Similarities and differences between ISO 27001 and BS 25999-2
At first glance, information security and business continuity don’t have much in common – some would add that the only similarity is that they are both about IT. Information security management is best...
View ArticleCan business continuity strategy save your money?
You are thinking about implementing the business continuity management/BS 25999-2 standard? But then you hear it will cost you a lot? It probably will cost you, but not necessarily as much as you...
View ArticleHow to write business continuity plans?
If you started implementing business continuity management, probably the biggest challenge you are facing is writing the business continuity plans. Why is it so difficult? Well, you have to think of...
View ArticleHow to deal with BCM sceptics?
Have you ever heard something like “It can’t be done”, “It has no use”, or “It’s useless if a major disaster occurs”? If you implemented business continuity management, you probably did. Naturally,...
View ArticleDisaster recovery vs Business continuity
Has it ever happened to you that your management has given you the responsibility to implement business continuity just because you are in the IT department? Why is business continuity usually...
View ArticleDoes ISO 27001 mean that information is 100% secure?
You have probably heard that important web services like Reddit, HootSuite, Quora, Foursquare etc. have recently suffered a quite lengthy outage – what you also probably know is that this outage was...
View ArticleIs it possible to calculate the Return on Security Investment (ROSI)?
If you are an information security or business continuity professional, then you’re probably aware of the most difficult part of your job: to convince your management that investment in information...
View ArticleActivation procedures for business continuity plan
Having a business continuity plan is nice, but if you don’t know when and how to start using it, the money you’ve invested in it was spent in vain. Even worse, you’ll likely lose quite a lot of money...
View ArticleHow long does it take to implement ISO 27001 / BS 25999?
This is probably the second most common question I hear about ISO 27001 and BS 25999 (the first one is How much does it cost?). Well, the answer is not really encouraging – most of the people I speak...
View ArticleWhat is the difference between Recovery Time Objective (RTO) and Recovery...
They are both essential elements of business continuity, and they sound quite similar. But their purpose is quite different. What is RTO? So, what does RTO mean? BS 25999-2, a leading business...
View ArticleBusiness continuity plan: How to structure it according to ISO 22301
In my experience, companies usually find two things in their business continuity or information security management to be the most difficult: risk assessment, and business continuity planning. Here...
View ArticleDisaster recovery site – What is the ideal distance from primary site?
The alternative site for your data center must be 50 miles away from the primary site. No, make that 100 miles… or is it 200 miles? Or perhaps kilometers? Well, none of this is correct – the truth is,...
View ArticleThe purpose of Business continuity policy according to ISO 22301
Why would you need a Policy once you have Business impact analysis, Business continuity strategy and Business continuity plan? This is probably a question many experienced business continuity/disaster...
View ArticleISO 22301 benefits: How to get your management’s approval for a business...
If you think your management loves to listen to you talk about your great idea for a disaster recovery site, or a perfect tool you’ve discovered for handling business continuity plans, you’re wrong –...
View ArticleNew book – Becoming Resilient: The Definitive Guide to ISO 22301 Implementation
As you may have heard, on December 19 I’ll publish my new book Becoming Resilient: The Definitive Guide to ISO 22301 Implementation. So, if you are a business continuity practitioner looking for some...
View ArticleSetting the business continuity objectives in ISO 22301
Business continuity objectives are, along with the business impact analysis, probably one of the most difficult elements of ISO 22301 implementation. Most of the business continuity implementers have...
View ArticleThe most popular ISO 27001 & ISO 22301 blog posts
This is my 100th blog post! When I started this blog four years ago, I never dreamed I would have that many things to write about… And yet, the more I write, the more ideas I have – right now, I have...
View ArticleCybersecurity Executive Order confirms how crucial information security is...
For a long time a debate has been going on regarding whether information security/cybersecurity has something to do with critical infrastructure, and if yes, how important cybersecurity is for critical...
View ArticleCan ISO 27001 risk assessment be used for ISO 22301?
A few days ago I received the following question from one of our clients: “What is the difference between ISMS Risk Assessment and BCM Risk Assessment?” And, although the answer to this question might...
View Article5 criteria for choosing an ISO 22301 / ISO 27001 consultant
If you’re implementing ISO 27001 or ISO 22301 for the first time, you’re probably considering hiring a consultant to help you. But, which consultant should you hire, what are the potential problems,...
View Article
