your organization by downloading the free resources provided by the BCI Institude to help spread the word.

BCAW 2019 posters

Past, present and future of ISO 22301 – The Business Continuity Standard review

The world is currently witnessing disasters and crises that quickly cross borders. As these disasters dramatically increase in frequency, impact, and complexity, organizations need to provide careful planning to achieve the desired prosperity. The organizations should take all the necessary measures to be prepared for overcoming the ever-challenging aspects of disasters and unexpected situations. In addition to recessions, cyber-attacks, and natural disasters, organizations are also threatened by new risks related to public health or supply chain interruptions.

In addition to cyber-attacks and natural disasters, organizations are also threatened by new risks related to public health or supply chain interruptions

Given the continuous change in the causes, triggers, and impacts of disasters, businesses have to prepare protection schemes which help them deal with the unexpected events. Considering that many organizations operate and compete in a global market, businesses cannot afford interruptions of operations, as it will result in huge long-lasting negative impacts.

To avoid such severe impacts, it is important that every organization has a Business Continuity Plan in place. Business Continuity (BC) is the ability of an organization to continue operating during and after a disaster, and the ability to recover within a short period of time. Also, a Business Continuity Plan (BCP) is strongly related to contingency, as well as to resilience and recovery.

Read entire post Past, Present and Future of ISO 22301 – The Business Continuity Standard Review | PECBInsights

Why natural disasters are getting more expensive

Extreme weather events are becoming more frequent, and more costly. According to one estimate, natural disasters caused about $340 billion in damage across the world in 2017. And insurers had to pay out a record $138 billion. The $5 trillion global insurance industry plays a huge role in the U.S. economy. Insurance spending in 2017 made up about 11 percent of America’s GDP.

Natural disasters cost the USA $91 billion in 2018, according to a new report from the National Oceanic and Atmospheric Administration.

The report’s findings are a sign that the changing climate and increasing numbers of extreme weather events are having a significant economic impact, even as the Trump administration continues to undo Obama-era climate regulations.

Read entire post Why natural disasters are getting more expensive | CNBC

What will we be saying after the next really big one?

“Subduction-zone earthquakes operate on the…[principle that] one enormous problem causes many other enormous problems.”
— Kathryn Schulz, The Really Big One

In her Pulitzer Prize–winning article “The Really Big One,” New Yorker staff writer Kathryn Schulz tells the story of the worst natural disaster in the history of North America. According to scientists, on or about January 26, 1700, a massive earthquake in the Pacific Northwest ripped a gash in the earth’s crust along a line from Vancouver Island in Canada south nearly six hundred miles into Northern California, causing massive devastation.

A massive earthquake in the Pacific Northwest ripped a gash in the earth’s crust, causing massive devastation

The geological record indicates that these “great earthquakes” (those with a magnitude of eight or higher) occur in this area of the Pacific Northwest about every five hundred years on average.

In “The Really Big One”, Schulz describes for us the implications of this revelation. When it comes, the next Really Big One could impact an area of 140,000 square miles and devastate major population centers like Seattle and Tacoma in Washington, and Portland, Eugene, and Salem in Oregon. Seven million people could be cast into this parallel universe, of which nearly 13,000 people could die and another 27,000 could be injured. When it happens, we would need to provide shelter for a million displaced people, and food and water for another two and a half million.

The following excerpt is what we call a worst-case scenario:

“When the Cascadia earthquake begins, there will be… a cacophony of barking dogs and a long, suspended, what-was-that moment before the surface waves arrive…

Soon after that shaking begins, the electrical grid will fail, likely everywhere west of the Cascades and possibly well beyond. If it happens at night, the ensuing catastrophe will unfold in darkness…

Anything indoors and unsecured will lurch across the floor or come crashing down: bookshelves, lamps, computers, canisters of flour in the pantry. Refrigerators will walk out of kitchens, unplugging themselves and toppling over. Water heaters will fall and smash interior gas lines. Houses that are not bolted to their foundations will slide off…

Other, larger structures will also start to fail… across the region, something on the order of a million buildings will collapse…

The shaking from the Cascadia quake will set off landslides throughout the region—up to thirty thousand of them in Seattle alone… It will also induce a process called liquefaction, whereby seemingly solid ground starts behaving like a liquid, to the detriment of anything on top of it… Together, the sloshing, sliding, and shaking will trigger fires, flooding, pipe failures, dam breaches, and hazardous-material spills. Any one of these second-order disasters could swamp the original earthquake in terms of cost, damage, or casualties—and one of them definitely will. 

