BS 11000-2:2011

abgelöst durch ISO 44001:2017 Collaborative business relationship management systems — Requirements and framework

Titel:

Collaborative business relationships. Guide to implementing BS 11000-1

Herausgeber:

British Standards

Veröffentlichung:

2011

Beschreibung:

BS 11000-2 helps you to establish and improve collaborative relationships. It does this by giving guidance for the effective implementation of BS 11000-1, which sets out a framework for collaborative business relationships.

This guide has been developed using pan-industry best practice, including the experience of early adopters of BS 11000-1. It provides practical advice on implementing each element of BS 11000-1.

BS 11000-1 and BS 11000-2 should be used together.

Zertifizierung:

keine Zertifizierung

Bezug:

BSI

BS 11000-1:2010

abgelöst durch ISO 44001:2017 Collaborative business relationship management systems — Requirements and framework

Titel:

Collaborative business relationships. A framework specification

Herausgeber:

British Standards

Veröffentlichung:

2010

Beschreibung:

Standard fĂĽr die Zusammenarbeit zwischen Unternehmen. Aspekte des BCM und Supply Chain Continuity Management werden berĂĽcksichtigt.

BS 11000-1 is a new British Standard that provides a framework specification for creating collaborative business relationships. Working in partnership with other organisations allows you to share knowledge, skills and resources effectively – helping all involved to meet mutual goals. Collaborative relationships also lead to better cost and risk management, as well as levels of innovation not normally achieved in a typical client-supplier relationship. BS 11000-1 builds beneficial partnerships that enhance competiveness and performance.

How does BS 11000-1 work?

BS 11000-1 can set your organisation apart through better business relationships. The new national standard outlines a framework for building and maintaining partnerships, paving the way for streamlined working. BS 11000-1 gives guidelines on increasing joint efficiency, transparency and understanding around governance processes. It also includes advice on assessing and monitoring these partnerships through a relationship management plan. And compliance with BS 11000-1 is straightforward thanks to the practical nature of the guidelines.

Who should buy BS 11000-1?

Organisations working within a supply chain

Organisations managing a supply chain

Those who want to improve efficiency and partnership working.

Contents of BS 11000-1 include:

  • Scope
  • Terms and definitions
  • Awareness
  • Knowledge
  • Internal assessment
  • Partner selection
  • Working together
  • Value creation
  • Staying together
  • Exit strategy
  • Assessment checklist
  • Relationship management plan
  • Competencies and behaviours
  • Relationship maturity matrix
  • Bibliography

Zertifizierung:

keine Zertifizierung

Bezug:

BSI

ISO/PAS 22399:2007

Titel:

Societal security – Guidelines for incident preparedness and operational continuity management

Herausgeber:

ISO (TC 223)

Veröffentlichung:

Dezember 2007 – zurĂĽckgezogen am 25.11.2013 (withdrawn stage 95.99)

Beschreibung:

