Documente Academic
Documente Profesional
Documente Cultură
• International Standards, UAE Regulations (NCEMA, ADSIC, NESA, ISR, GDPR). Dubai Data Law
• PDCA Cycle
• Organisational Considerations
• Q&A
Standards, Regulations
• UAE Regulations
• Risk Management
• ISO 31000
• Scope of ISMS/BCMS
• Scope Document (Common)
• Exclusions
• Scope Statement Finish
•
•
ISR/NESA-Scope Requirements
Cl 4 of 27001/22301
With
Organisational Considerations
BCMS/ISMS-Objectives-Next Step
• Measurable-Measured
• Monitorable-Monitored
• Balance Score Card
• COBIT
BCMS Common Factors - Framework
Value
Risk Assessment (Critical Assets) Vulnerability
Threat
Business Impact Analysis
Establishment of DR site
Testing DRP/BCP
ISMS Common Factors - Framework
Threat Processes.
Procedures
BC & IS
PLAN
PLAN
Lloyd's Register 11
Joint Project Management - Plan
BC & IS
PLAN
PLAN
Lloyd's Register 12
Joint Project Management - Do
BC & IS
DO
DO
Lloyd's Register 13
Joint Project Management - Check
BC & IS
Check
BC (Availability) IS (CIA) Activity
Internal Audit, Management Review, BC Internal Audit, Management Review, Internal Audit, Management Review,
Tests/DR Tests BC BC Tests/DR Tests (Common)
Check
Lloyd's Register 14
Joint Project Management - Act
BC & IS
ACT
ACT
Lloyd's Register 15
Aim-Perform BIA/
Aim to collect all
Risk Assessment Aim-Implement
relevant data
on the identified BCP/Risk Aim
pertaining to the
critical/Informatio Mitigation - To Test the
Aim-Provide initial scope Aim-Continual
n assets and Controls based BCP/DRP
planning and - develop BIA/Risk Improvement of
develop BCP/Risk on the -To audit the ISMS
preparation for the Assessment BCMS/ISMS
Treatment Plan. BCP/control Prepare for ISO
assignment. methodology
Develop implementation 27001/22301
- perform asset
mandatory road map Certification
enumeration/valuat
policies and
ion
controls
1.Vulnerability
Assessment-C
1.Scope and 2.Threat
1.BIA/Risk
Service Assessment-C 1.Implement
Assessment
Acceptance 3.Risk controls
Methodology
Document C Assessment identified
2.Information Asset
2.ISMS/BCMS Report (IS) 2.People 1.BC/DR Test
Valuation/Critical Certification
Scope definition 4.BIA (RTO/RPO) (Training/Duties) Results
Asset Valuation- against ISO
3.BC/IS Policy 5.BCP/DRP C 2.ISO 27001 Audit
C,I,A-C 22301/ISO 27001
Statement C 6.Risk Mitigation & 3.Implementing Reports
3.Critical/
4.BCM/Information Treatment Plan C products C?
information assets
Security Steering 7.Statement of 4.Implementing
register-C
Committee Charter Applicability (ISO Processes
C 27001)
8.BCP/DR Policies
and Procedures C
Lloyd's Register 16
Where this WILL work?
Oil Industry
What Do Auditors Look for?
✓ Scope of Certification/BCMS
✓ BCMS Objectives
✓ RA and BIA
✓ BCP Strategy/BCP
✓ PDCA Cycle
✓ Documentation Requirements
✓ BC Testing Evidences
Our range of online and face-to-face assessment services is suitable for organisations of all sizes and locations, and can help you
make the most of the standards.
Certifications Training
Integrated
management
Gap Analysis
system
assessment
Surveillance
Lloyd's Register 19
Certification journey
Lloyd's Register 20
W: LRQAMEA.COM
T: +971 (4) 701 4150
E: LRQA-MEA@LR.org
Thank You
Lloyd's Register 21
Continuity and Resilience (CORE)
ISO 22301 BCM Consulting Firm
Presentations by speakers at the
8th ME Business & IT Resilience Summit
March 10, 2019 at The Address Hotel, Duabi Mall, Dubai, UAE
Lloyd's Register 22