Four to six minutes after the dogs start barking, the shaking will subside. For another few minutes, the region, upended, will continue to fall apart on its own. 

Then the wave will arrive, and the real destruction will begin.”

Never tell me the odds

The odds of a big Cascadia earthquake happening in the next fifty years are roughly one in three. The odds of the next Really Big One are roughly one in ten. Even those numbers do not fully reflect the danger—or, more to the point, how unprepared the Pacific Northwest is to face it.

We should pause for moment to take all of this in. The enormity of this breathtaking scenario makes it difficult to contemplate fully. But contemplate, we must.

The odds of a big Cascadia earthquake happening in the next fifty years are roughly one in three.

And then, after we have contemplated for a while, somebody needs to get to work. I have an idea: how about we build a Pacific Northwest Cascadia Subduction Earthquake and Tsunami Response Plan? The PNCSETRP (as I like to call it) would be massive and unprecedented, nothing less than a comprehensive, proactive, integrated, and all-of-nation plan.

How about we build a Pacific Northwest Cascadia Subduction Earthquake and Tsunami Response Plan?

Although it sounds complicated, all you really need to do is to put all the people who would be responsible for a Pacific Northwest Cascadia subduction earthquake and tsunami response in the middle of an imagined Cascadia subduction earthquake and tsunami to figure things out ahead of time, instead of in the fog of war.

Thanks to Kathryn Schulz’s elegant scientific narrative we have an incredibly detailed imagined disaster to work with.

So, let’s do that now. Let’s imagine that it’s 2:35 p.m. on a rainy Saturday afternoon in March and the next Really Big One hits.

We need to think through exactly what that would look like

Kelly McKinney is the author of Moment of Truth, released in July by Post Hill Press.

We need to quantify the unprecedented surge that the crisis will bring. We need to understand, in as much fine-grained, colorful detail as possible, that enormous problem that causes so many other enormous problems. We need to list all of the issues that we—the United States and the world—would be dealing with as that Saturday afternoon turns into a long Saturday night. We need to think about the people—the seniors, the individuals with disabilities, the children and families—who would be trapped inside that parallel universe.

Instead of trying to think through these things then, we need to do it now, so that we know what we will tell them about when we are going to reach them. About how we are working across 140,000 square miles of affected area to rescue people from collapsed buildings, pump out the water, get power and cell phone service back, and clear the streets. About how we are providing shelter for a million displaced people, and food and water for another two and a half million.

To be able to do these things then, we need to get to work now.

We must travel through the wormhole and into that parallel universe, to spend as much time as possible in the Pacific Northwest on that Saturday afternoon with those collapsed buildings, blocked roadways, stuck trains, trapped victims, dead and injured people, and debris in the streets. We must figure out everything we would have to do all at the same time, who is going to do it, and where we are going to get all of the stuff we will need to make it happen.

Let’s imagine that it’s 2:35 p.m. on a rainy Saturday afternoon in March and the next Really Big One hits.

I hate to be the one to break it to you, but we are not doing this work today

Instead, in cities and states all over the Pacific Northwest, and the nation, disaster professionals sit around in small groups in carpeted conference rooms, using rational thought processes to write pieces of the plans about pieces of the job they think they own. And, by the way, these plans have been shown to work spectacularly well… in carpeted conference rooms.

Why do we instead sit in carpeted conference rooms with our cliques asking the same old questions?

There is no substitute for an integrated, all-of-nation planning process like the one described above. So why are we not doing it? Why do we instead sit in carpeted conference rooms with our cliques telling war stories, asking the same old questions, and speaking the same tired platitudes?

Why, instead of spending time trying to understand the enemy, do we clutter our minds with process and unrealistic expectations—so that we are surprised, caught off guard, when the realities that the crisis inevitably brings don’t fit our processes or expectations?

Why indeed.

To protect your Supply Chain… Purchase your suppliers or create supply partnerships?

For companies that rely on suppliers for critical raw materials, components, or services, there is tremendous dependence on those suppliers to meet the requirements and expectations of the company’s customers and other stakeholders.

One viable strategy that can be used for eliminating this reliance is a supplier buyout, the company buys its supplier. While this may be viewed as extreme, today we are seeing this approach used across a spectrum of businesses and industries.

