With an attendance of more than 150 people from different industries, the maximum capacity was practically cover.
- Introduction and welcome by Marcio Viergas (BSi general director). Provides the general definitions of an ISO standard, the different committees and how BSi, as a standard developer, has historically contributed with a lot of norms developments that has became international standards. ISO 22301 is called to be an important international reference and is predicted to be a boost for the industry and, seeing the attendees to the conference, looks set to become a reality.
- From BS25999 to ISO 22301 - Business Continuity Management by Agustín Lerma (BCM Product Manager at BSi) Agustín provides in general terms the content of the standard and the correspondence with the Demming cicle, which is mainly the following :
Plan
|
4. Context of the organization
5. Leadership
6. Planning
7.Support
|
Do
|
8. Operation
|
Check
|
9. Performance Evaluation
|
Act
|
10. Improvement
|
Agustín also define the alignment of the standard with Guide ISO 83, about standard structure, PAS 99 about management systems and ISO 31.000 related with risk analysis.
- The new International Standard for Business Continuity: ISO 22301. Dave Austin (member or ISO committee for standard 22301 development) Dave exposed deeply the standard, in some points overlapping with Agustín lecture. Highlighting the following points:
- Standard is equivalent to BS 25999-2, so the schema will be completed when ISO 22313 were published. Its publication is scheduled for next year.
- There are a new concept MBCO (Minimum Business Continuity Objective)
- Legal requirement specific for each country are included.
- Risk evaluation is aligned with ISO 31000
- Strategy had some shortages in BS25999, in the new standard it has a better definition, proposing the identification to reduce probability and impact, RTOs definition, resources needs and actions to protection and mitigation requirements compliance.
- Incident communication: is much more complete and gives more importance. A better integration with emergency system is proposed.
- Business Continiuty Management end to end. Fernando Picatostes (Deloitte) The lecture was based on Deloitte business continuity methodology, focused in risk too much. Incidents in which Deloitte was involved some years ago (Windsor building and Twin Towers) were mentioned, as usual.
- Crisis management and Business Continuity. Andrés Gonzalez (Near Technologies) made a review of the main security and business continuity incidents occurred lately and lesson learned for each one: Twin Towers, Tepco in Japan, Spanair MD-82, etc. The "prezi"ntation can be viewed here
- Risk Management ISO 31000 and integration with new ISO 22301. Angel Escorial (AGERS) After a description of what Asociación Española de Gerencia de Riesgos y Seguros is, Angel make a deep review of the standard 31000 and the contrast between this standard and ISO 22301. From a personal point of view, the lecture was very interesting and I highlight a phrase: Risk management works with impact, while BC management works with time and impact. If we think on continuity as risk management, I think is not the better approach, aligned with the tittle of this blog.
- Business case of Telefónica UK in Business Continuity. David Clarke (Telefonica O2) With on of the most complex business continuity management, David expose the long way he have to walk before the certification. From the lecture I highlight the benefits of implementing the BCM, what I think is key for every BCM system:
- Increase trust from customers, partners and third parties.
- Ability to work with suppliers to build continuity strategies
- Industry recognition
- Experts colloquium- Workshop about new standard ISO 22301. Julio San Jose (Bankinter), Fernando Picatostes (Deloitte), Andrés Gonzalez (Near Tech.). Moderator: Marcio Viegas. Due to agenda problems, I cannot attend this interesting colloquium.
Conclusions
With a great attendee, the event shows the general interest in Business Continuity from the different Spanish companies and organization. Furthermore, the fact that ISO 22301 has been launched do foresee that the directors interest in BC will rise.
From an organizational point of view, once again, congratulate BSi by the professionalism with which held both the call as the event itself (Congratulations Patricia, Silvia, Beln and company)
About contents, I think that attendees general feeling was they were poor, mainly those from BC service providers.
About contents, I think that attendees general feeling was they were poor, mainly those from BC service providers.
No comments:
Post a Comment