ISO 22301

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

Integration of ISO standards and business continuity management under the umbrella of KTQ

By |2021-09-27T10:49:45+02:00 24 September, 2021|Norms & Standards|

The "Cooperation for Transparency and Quality in Healthcare", (german: Kooperation für Transparenz und Qualität im Gesundheitswesen, KTQ), offers a voluntary certification system, according to which hospitals and other companies in the healthcare sector can be certified. Here, certification according to KTQ offers multiple advantages, as it is specifically tailored to hospitals. The standard is based on a PDCA approach with the patient at its center. This is also where the great strengths of certification according to KTQ lie: employees and patients are at the center and are core areas of KTQ. Both documentation and practice audits are conducted by medical, nursing and economic assessors. This strength also acts as a serious disadvantage for partial aspects of certification, because technical aspects remain in the background. For the inspection within the scope of the certification, about 1.5 hours are planned in the sample inspection plan for the following topics: Overview [...]

Comments Off on Integration of ISO standards and business continuity management under the umbrella of KTQ

Modern Hospital Alarm and Response Planning

By |2021-09-24T16:37:49+02:00 24 September, 2021|Interest, Norms & Standards|

Hospitals are specialized healthcare enterprises that operate either for profit or as a public legal entity. Crisis management in hospitals is also known as "hospital alert and response planning" (german: Krankenhaus Alarm- und Einsatzplanung KAEP), this has its roots in the need to increase treatment capacity. Examples of this are mass casualty incidents (MCI) or sick cases, where the hospital has to care for significantly more patients than in regular operation. Also described in the KAEP are measures to deal with functional failures, such as power outages. Hospital processes require personnel as well as resources embedded in an organization. Support from resources such as electricity, water, sewage, hygiene, IT, materials, medicines, etc. is required with the highest availability. Organizational, billing and documentation processes occur in parallel. The intersection between a hospital and a company from a business continuity management perspective is therefore very large. The Criticality Ordinance of [...]

Comments Off on Modern Hospital Alarm and Response Planning

Organizational resilience

By |2021-08-31T08:23:13+02:00 31 August, 2021|Norms & Standards, Safety|

The standards for organizational resilience In March 2017, the new ISO standard ISO 22316:2017 was published with the long title "Security and resilience - Organizational resilience - Principles and attributes". The standard was developed by the Technical Committee ISO/TC 292 Security and resilience, which is also responsible for the ISO standards around ISO 22301 Business Continuity Management. In addition to this ISO standard, BS 65000:2014 "Guidance on organizational resilience" has been available from British Standards (BSI) since 2014. We can therefore currently build on two standards on the subject of resilience. What is it about a topic that is apparently so important that two standards are dedicated to it? If you enter the search term "resilience" for german books in Amazon, you will already receive over 1,000 suggestions for filling your electronic shopping cart. If you approach the topic of "resilience" in a foreign language, you already [...]

Comments Off on Organizational resilience

Business continuity management as the key to cyber security

By |2021-08-19T08:37:59+02:00 19 August, 2021|Interest|

Resilience to cyberattacks requires much more than protective, defensive security tools and training. Resilience is also about the ability to recover quickly. Therefore, it must always include business continuity management activities. It's time to redefine the role of chief information security officers (CISOs) and budget accordingly. Although prevention is key to limiting cyberattacks, the question is whether it alone is enough. Cyberattacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, but we believe a CISO should also feel responsible for business continuity and crisis communication: The ability to respond so the business can return to business as usual as quickly as possible is a much more realistic goal than preventing attacks entirely. The goal: Detect, respond, recover and improve. But how can an organization respond to an attack while still planning for its future? By not separating preventive measures and [...]

Comments Off on Business continuity management as the key to cyber security
Go to Top