Guidance fĂĽr Incident Management

1 Scope ………………………………………………………………………………………………………………………………….. 1

2 Normative references …………………………………………………………………………………………………………… 2

3 Terms and definitions…………………………………………………………………………………………………………… 2

4 General………………………………………………………………………………………………………………………………… 8

5 Policy ………………………………………………………………………………………………………………………………….. 9

5.1 Establishing the program …………………………………………………………………………………………………….. 9

5.2 Defining program scope ………………………………………………………………………………………………………. 9

5.3 Management leadershipand commitment …………………………………………………………………………… 10

5.4 Policy development ……………………………………………………………………………………………………………. 10

5.5 Policy review ……………………………………………………………………………………………………………………… 10

5.6 Organizational structure for implementation……………………………………………………………………….. 11

6 Planning …………………………………………………………………………………………………………………………….. 11

6.1 General………………………………………………………………………………………………………………………………. 11

6.2 Legal and other requirements …………………………………………………………………………………………….. 11

6.3 Risk assessment and impact analysis …………………………………………………………………………………12

6.4 Hazard, risk, and threat identification………………………………………………………………………………….. 12

6.5 Risk assessment………………………………………………………………………………………………………………… 12

6.6 Impact analysis ………………………………………………………………………………………………………………….. 12

6.7 Incident preparedness and operational continuity management programs ………………………….. 13

7 Implementation and operation ……………………………………………………………………………………………. 17

7.1 Resources, roles, responsibility and authority ……………………………………………………………………. 17

7.2 Building and embedding IPOCM in the organization’s culture ……………………………………………… 17

7.3 Competence, training and awareness ………………………………………………………………………………….18

7.4 Communications and warning ……………………………………………………………………………………………. 18

7.5 Operational control…………………………………………………………………………………………………………….. 19

7.6 Finance and administration………………………………………………………………………………………………… 20

8 Performance assessment …………………………………………………………………………………………………… 20

8.1 System evaluation ……………………………………………………………………………………………………………… 20

8.2 Performance measurement and monitoring ………………………………………………………………………… 20

8.3 Testing and exercises ………………………………………………………………………………………………………… 21

8.4 Corrective and preventive action ………………………………………………………………………………………… 21

8.5 Maintenance ………………………………………………………………………………………………………………………. 22

8.6 Internal audits and self assessment ……………………………………………………………………………………. 22

9 Management review……………………………………………………………………………………………………………. 23

Annex A(informative) Impact analysis procedure……………………………………………………………………………. 24

Annex B(informative) Emergency response management program…………………………………………………. 26

Annex C(informative) Continuity management program …………………………………………………………………. 28

Annex D(informative) Building an incident preparedness and operational continuity culture…………… 30

Zertifizierung:

keine Zertifizierung des BCM nach ISO 22399 möglich

Bezug:

ISO

Annex SL

Beschreibung:

Annex SL (frĂĽher ISO Guide 83) der Joint Technical Coordinating Group (JTCG) definiert die Struktur von ISO-Standards. Die Standard-Struktur besteht aus zehn Abschnitten.

ISO 22301:2012 ist der erste ISO-Standrad in dieser neuen Struktur.

Clause 1 – Scope

Clause 2 – Normative references

Clause 3 – Terms and definitions

Clause 4 – Context of the organization

Clause 5 – Leadership

Clause 6 – Planning

Clause 7 – Support

Clause 8 – Operation

Clause 9 – Performance evaluation

Clause 10 – Improvement

Verweise:

ISO: new format

NFPA 1600

Titel:

Standard on Disaster / Emergency Management and Business Continuity Programs

Herausgeber:

National Fire Protection Association NFPA (USA)

Veröffentlichung:

2013

Beschreibung:

The National Commission on Terrorist Attacks Upon the United States (the 9/11 Commission), recognized NFPA 1600 as our National Preparedness Standard. Widely used by public, not-for-profit, nongovernmental, and private entities on a local, regional, national, international and global basis, NFPA 1600 has been adopted by the U.S. Department of Homeland Security as a voluntary consensus standard for emergency preparedness.

Zertifizierung:

Zertifizierung möglich

Bezug:

NFPA

ISO/IEC 27031:2011

Titel:

Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity

Herausgeber:

ISO (JTC 1/SC 27)

Veröffentlichung:

2011

Beschreibung:

Der Standard beschreibt den ITSCM-Lifecycle aufbauen auf dem BCM-Lifecycle

Abstract (JTC 1/SC 27):

ISO/IEC 27031:2011 describes the concepts and principles of information and comunication technology (ICT) readiness for business continuity, and provides a framework of methods and processes to identify and specify all aspects (such as performance criteria, design, and implementation) for improving an organization’s ICT readiness to ensure business continuity. It applies to any organization (private, governmental, and non-governmental, irrespective of size) developing its ICT readiness for business continuity program (IRBC), and requiring its ICT services/infrastructures to be ready to support business operations in the event of emerging events and incidents, and related disruptions, that could affect continuity (including security) of critical business functions. It also enables an organization to measure performance parameters that correlate to its IRBC in a consistent and recognized manner.

The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management and ICT readiness planning and services.

Zertifizierung:

keine Zertifizierung

Bezug:

ISO

BS 25999-2

Titel:

Business continuity management – Specification

Herausgeber:

British Standards

Veröffentlichung:

November 2007

Beschreibung:

Zertifizierungs-Standard fĂĽr BCM – abgelöst durch ISO 22301:2012

Zertifizierung:

keine Zertifizierung mehr – abgelöst durch ISO 22301

Bezug:

BSI

BS 25999-1

Titel:

Business continuity management – code of practice

Herausgeber:

British Standards

Veröffentlichung:

November 2006

Beschreibung:

Guidance fĂĽr den BCM-Standard BS 25999-1 – abgelöst durch ISO 22313:2012

Zertifizierung:

keine Zertifizierung

Bezug:

BSI

BSI 100-4 Notfallmanagement

Titel:

Notfallmanagement

Herausgeber:

