Posts Tagged ‘ISO 27001’

Compliance Management

Saturday, March 6th, 2010

Compliance is an outcome of an organization meeting its obligations. Policies and procedures to achieve compliance must be integrated into all aspects of how the organization operates. Compliance should not be seen as a standalone activity, but should be aligned with the organization’s overall strategic objectives. An effective compliance program will support these objectives.

While maintaining independence, compliance should be integrated with the organization’s financial, risk, quality, environmental and health and safety management systems and its operational requirements and procedures.

Compliance programs should be shaped by an organization’s core values and generally accepted corporate governance, ethical and community standards.

An effective organization-wide compliance program results in being able to demonstrate its commitment to compliance with relevant laws, including legislative requirements, industry codes, organizational standards as well as standards of good corporate governance, ethics and community expectations.

Based on AS3806 (Compliance Processes), AS4360 (Risk) and ISO9001 (Quality), OpsCentre provides a number of compliance management services, including:

• Health checks and reviews of existing compliance systems
• Facilitation of development of compliance programs
• Identification of an organization’s compliance obligations: legal, regulatory and organizational.
• Assisting with documentation of necessary compliance processes and procedures
• Facilitation of development of compliance programs
• Compliance training and awareness programs
• Facilitation of executive compliance management

Tags: , , , , , , , , ,
Posted in Business Continuity, Risk Evaluation | No Comments »

Making Sense of Business Continuity Frameworks, Standards & Guidelines

Monday, January 18th, 2010

There are about 50 or more Standards, Codes of Practice and Practice Guidelines for business continuity, risk management and IT disaster recovery around the world. Some are internationally applicable and some are country-specific.  

Below is some information about the various frameworks and standards that may relate to Australian organisations. This is not the complete list of all standards, rather a sampling of the most commonly referred to in Australia.

APRA (Australian Prudential Regulation Authority)
The overall objective of the APRA standard on Business Continuity Management (Prudential Standard APS232) is to ensure that all authorised deposit taking institutions, general insurers and life insurance companies implement a whole of business approach to business continuity.

Australian National Audit Office – Business Continuity Management 
In June 2009 ANAO released an updated version of their guide, titled Business Continuity Management. This guide is focused on building resilience in public sector entities.  It is freely available to download at the ANAO website

Australian Standards Handbooks
AS HB 292, A practitioners guide to business continuity management provides an overview of the best practice Business Continuity Management (BCM) used in Australia, USA and the UK. It can help in implementing and analysing your continuity plans. It also covers what is BCM, establishing and managing a BCM program, assessing risks and developing scenarios, developing BCM strategies, assessing and collating resources, writing the plan, activation and deployment. It also includes useful checklists, templates and tables for use. This is a non-auditable standard.

 AS HB 293, Executive guide to business continuity management, provides senior management with an overview of key concepts and processes to implement and maintain an integrated, robust BCM program. It provides navigation to the comprehensive information in HB 292. This is a non-auditable standard.

British Standards: BS25999  Code of Practice for Business Continuity Management
BS 25999 is a voluntary standard suitable for any organisation, large or small, from any sector. This is an auditable standard.

Part 1, the Code of Practice provides BCM best practice recommendations.
Part 2, the Specification provides the requirements for a Business Continuity Management System (BCMS) based on BCM best practice.

ISO/IEC 27001 Information Security
ISO/IEC 27001 is the only auditable international standard which defines the requirements for an Information Security Management System (ISMS). The requirement for business continuity planning is an aspect of this system. State Government departments in Australia are required to have certification to this standard.

Business Continuity Institute Good Practice Guidelines: BCI GPG (2007)
Guide to Implementing Global Good Practice in BCM compiled by the peak industry body. This is a best practice guide intended for organisations of all sizes. It is developed and updated in the context of the internationally auditable standards as they develop ie. BS 25999.

The list can go on. There is Sarbanes Oxley (SOX), COBIT, ITIL and many more. They all vary but typically have some fundamental aspects the same. Whatever your Standard, we can help you to develop and maintain business continuity that will comply.

If you’re starting from scratch and don’t know if or which standard or guideline to follow, talk to us. OpsCentre can help to simplify it.

Tags: , , , , , , , , , , , , ,
Posted in Business Continuity Standards | 1 Comment »