organization

Business Continuity Management in ISO 27002:2022

By |2022-03-07T15:52:25+01:00 7 March, 2022|News, Norms & Standards|

In February 2022, ISO 27002 "Information security, cybersecurity and privacy protection - Information security controls" was updated and replaces its predecessor from 2013 with the 2022 version. ISO 27002 is the guidance for implementing the requirements from ISO 27001 and consequently is not itself a certification standard. Certification continues to be based on the ISO 27001 standard. The title of the standard has been changed (formerly: "Information technology - Security techniques - Code of practice for information security controls"), the structure of the controls has been changed, for example by assigning attributes to the individual controls and controls have been merged, the descriptions updated and controls deleted. These changes will be included in the ISO 27001 update and will be mandatory for future ISO 27001 certifications. The following controls were added: Threat intelligence Information security for use of cloud services ICT readiness for business continuity Physical security monitoring [...]

Leading – differences between bcm and administrative crisis management

By |2021-09-29T11:18:07+02:00 29 September, 2021|Interest|

Business continuity management can also mean "emergency and crisis management". We also find this term in the administrative sector, as in the work of civil protection. But is leadership in the event of crises really the same? This short article is intended to highlight individual differences and similarities between these two emergency and crisis management approaches so that a distinction can be made and differentiation simplified. Causes of crises The causes of crises or disasters in the field of civil protection are almost exclusively external. This means, for example, natural disasters, terrorist attacks or a technical/human failure, which leads to high risks. In the case of companies, there are two additional causes: inadequate attention to operational fluctuations up to the point of escalation and the occurrence of latent problems, which lead to high reputational damage. The crisis is therefore not only brought in from the outside, but may [...]

Comments Off on Leading – differences between bcm and administrative crisis management

The crises team

By |2021-09-27T10:52:18+02:00 27 September, 2021|crisis management, Interest|

A crisis team is a group of people with decision-making authority who plan and implement the management of a crisis. Other names are a staff for extraordinary events or a task force. No matter what such a group is called, it must have decision-making capability and be responsible for managing the crisis. Fire Service Regulation 100 on Leadership and Command in Emergency Operations (German: Feuerwehr-Dienstvorschrift 100, FwDV 100 or DV 100) describes the crisis management team as it is used in emergency response (fire department, rescue service, disaster control/civil protection). Here, it is referred to as incident command staff. For more information on the distinction between the crisis management team and the command staff, you can read our blog article on the topic of "Leading - differences between BCM and official crisis management". The FwDV 100 was created after the Lüneburg Heath fire, as leadership faced great challenges [...]

Organizational resilience

By |2021-08-31T08:23:13+02:00 31 August, 2021|Norms & Standards, Safety|

The standards for organizational resilience In March 2017, the new ISO standard ISO 22316:2017 was published with the long title "Security and resilience - Organizational resilience - Principles and attributes". The standard was developed by the Technical Committee ISO/TC 292 Security and resilience, which is also responsible for the ISO standards around ISO 22301 Business Continuity Management. In addition to this ISO standard, BS 65000:2014 "Guidance on organizational resilience" has been available from British Standards (BSI) since 2014. We can therefore currently build on two standards on the subject of resilience. What is it about a topic that is apparently so important that two standards are dedicated to it? If you enter the search term "resilience" for german books in Amazon, you will already receive over 1,000 suggestions for filling your electronic shopping cart. If you approach the topic of "resilience" in a foreign language, you already [...]

Comments Off on Organizational resilience

Case study companies with and without BCM

By |2021-08-30T08:08:32+02:00 30 August, 2021|Interest|

Why actually think and take precautions for robust corporate governance and supposedly expensive business continuity management? Paper is patient - and the ISO 22301 standard lies warm and dry in the cupboard. We take you through a case study to show you the process of an emergency using two differently positioned companies. Our case study takes you to two medium-sized companies operating in the same industry: House of cards-Money Tomb GmbH and robusta-Willow Tree KG. As "hidden champions," the companies produce the highest quality products and services in a niche area. Both companies have an extensive product portfolio, production at several locations, a business field of medical services and a large web presence with B2B and B2C contact. Key customers of the company come from the aviation industry, the automotive industry and other diverse sectors. Our protagonist is Bert van Jenssen, IT manager in the companies. The system [...]

Comments Off on Case study companies with and without BCM

How COVID-19 is changing the future of cyber resilience through remote working

By |2021-08-23T15:43:38+02:00 23 August, 2021|Interest|

One of the clear impacts of the COVID-19 pandemic is that it has forced many organizations to resort to remote work; and this could have an irreversible impact on future work practices - and cyber resilience. The COVID-19 crisis will undoubtedly have a lasting impact on the way most organizations operate, as work life and operational structures are forced to change dramatically. One of the most obvious changes brought about by the COVID-19 pandemic is the increase in remote work. This development, brought about by the need to reduce physical contact and the spread of infection between people, is likely to remain a feature of modern life even after the worst of the pandemic is over. A key reason for this changing dynamic is that COVID-19 has shown many companies the benefits of virtual online communications. In particular, many companies have seen how effective remote work can be, [...]

Business continuity management as the key to cyber security

By |2021-08-19T08:37:59+02:00 19 August, 2021|Interest|

Resilience to cyberattacks requires much more than protective, defensive security tools and training. Resilience is also about the ability to recover quickly. Therefore, it must always include business continuity management activities. It's time to redefine the role of chief information security officers (CISOs) and budget accordingly. Although prevention is key to limiting cyberattacks, the question is whether it alone is enough. Cyberattacks are constantly increasing in number and severity. A chief information security officer is responsible for prevention, but we believe a CISO should also feel responsible for business continuity and crisis communication: The ability to respond so the business can return to business as usual as quickly as possible is a much more realistic goal than preventing attacks entirely. The goal: Detect, respond, recover and improve. But how can an organization respond to an attack while still planning for its future? By not separating preventive measures and [...]

Comments Off on Business continuity management as the key to cyber security

Crisis management as strategic competence in companies

By |2021-08-18T09:40:39+02:00 16 August, 2021|Interest, Norms & Standards|

The new technical specification DIN CEN/TS 17091:2019 "Crisis management - Guidance for developing a strategic capability" calls for a strategic approach to crisis management. " Development of a strategic capability" is a measure designed to help organizations build this important capability. In this article, we highlight four areas where the new technical specification promotes best practices and provides more detailed guidance.   Crisis management as a strategic competence It's not a question of if, but only a question of when things will go wrong. And once they do, an effective response will help keep the company on track. A study published by Aon and Pentland Analytics (Reputation Risk in the Cyber Age - The Impact on Shareholder Value, August 2018) shows that companies which respond effectively to a crisis will outperform those that do not in terms of shareholder value. Companies that view crisis management as a strategic [...]

Comments Off on Crisis management as strategic competence in companies
Go to Top