Disaster Recovery and Business Continuity Planning - Where to start?

K

kukani41

#11
Hi Richard

I am going to use ISO 22301 as the framework. I have got a few books to read up about it: auditing business continuity management plans - assess and improve your performance against ISO 22301 and business continuity management systems - implementation and certification to ISO 22301 but neither gives me good examples of the risk assessment, what a policy looks like, bia etc.

Sue:cool:
 
Elsmar Forum Sponsor

Richard Regalado

Trusted Information Resource
#12
I'll share a project plan I'm using for you to better understand the activities and efforts involved from your end and the client.

Don't worry, what you can't find in the books, the Cove can pitch in.

I'll be back.


Richard
 
K

kukani41

#14
Thanks for that Richard - do you have a template of your gap analysis report that I could look at trying to implement here?

Thanks

Sue
 

Richard Regalado

Trusted Information Resource
#15
Hi Sue.

I don't see how a gap analysis report could benefit you at this point. If I share with a report from a client with most of the mandatory requirements in-place, it would just be tick mark or "Compliant" on the particular requirement of ISO 22301.

Where are you with your implementation? Let me know where you've hit quagmire.

Add: check the sample implementation plan and let me know where you are.

Regards,
Richard
 
K

kukani41

#16
Hi Richard

I am at the beginning gathering data. The reason i asked for gap analysis report was to see what I needed to put in place and work backwards. So for example I need to list the regulatory, contractual and other requirements from employees, to media, to clients etc but I am not sure how that document should look and what exactly I need to put into it. Do I list all employees or can i just refer them to the org chart?

I need to see templates so that I can see what can be setout. I have looked online and to buy templates it is really expensive so hoping people on here can help me instead.

Sue
 
#17
Sue:

A "gap analysis" isn't something anyone else can give you, except for someone - like a consultant - who performs such an analysis. There are 3 types of gap which need to be understood, compared to a standard like ISO 22301, for example:

Something ISO 22301 requires and you have, but it's not formal, or part of a system.

Something ISO 22301 requires and you have never done

Something which ISO 22301 requires and you have done, in some manner, but it hasn't worked well.

You have to understand these 3 "gaps", with your management, to plan to close the gaps - if certification is an option (or even just self declared compliance).

They are unique to your organization, so some other organization will be different.

Also, there's a good reason why help costs! If it is credible, someone put a lot of their expertise into creating such templates etc. You're paying for that. But, beware! You may be simply charged for something which isn't worthwhile, and is just a set of documents which is supposed to meet ISO 22301 (or similar) and isn't really created with any knowledge of HOW to implement. Choose carefully!
 

Johnnymo62

Haste Makes Waste
#18
Hi,

Is the US NFPA1600 Standard on Disaster/Emergency Management and Business Continuity Programs comparable to the ISO standard?
 
#19
Hi,

Is the US NFPA1600 Standard on Disaster/Emergency Management and Business Continuity Programs comparable to the ISO standard?
Somewhat. Under the DHS's "PS-Prep" certification, BS 25999, HFPA 1600 and ASIS SPC-1 were available for implementation/certification. However, they are not the same and have somewhat different application(s) - continuity vs "resilience". Since ISO 22301 has basically replaced BS 25999, this gap has widened somewhat.
 
