You learn what will happen in a crisis when you plan it, not when you get caught in it.
ISO 22301 Business Continuity Management System Awareness Training; doğal afet, siber saldırı, sistem kesintisi, tedarikçi kaybı veya pandemi gibi olağanüstü durumlarda kurumun kritik faaliyetlerini sürdürmesini sağlayan ynetim sistemini ele alır. Katılımcılar standardın ne istediğini, hangi süreçlerin nceliklendirilmesi gerektiğini ve kurtarma planlarının nasıl kurulup işletileceğini sade bir dille ğrenir.
Business continuity is not about taking backups; It is an organized plan for how the organization will survive in a crisis.
When it comes to business continuity in many organizations, backup or secondary data center comes to mind. However, these are not the most difficult problems in a crisis. Who will do what, how will the critical customer be reached, which process can be stopped and for how long, can it continue manually, is there an alternative if the supplier is disabled? In institutions where the answer is not written, the crisis grows even more as everyone acts according to their own mind.
ISO 22301 fills exactly this gap. Standard; It requires linking business continuity to a policy, identifying critical processes, calculating interruption tolerance values, writing a recovery plan, keeping records and conducting regular drills. This training simplifies what the standard requires; It reinforces each topic with concrete examples of how to apply it within the institution.
Bu eğitim, klasik yedekleme/felaket kurtarma anlayışının üzerine ISO 22301’in iş süreci bakışını ekler.
Pek çok kurumda iş sürekliliği denilince hâlâ “yedekleri ne kadar sürede geri yükleriz” sorusu sorulur. ISO 22301 ise farklı bir soru sorar: kritik süreç durduğunda kurum nasıl ayakta kalır. Bu programın farkı, klasik felaket kurtarmayı reddetmek değil; iş süreci ve kurum bağlamı ile birlikte ele almasıdır.
Classic Backup and Disaster Recovery IT-focused, technology-centric approach
- Focused only on server and data backup
- Based on secondary data center migration
- Remains the responsibility of the IT team
- Business processes and human dimension are missing
- Supplier alternative is ignored
- Exercises are carried out infrequently or not at all
- Result: there is a backup but the installation does not work
ISO 22301 Business Continuity Approach Process, people and technology integrated
- Critical processes are prioritized with business impact analysis
- RTO and RPO are determined as business decisions
- IT, legal, human resources, purchasing plans together
- Manual processes and alternative suppliers are planned
- Policy, records and responsibility are documented
- Annual drills and plan updates are mandatory
- Result: the organization continues to operate during the crisis
Participants learn to evaluate business continuity management together on the axis of standards, planning and exercise.
Training transforms knowledge of legislation and standards into an applicable continuity framework. Each topic is discussed through the institution's real processes, outage scenarios and exercise examples.
ISO 22301’i sade bir dille açıklar.
The purpose of the standard, on which subjects it expects rules to be written, and its common or different aspects with ISO 27001; It is explained with examples without drowning in technical jargon.
- Purpose and field of application of the standard
- Management system requirements
- Relationship with information security system
It answers the question of which process is how important.
Business impact analysis method; Criticality ranking of processes, interruption tolerance values, and how to measure financial and reputation impacts are studied practically.
- Süreç inventory ve sınıflandırma
- Impact categories and metrics
- Interruption tolerance calculation
Determines recovery time and data loss tolerance.
How long it takes to get a process back up and running (RTO) and how much data loss is acceptable (RPO) are taught as business decisions.
- Set a recovery time goal
- Data loss tolerance debate
- Balance of cost and target
Continuity risks are evaluated from a different perspective.
How to evaluate critical risks in terms of continuity such as natural disaster, cyber attack, supplier bankruptcy, loss of key personnel, energy outage, epidemic is discussed.
- Types of continuity risk
- Probability and impact assessment
- Difference with information security risk
Shows concrete ways to manage disruption.
Recovery options such as backup location, alternative supplier, manual process, cold-warm-hot data center, cloud backup and which one is appropriate when are studied.
- Location and infrastructure options
- Personnel and manual process
- Supplier and service alternatives
It turns the plan into a living discipline.
Difference between tabletop drill, functional drill and live drill; How to write an exercise scenario, how to report the results and how to update the plan is covered in practice.
- Exercise types and selection criteria
- Scenario design
- Finding report and plan update
Two-day intensive program; A comprehensive program ranging from standard recognition to an institution-specific recovery plan.
Program; It can be adapted as 1 day of information, 2 days of implementer or 3 days of auditor competence, depending on the continuity maturity and target calendar of the institution.
Standard, planning method and drill discipline meet in the same program.
Training makes learning permanent through real disruption scenarios.
Katılımcılar yalnızca dinlemez; süreç inventory çıkarır, etki analizi yapar, kurtarma hedefleri belirler, plan yazar, tatbikat senaryosu tasarlar ve kendi kurumları için yol haritası çıkarır.
Adaptive training for all critical roles with a mission in crisis.
At the end of the training, the continuity maturity of the institution becomes measurable and sustainable.