Bundesamt fĂĽr Sicherheit in der Informatiosntechnik BSI

Veröffentlichung:

2008

Beschreibung:

Mit dem BSI-Standard 100-4 wird ein systematischer Weg aufgezeigt, ein Notfallmanagement in einer Behörde oder einem Unternehmen aufzubauen, um die Kontinuität des Geschäftsbetriebs sicherzustellen. Aufgaben eines Notfallmanagements sind daher, die Ausfallsicherheit zu erhöhen und die Institution auf Notfälle und Krisen adäquat vorzubereiten, damit die wichtigsten Geschäftsprozesse bei Ausfall schnell wieder aufgenommen werden können. Es gilt, Schäden durch Notfälle oder Krisen zu minimieren und die Existenz der Behörde oder des Unternehmens auch bei einem größeren Schadensereignis zu sichern.

Zertifizierung:

keine Zertifizierung

Bezug:

kostenfrei beim BSI

PAS 200:2011

Titel:

Crisis management. Guidance and good practice – Publicly Available Specification (PAS)

Herausgeber:

British Standards BSI

Veröffentlichung:

September 2011

Beschreibung:

PAS 200:2011 is a standard designed to help organizations take practical steps to improve their ability to deal with crises.

It does this by giving organizations an operational structure to detect and prepare for such crises and hence prevent or survive them.

Gliederung und Inhalt:

Foreword

Introduction

1 Scope

2 Terms and definitions

3 Understanding crises

3.1 What is a crisis?

3.2 The relationship between incidents and crises: structure and complexity

3.3 The general characteristics of crises

3.4 Understanding the potential origins of crises

3.5 “Sudden” and “smouldering” crises

3.6 How organizations can become vulnerable to crises

3.7 How crises incubate within organizations

3.8 Achieving higher levels of resilience

3.9 Possible barriers to success

4 Developing a crisis management capability

4.1 A framework

4.2 Capability

4.3 Setting the organization’s policy and direction

4.4 Identifying roles and responsibilities

4.5 Creating the structures and processes

4.6 Information management

4.7 Situational awareness

4.8 The common recognized information picture

4.9 Supporting the decision-makers

4.10 Dealing with dilemmas

4.11 Conclusions

5 Planning and preparing for crisis response and recovery

5.1 General

5.2 The crisis management plan

5.3 Key elements of the plan

5.4 Logistical factors

5.5 The activities of the crisis management team

5.6 Leadership

5.7 Decisions in crises – key features

5.8 Dealing with people

5.9 Transition to recovery

6 Communication in a crisis

6.1 General

6.2 Communications strategy

6.3 Formal and informal communications structures

6.4 Planning to communicate

6.5 Methods of communication

6.6 Barriers to effective communication

7 Evaluating crisis management capability

7.1 General

7.2 Training

7.3 Exercise design considerations

7.4 The “crisis-aware” organization

Annexes

Annex A (normative)

Bibliography

Zertifizierung:

keine Zertifizierung

Bezug:

British Standards BSI

BS 11200 Crisis Management

Titel:

Crisis Management

Herausgeber:

British Standards

Committee: SSM/1/-/12 BS 11200 Crisis Management

Veröffentlichung:

In der Kommentierungsphase bis 10. Januar 2014

BSI Draft Review

Beschreibung:

Standard fĂĽr das Krisenmanagement als Nachfolger des PAS 200

Zertifizierung:

keine Zertifizierung

Bezug:

noch kein Bezug möglich

Inhalte:

Foreword

0 Introduction

1 Scope

2 Terms and definitions

3 Crisis management: core concepts, principles and developing a capability

4 Building a crisis management capability

5 Crisis leadership

6 Strategic crisis decision-making

7 Crisis communications

8 Training, exercising and learning from crises

Bibliography

Figures

Figure 1 – A framework for crisis management

Figure 2 – Strategic decision-making in a crisis

Figure 3 – Potential problems in crisis decision-making

Figure 4 – Crisis communication flow

Tables

Table 1 – Distinctions between incidents and crises

Table 2 – Key principles of crisis communications

ISO 22398:2013

Titel:

Societal security – Guidelines for exercises and tests

Herausgeber:

ISO (ISO/TC 292 Security and resilience)

Veröffentlichung:

13.09.2013

Beschreibung:

Guidance fĂĽr die DurchfĂĽhrung von Tests und Ăśbungen

Zertifizierung:

Zertifizierung des BCM nach ISO 22301 möglich, Nachfolger des BS 25999-2

Bezug:

ISO