Thread starter Similar threads Forum Replies Date
D Exercising Business Continuity or Disaster Recovery Plans Business Continuity & Resiliency Planning (BCRP) 5
S Business Continuity Disaster Recovery Gantt Chart Business Continuity & Resiliency Planning (BCRP) 5
A Business Continuity ? Disaster Recovery and Crisis Management differences Business Continuity & Resiliency Planning (BCRP) 8
Sidney Vianna ANAB - Certified Organizations Business Continuity and Disaster Recovery Business Continuity & Resiliency Planning (BCRP) 0
C Review the IT Disaster Recovery Planning Process IT (Information Technology) Service Management 8
C Cleanroom Disaster Recovery for ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 8
Q Should advance notice be given for Disaster Recovery Audit? Business Continuity & Resiliency Planning (BCRP) 9
GStough Is A Re-Audit Necessary after Disaster Recovery? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
B How do you help sustain disaster recovery if one problem comes after the other? Business Continuity & Resiliency Planning (BCRP) 11
S Risk Management in terms of Technical and Commercial Failure (Disaster Recovery) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
T Controlled Environment Procedure: Disaster Recovery Plan ISO 13485:2016 - Medical Device Quality Management Systems 14
M Disaster Recovery Plan for a Pharmaceutical Company Miscellaneous Environmental Standards and EMS Related Discussions 3
D Disaster Recovery Plan - I cannot find references to same in ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 3
E ISO 9001:2000 - Document Disaster Recovery Program Requirement? Document Control Systems, Procedures, Forms and Templates 33
X TL9000 Clause 7.1.C.3 - Interpreting the Disaster Recovery clause TL 9000 Telecommunications Standard and QuEST 2
Randy Remote auditing (for disaster, disease, disturbance etc...) during the Neo Coronavirus Pandemic and Social Distancing Registrars and Notified Bodies 7
Hershal Fire disaster in Southern California (Blue Cut fire) - August 2016 Coffee Break and Water Cooler Discussions 22
E Disaster Contingency - Is it a requirement in ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
AnaMariaVR2 Finding a Common Language for Disaster-resistant Supply Chains Supply Chain Security Management Systems 1
S Disaster Management for a Waste Management Firm Miscellaneous Environmental Standards and EMS Related Discussions 5
John Broomfield Rocket Engineer who foretold the Challenger disaster is dead Coffee Break and Water Cooler Discussions 8
Richard Regalado Elsmar Cove BCP - Continuity of the forum when disaster strikes Business Continuity & Resiliency Planning (BCRP) 11
Richard Regalado Symantec 2011 SMB Disaster Preparedness Survey Business Continuity & Resiliency Planning (BCRP) 6
A Transocean Execs Get Bonuses after ?Best Year in Safety,? Despite Gulf Oil Disaster. World News 1
RoxaneB Vendor Listing in a Business Continuity Plan / Disaster Recover Business Continuity & Resiliency Planning (BCRP) 6
F Risk + Disaster Assessment, Fire Alarm, etc. - Records Management Business ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
F Re-Training an Employee on the Use of Micrometers - Teaching Disaster Training - Internal, External, Online and Distance Learning 2
P Purchasing Mistakes - Seeking examples of mistakes that lead to disaster ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
J Document Control - System Feels Like A Disaster Document Control Systems, Procedures, Forms and Templates 15
C Compliance with ISO 17025 requirement 8.4.2 - Controls - Records recovery ISO 17025 related Discussions 4
I Clean room recovery program Other Medical Device and Orthopedic Related Topics 1
M ISO 14644 - Cleanrooms and associated controlled environments -Recovery Test Other ISO and International Standards and European Regulations 0
M Ford Q1 Revocation Recovery Process Customer and Company Specific Requirements 5
Marc Data Recovery from a Mac formatted LaCie 2 TB Drive After Work and Weekend Discussion Topics 5
Wes Bucey Job recovery? or "statistics don't lie, people do" Career and Occupation Discussions 37
K What is an ARA (American Recovery Act) document? Customer Requirement Quality Manager and Management Related Issues 4
somashekar The Plasma Thermal Destruction and Recovery (PTDR) Waste-to-Energy Technology Sustainability, Green Initiatives and Ecology 4
R Clean Room AHU (Air Handling Units) - Good Protocol - Recovery Study Qualification and Validation (including 21 CFR Part 11) 6
L Service for drilling fluids recovery systems Service Industry Specific Topics 1
M Where do you address Stock Recovery? In your corrections and removal procedure? ISO 13485:2016 - Medical Device Quality Management Systems 11
Marc Ford bondholders zero in on cash, not recovery values World News 0
Howard Atkins Defining Recovery - Management of production tooling - TS 16949 Clause 7.5.1.5 IATF 16949 - Automotive Quality Systems Standard 7
H Expanding our business and the implications to our QMS Manufacturing and Related Processes 2
Richard Regalado Top 10 operational risks of 2019 for business continuity planning Business Continuity & Resiliency Planning (BCRP) 6
M ISO 9001:2015 8.2.1 Contingency Plan required for small Business? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
Nicole Desouza ISO / AS Certification - Small business with less than 100 employees ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R Supplier evaluation and business needs in the context of ISO 13485 ISO 13485:2016 - Medical Device Quality Management Systems 2
M Informational Australia – TGA business plan 2019-20 Medical Device and FDA Regulations and Standards News 0
M SOP Sample for BC/ISO22301 (Business Continuity) wanted Business Continuity & Resiliency Planning (BCRP) 4
M BCM (Business Continuity) and BPM in a company with an IT System Business Continuity & Resiliency Planning (BCRP) 0

Similar threads

Top Bottom