Participant gains
- ISO 22301’in ne istediğini sade bir dille anlatabilme
- Ability to correctly classify the critical processes of the institution
- Ability to perform business impact analysis and reporting
- Ability to set recovery time and data loss tolerance targets
- Ability to choose between recovery strategy options
- Ability to write plans and documentation
- Ability to design tabletop and live drills
Institutional outputs
- Business continuity policy template
- Süreç inventory ve kritiklik tablosu
- Business impact analysis template
- Table of recovery time and data loss tolerance targets
- Recovery plan and crisis communication plan template
- Example of tabletop exercise scenario
- 90-day continuity road map specific to the institution
Everything you want to know about education at a glance.
Duration, format, number of participants, certificate, content scope and delivered materials have been clarified. In institution-specific programs, parameters are adapted according to need.
| Training Name | ISO 22301 Business Continuity Management System Awareness Training |
|---|---|
| Süre | 2 days (14 hours). Depending on the maturity of the institution, it can be adapted as a 1-day briefing or 3-day auditor competency program. |
| Training Format | Face to Face (Institution Location) Online Live (Zoom / Teams) Hibrit |
| Training Topics | Structure of the ISO 22301 standard · Institutional context and leadership · İş etki analizi (BIA) · Continuity risk assessment · Kurtarma süresi (RTO) ve data loss tolerance (RPO) · Kurtarma stratejileri · İş sürekliliği planı yazımı · Kriz iletişim planı · Masa başı, fonksiyonel ve canlı tatbikat · İzleme, iç denetim ve continuous improvement. |
| Target Audience | Business continuity managers, information security and ISMS officers, IT and system managers, internal audit and risk units, operations managers, human resources, purchasing and supplier management, senior management. |
| Prerequisite | Basic knowledge of management systems (ISO 27001, ISO 9001) is recommended; but it is not mandatory. The training can also be adapted for participants with no management system experience. |
| Number of Participants | Optimum verim için 8 – 20 kişi. Kuruma zel programlarda en fazla 25 kişiye kadar grup açılabilir. |
| Sertifika | Certificate of Participation When the training is completed, a signed digital participation certificate is issued by Secure Fors. Contains verifiable QR code. |
| Educational Material | Sunum dosyası (PDF) · Atlye çalışma defteri · Business continuity policy template · Süreç inventory ve kritiklik tablosu · Business impact analysis template · RTO ve RPO hedefleri tablosu · Recovery plan template · Kriz iletişim planı şablonu · Example of tabletop exercise scenario · 90 günlük süreklilik yol haritası şablonu. |
| Uygulama | Süreç inventory çıkarma, kesinti tolerans hesabı, kurtarma süresi tartışması, kurtarma planı şablonu doldurma, masa başı tatbikat senaryosu canlandırma ve 90 günlük yol haritası tasarımı atlyeleri içerir. |
| Eğitmen | ISO 27001 Lead Auditor is an experienced senior consultant in the field of ISO 22301. Professional who has established a business continuity management system in the field and managed the certification processes; Practical, not theoretical approach. |
| Pricing | Special offer for the institution. The price is determined according to the number of participants, format (face-to-face / online), program duration and customization need. |
Answers to questions you may have before the training.
ISO 27001 is the information security management system standard; It focuses on the confidentiality, integrity and availability of information. ISO 22301 is the business continuity management system standard; It focuses on how the organization will continue its critical activities after an outage. The two standards are complementary and can be established together.
Yes. It also provides business continuity discipline to institutions that do not have a training certification target. Even if you do not receive certification, business impact analysis, recovery plan and exercise discipline independently create corporate value.
Backup and disaster recovery are IT-focused, technical recovery plans. ISO 22301 also covers business processes, human resources, suppliers, customer communication and manual processes. This training adds a business process and enterprise whole perspective to your existing technical infrastructure.
Yes. The online format is conducted live via Zoom or Teams; It has the same structure as the face-to-face format, with screen sharing, breakout rooms, virtual whiteboards and live workshops. Business impact analysis and plan writing workshops are also held effectively online.
Training is the first step towards ISO 22301 certification. For certification, the institution must prepare the documents required by the standard, conduct a business impact analysis, create plans, conduct exercises and undergo inspection by an accredited certification body. Upon request, Secure Fors offers consultancy support for this process.
Yes. Content weights are redistributed according to the organization's sector (finance, manufacturing, healthcare, public), scale, and current business continuity maturity. In case of demand, the real critical processes of the institution are studied as cases and the workshops are made specific to the institution.
Planning, recording and practice make the difference between being ready for a crisis and managing it.
Plan the training program covering your organization's critical processes, rescue objectives and exercise discipline within the framework of the ISO 22301 standard.
References: ISO 22301 İş Sürekliliği Ynetim Sistemleri Standardı · ISO 22313 İş Sürekliliği Ynetimi Uygulama Rehberi · ISO 22317 Business Impact Analysis Rehberi · ISO 22398 Tatbikat ve Egzersiz Rehberi · ISO/IEC 27031 İş Sürekliliği için Bilgi ve Contact Teknolojisi Hazırlığı.