Lower costs and greater margins

In the case of some companies and some of their most critical and/or risky suppliers, it may be in the company’s best interest. Potential benefits can include lower costs and greater margins, increased quality control, improved logistics and transport, and timely and accurate information flow. Combined, these benefits create a competitive advantage. Acquiring a supplier also results in diversification as the company branches out into new products or services.

A significant added value is the resulting improvement in business continuity management and resilience

A significant added value is the resulting improvement in business continuity management and resilience. Vertical integration eliminates some risks and provides greater control of managing those that remain. The purchasing company now controls the business continuity management system of the former supplier and can set continuity requirements for tier suppliers. The risk of being second, third, or fourth in line when there is a shortage of a critical raw material or component is eliminated. This approach is an even greater benefit when there is no alternate supplier.

Some interesting and informative examples of this strategic supply chain management approach are described in “Luxury Brands Buy Supply Chains to Ensure Meeting Demand” by Mark Ellwood (New York Times, November 15, 2018) and reprinted in The Resilience Post, November 19, 2018.

Two sides of the coin

Yet, as with almost everything in business – as in life – there are two sides of the coin to be considered. Does the company want to take on the risks that will come with an acquisition? Is the company prepared for diversification? Will the result be a less agile organization? A deep dive into the costs vs. the benefits of any acquisition is a must. Acquiring a company requires a significant investment, and financial benefits are not often realized in the short term.

Avoid the old view of a them against us approach. How about working together instead?

The reality is that for many companies purchasing even their most critical suppliers and other supply chain links is not a viable option, and not every supplier is interested in being purchased. In those instances, there are many other effective ways to protect a company’s supply chain, and the most effective of these is partnering with suppliers and developing collaborative, mutually beneficial relationships. In these partnerships, supply chain continuity challenges cannot only be resolved by cooperative planning and response, they can often be prevented with collaborative mitigation. Avoid the old view of a them against us approach.  How about working together instead?

Avoid the old view of a them against us approach. How about working together instead?

A win-win for all concerned

Take a more strategic, not a reactive, approach to supplier management. Provide your suppliers with knowledge about your company, its products and services, how it functions, its business continuity management system, your expectations of them, ethical and sustainability standards, and future plans. At the same time, seek to learn the same information about your suppliers. Build a mutual understanding of upstream, internal, and downstream risks that threaten the supply chain. While this approach does require an investment of resources, the return is long-lasting, trusting relationships that, over time, will lead to a more effective supply chain, a win-win for all concerned.

In most cases, while the customer is at risk from its supply chain, the suppliers are equally at risk from their customers

If purchasing suppliers is not in your company’s future, strive to establish and create improved working partnerships with suppliers and all other links in your supply chain to better understand each other’s risk management challenges and capabilities and to collaborate on business continuity strategies and plans. Customer-supplier relationships are interdependent. In most cases, while the customer is at risk from its supply chain, the suppliers are equally at risk from their customers. In ideal supply chain relationships, both customers and suppliers seek to build a connection and communication channels that allow the open exchange of information. This includes collaborative efforts to lower costs, improve quality, mitigate supply chain risks, and provide mutual assistance at the time of an actual disruption or disaster.

In ideal supply chain relationships, both customers and suppliers seek to build a connection and communication channels that allow the open exchange of information.

Strategic approach to Supply Chain Continuity

Begin by ensuring that suppliers know and understand your business continuity goals and requirements. Take a collaborative strategic approach to supply chain continuity. Host or attend a supply chain continuity training where suppliers’ continuity and supply representatives join their counterparts from your organization to learn, brainstorm, and begin the process to build mutually beneficial supply chain continuity strategies to better manage risks that pose a threat to the supply chain. Don’t overlook other supply chain links such as logistics, transport providers, outsourcing companies, and contractors.

Don’t overlook other supply chain links such as logistics, outsourcing companies, and contractors.

Participate in one another’s business continuity exercises. Strive to mutually design resilient supply chain strategies. Everyone wants to operate profitably in today’s supply chain environment, and every link in the chain has a vested interest in improved business continuity capabilities that reduce unnecessary and potentially lengthy business interruptions. When there is a stronger, more resilient supply chain, everyone benefits.

Although any move to a partnering approach to building relationships and working with suppliers and other supply partners, compared with the more traditional dictatorial and adversarial tactics, may well require a significant shift in mindset for some, it will benefit the customers and the suppliers and their stakeholders – and create more resilient organizations.