FOR RELEASE ON DECEMBER 19, 2013:
iso27001standard.com – A new book called Becoming Resilient: The Definitive Guide to ISO 22301 Implementation was published and it describes the process of implementing business continuity according to ISO 22301, an international standard for business continuity management. Its author, Dejan Kosutic, wanted to provide an easy-to-read, practical handbook for business continuity implementation that will be helpful not just for the beginners in this area, but also for experienced business continuity professionals.
ISO 22301 is a relatively new standard; however, it has already become a leading international standard for business continuity management. The biggest problem with its implementation is that it is rather complex and there are not many people with enough experience to handle such projects. So Kosutic’s main idea was to create a step-by-step handbook that can be used by people who are in charge of implementation of this standard.
“In this book I wanted to cover all the in-depth details of such complex implementation, but on the other hand I wanted to avoid using specialized language that no one understands,” says Kosutic. He added, “This book gives a complete methodology for ISO 22301 implementation, seen from a consultant perspective: I tried to pass along my own knowledge collected throughout my consulting career.”
The book is written primarily for beginners in business continuity – the people who are just entering this area, and have very little knowledge about it. All the steps, from the very beginning all the way to the ISO 22301 certification are explained, including many practical examples. However, the book might also be interesting for business continuity professionals – e.g., for ISO 22301 consultants – especially the part where implementation options are explained. Finally, the book might be interesting for experienced business continuity practitioners because it systematically summarizes all the key business continuity elements in the ISO 22301 framework – as Kosutic says, “I was actually inspired by my experience delivering courses about the basics of ISO 22301: most of the attendees are beginners, but sometimes the experienced business continuity professionals also attend such courses – typically, their comment is, ‘I already knew most of the stuff from ISO 22301, but having all these things put together was definitely worth it.’ And this is exactly how the book is structured.”
The book covers all the core business continuity elements: business impact analysis, risk assessment and mitigation, business continuity strategy, business continuity planning, incident response, crisis management, recovery, exercising and testing, etc. However, it also focuses on other important requirements of ISO 22301 – the role of top management, objectives, measurement, document control, internal audit, and corrective actions. Finally, the book covers all the steps that come before and after the implementation – the crucial step of how to convince your top management to fund this kind of a project, how to structure the project team, and also how to prepare for the certification and how to speak to the certification auditor.
Kosutic tried to make this book as practical as possible – each section that describes different business continuity elements covers the following aspects:
- Purpose – the purpose of each business continuity element, how it fits with other elements, and how to deal with it with optimum effort
- Inputs – which inputs you need to take into account when making decisions about the implementation
- Options – which options exist for implementing particular elements of business continuity
- Decisions – which decisions need to be made when starting the implementation
- Documentation – which documents need to be written, and how to structure them
About Dejan Kosutic
Dejan Kosutic is the author of numerous articles, video tutorials, documentation templates, webinars and courses about business continuity and information security management. He is the author of the leading ISO 27001 & ISO 22301 Blog, and has helped various organizations including financial institutions, government agencies, and IT companies implement business continuity management according to these standards.