Security Threat Advisory
Looking Glass
FireEye
Governance Risk and Compliance
Governance / Risk / Compliance
Strategic Consulting
ADSIC
FISMA
ISO 20000 ITSM
ISO 22301 BCMS
ISO 27001 ISMS
PCI DSS
Information Security Review

Data & App Security

Database Security & Protection Data Encryption & Control Enterprise Digital Rights Management Data Vulnerability Assessment Application Protection Vulnerability Assessment & Penetration Testing Web Application Firewall Data Governance

Network Security

Network Access Control Next Generation Firewall Email Security Network IPS Web Gateway Next Generation APT Next Generation DDoS Mitigation Smart DDI

Security Operation & Response

Threat Intelligence Services Machine-Readable Threat Intelligence Threat Intelligence Platform Threat Mitigation Governance Risk & Compliance Cyber Security Transaction Monitoring Compromised Card Monitoring Incident Response & Orchestration Encrypted Calls and Messaging Travel Risk Management & Crisis Avoidance Anti Phishing Services

User Security

Identity Management Single Sign On Two Factor Authentication Privileged User Password Management Insider Threat Management Endpoint Security Management Endpoint Detection & Remediation Employee Monitoring Tool

Infrastructure Security

Virtual Security SCADA Security Mobile Device Management Public Key Infrastructure Certificates

Policy & Compliance Management

NETconsent Compliance Suite File Integrity Monitoring, Network Configuration, and Compliance

Overview

ISO 22301 : BUSINESS CONTINUITY MANAGEMENT SYSTEM
We provide ISO 22301 consulting, implementation, audit and certification support. This includes a phase wise approach that involves understanding business context to business continuity, business impact analysis (BIA), risk assessment, exercise and testing, detail recommendations, policy/documentation support, training, coaching employees/teams, coaching business continuity managers, audit and management review leading to successful zero defect ISO 22301 certification. Our ISO 22301 consulting methodology ensures several benefits. Most important of them are the organisation preparedness to manage 'any' crisis or outage. The focus of any business continuity program is not limited to 'prevention' but more importantly 'ability to respond'. The standard uses these 4Rs - namely 'respond, recover, resume and restore'. Our approach of ISO 22301 audit ensures that you get true business value on this investment.

WHAT CONSTITUTES A TRUE BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS)?
BCMS is the organizations' capability to respond post a crisis within a pre-determined response time. BCMS is not how you prevented crisis but more importantly what you will do post crisis. Crisis can be described in several outage scenarios but chiefly they can combine people outage or unavailability, physical site, communication or technology, and/or vendor unavailability. Setting up BCMS involves understanding business and its requirement for recovery expressed in unit of time. In addition, it also involves business continuity decisions on architecture, definition, documentation, implementation, measurement and audits. The most important feature of BCMS is testing your plans - because your business continuity is as good as it is tested. Absence of a defined process as to how your business will recover or its testing is therefore a clear case of absence of a business continuity management system (BCMS).

WHAT ARE THE ISO 22301: 2011 CERTIFICATION REQUIREMENTS?
Coverage
The standard is divided into 10 following clauses. For ISO 22301 certification only Clause 4 to 10 is applicable.

Management System Controls (Clause 4 to 10)

Clause 1 - Scope
Clause 2 - Normative references
Clause 3 - Terms and definitions
Clause 4 - Context of the organisation
Clause 5 - Leadership

Clause 6 - Planning
Clause 7 - Support
Clause 8 - Operation
Clause 9 - Performance Evaluation
Clause 10 - Improvement

WHAT IS NANJGEL SOLUTIONS APPROACH TO SUCCESSFUL BCMS – ISO 22301 CONSULTING/CERTIFICATION?

We bring our world-class experience in delivery BCMS ISO 22301 implementation leading to successful certification.

Phase I - Understanding the business context and relevance of business continuity is the starting point of ISO 22301 implementation.
Phase II - Detail business impact analysis (BIA) and risk assessment gives us an understanding of the core of the business. The process on one-hand helps in understand what are the key 'value creation' activities on one hand and their level of preparedness for different outage scenarios. The outcome of iso 22301 BIA and risk assessment leads to identification of flaws of various types, which can include single point of failures as well as lack of preparedness for managing certain threats and outages.
Phase III - This phase is a management strategy and decision making phase. We help management take a right decision on which risks they should be prepared. Decision such as 'build or buy', hot site, warm site or cold site need to be taken. Once the decision is taken the development of the individual plan starts.
Phase IV - This phase involves development of individual plans with teams that are responsible either for 'respond, recover, resume and restore' processes. Nanjgel has identified best practice business continuity plans that must be documented. The individual plans are discussed and handed to teams for adequacy, acceptance and ownership.
Phase V - the testing phase is the most crucial phase for ISO 22301 certification. Any organizations BCP is as good as it is tested. So special emphasis is laid to cover all aspects of the plan – in order to ensure relevance, awareness among the teams, and the organisation.
Phase VI - ISO 22301 Audit is verification of the newly established process against each requirement for ISO 22301. This is also to check the 'lifecycle' aspect of the process.
Phase VII - ISO 22301 certification audit has two stages:

Stage 1 - documentation, and, Stage 2 - implementation verification.

What are the key consulting differentiators to our ISO 22301 consulting assignment?

Business continuity Architecture in line with business objectives
Testing each aspect of documented plan
Enterprise risk reduction
ROI consulting - We attempt to ensure that you become BCM compliant within existing investment
Speed and comprehensiveness in consulting delivery
Business continuity principles embedded in each business lifecycle/change
Structured and proven risk assessment and risk measurement
Documentation at 4 layers which encompass certification and internal maturity requirements
Measurements that determine the degree of compliance for applicable controls
Higher participation of compliance through head of department involvement
Awareness to each and every member of the organization
Framework implementation and continual improvement
Successful ISO 22301 certification

Upon ISO 22301 certification what should happen in the organisation?

Creates competitive advantage via the promotion of consistent and cost-effective services.
More efficient use of resources for service provision leading to cost reductions.
Lower incident volumes, faster incident resolution and less business disruption because of service failures.
Alignment of information technology services and business strategy.
The creation of a consistent approach that facilitates organizational change.
Reduced risk of not being able to meet business objectives and Service Level Agreement targets.
Higher customer satisfaction and improved reputation.
A continuous improvement in the quality of IT services.