Norms & Standards

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

The growing importance of Business Continuity Management in the context of a TISAX certification

By |2021-12-06T09:36:34+01:00 6 December, 2021|crisis management, Norms & Standards, preparation, Safety, Uncategorized|

TISAX requires business continuity management through the requirements for exceptional situations, where the focus there is on information security related scenarios. This includes the requirement for a functioning crisis team as well as regular emergency exercises. Fulfilling this requirement through a structured, consistent BCMS gives the greatest assurance that the required business continuity and crisis management measures are in place and effective. 

Integration of ISO standards and business continuity management under the umbrella of KTQ

By |2021-09-27T10:49:45+02:00 24 September, 2021|Norms & Standards|

The "Cooperation for Transparency and Quality in Healthcare", (german: Kooperation für Transparenz und Qualität im Gesundheitswesen, KTQ), offers a voluntary certification system, according to which hospitals and other companies in the healthcare sector can be certified. Here, certification according to KTQ offers multiple advantages, as it is specifically tailored to hospitals. The standard is based on a PDCA approach with the patient at its center. This is also where the great strengths of certification according to KTQ lie: employees and patients are at the center and are core areas of KTQ. Both documentation and practice audits are conducted by medical, nursing and economic assessors. This strength also acts as a serious disadvantage for partial aspects of certification, because technical aspects remain in the background. For the inspection within the scope of the certification, about 1.5 hours are planned in the sample inspection plan for the following topics: Overview [...]

Comments Off on Integration of ISO standards and business continuity management under the umbrella of KTQ

Modern Hospital Alarm and Response Planning

By |2021-09-24T16:37:49+02:00 24 September, 2021|Interest, Norms & Standards|

Hospitals are specialized healthcare enterprises that operate either for profit or as a public legal entity. Crisis management in hospitals is also known as "hospital alert and response planning" (german: Krankenhaus Alarm- und Einsatzplanung KAEP), this has its roots in the need to increase treatment capacity. Examples of this are mass casualty incidents (MCI) or sick cases, where the hospital has to care for significantly more patients than in regular operation. Also described in the KAEP are measures to deal with functional failures, such as power outages. Hospital processes require personnel as well as resources embedded in an organization. Support from resources such as electricity, water, sewage, hygiene, IT, materials, medicines, etc. is required with the highest availability. Organizational, billing and documentation processes occur in parallel. The intersection between a hospital and a company from a business continuity management perspective is therefore very large. The Criticality Ordinance of [...]

Comments Off on Modern Hospital Alarm and Response Planning

Organizational resilience

By |2021-08-31T08:23:13+02:00 31 August, 2021|Norms & Standards, Safety|

The standards for organizational resilience In March 2017, the new ISO standard ISO 22316:2017 was published with the long title "Security and resilience - Organizational resilience - Principles and attributes". The standard was developed by the Technical Committee ISO/TC 292 Security and resilience, which is also responsible for the ISO standards around ISO 22301 Business Continuity Management. In addition to this ISO standard, BS 65000:2014 "Guidance on organizational resilience" has been available from British Standards (BSI) since 2014. We can therefore currently build on two standards on the subject of resilience. What is it about a topic that is apparently so important that two standards are dedicated to it? If you enter the search term "resilience" for german books in Amazon, you will already receive over 1,000 suggestions for filling your electronic shopping cart. If you approach the topic of "resilience" in a foreign language, you already [...]

Comments Off on Organizational resilience

Resilience through compliance

By |2021-08-23T09:46:33+02:00 19 August, 2021|Interest, Norms & Standards|

Compliance is generally defined as the observance of requirements and laws resulting from various conditions. The term became established in the business world a long time ago. Entrepreneurs and business people have always had to comply with specifications in order to be able to sell their goods. Initially, these specifications were shaped by the behavior of the general public and the businessmen themselves. Compliance in today's sense is to be found above all after the establishment of trading companies, in which defaults had to be kept, in order to avoid consequences up to the insolvency. On the one hand, compliance serves as protection against damage to a company's reputation, but on the other hand, it protects against a loss of trust by the customer. For example, a scandal can change the view of a company and reduce trust with economic impairment and damage as a consequence. This creates [...]

Crisis management as strategic competence in companies

By |2021-08-18T09:40:39+02:00 16 August, 2021|Interest, Norms & Standards|

The new technical specification DIN CEN/TS 17091:2019 "Crisis management - Guidance for developing a strategic capability" calls for a strategic approach to crisis management. " Development of a strategic capability" is a measure designed to help organizations build this important capability. In this article, we highlight four areas where the new technical specification promotes best practices and provides more detailed guidance.   Crisis management as a strategic competence It's not a question of if, but only a question of when things will go wrong. And once they do, an effective response will help keep the company on track. A study published by Aon and Pentland Analytics (Reputation Risk in the Cyber Age - The Impact on Shareholder Value, August 2018) shows that companies which respond effectively to a crisis will outperform those that do not in terms of shareholder value. Companies that view crisis management as a strategic [...]

Comments Off on Crisis management as strategic competence in companies
Go to Top