Business Continuity (ISO 22301 Certification)
Business continuity is the ability of an organisation to maintain essential functions during, as well as after, a disaster has occurred and protect the business interests of the organisation. At CS Risk Management we provide a consultancy service to implement an ISO22301 certified Business Continuity Management System (BCMS). We guide the client through the process of achieving certification and undertake activities that could be considered “heavy lifting” to establish the management system on the client’s behalf.
Secure Your Digital Future with Business Continuity
Cybersecurity has long been a concern for business continuity planning initiatives. And as the rate of cyber attacks increases, so does the need for a business continuity plan to cover cyber crime.
Over the last few years, cyber attacks and data breaches have grown in significance as threats faced by businesses across the spectrum. In 2016, cyber attacks were ranked as the No.1 threat by participants in the Business Continuity Institute Horizon Scan, with data breaches a close second. This represents how rapidly cybersecurity has become a key concern for business continuity professionals around the world.
The rise of cyber crime has meant that businesses of all kinds must include cybersecurity concerns in their business continuity plans alongside more traditional threats. However, because a cyberattack or data breach can have such wide-reaching effects throughout an entire organisation, planning requires a special degree of attention and expertise. And this is where CS Risk Management come in.
With nearly 20 years experience of helping businesses of all sizes to create, implement and manage business continuity plans, CS Risk Management are ideally placed to help your firm deal with cyber incidents with minimal disruption to your business activities. Find out more about the importance of business continuity and our approach to implementing a plan for your business or contact us here.
How Business Continuity Can Benefit Your Company
Having a Business Continuity Plan in place enables you to deal with incidents in a documented, methodical and rehearsed manner. This ensures that the amount of time lost by dealing with an incident is kept to a minimum. With less time being used to deal with an incident, you can focus on your every day business activities. Having a Business Continuity Plan is also a requirement if you are working towards an ISO27001 Certification.
Our Approach To Business Continuity
Our cyber security consultant will work with you to complete a business impact assessment. This will define the business-critical activities along with which systems and people support them. The assessment will also define the Maximum Tolerable Period of Disruption (MTPoD) these activities will withstand. We aim to understand the customer’s requirements and objectives, we then identify the scope of the business which is to be covered by ISO22301. After this initial phase we perform a gap analysis of the business against the ISO22301 requirements.
From this initial stage we can define a Recovery Time Objective (RTO). We would use this to formulate a Business Continuity Plan which would include an incident response and activity recovery. Once the Business Continuity Plan has been formulated the next step is to exercise the plan. This can initially be done via a table top walk through and followed on from this via scenario based exercises. Lastly, our cyber security consultant can provide training so that the roles involved in actioning the plan are clearly defined and understood.
Once a client is certified, we offer a range of supporting consultancy services to help the client to maintain compliance, including:
- Internal audits
- Risk reviews
- Business continuity consultancy
- Management Review support
Our Previous Experience of Business Continuity
Our Cyber Security Consultant is certified by the Business Continuity Institute. Furthermore, they will also have knowledge of conducting Business Impact Assessments and developing Business Continuity Plans. Experience in these services span across multiple industry sectors. These include Logistics, Telecommunications, IT and Pharmaceutical having worked to the redundant BS25999 standard and to the replacement ISO22301 standard.
It’s good practice for organisations to have a documented disaster recovery plan in place aligned with a business continuity plan. Find out more.
Data Breach Reporting
Legislation is always changing and increasing. Therefore, having notification and management strategies in place will help to manage any situation that arises. Find out more.