{"id":8533,"date":"2015-11-17T11:59:27","date_gmt":"2015-11-17T10:59:27","guid":{"rendered":"http:\/\/www.solucominsight.fr\/?p=8533"},"modified":"2019-12-30T15:03:56","modified_gmt":"2019-12-30T14:03:56","slug":"continuite-dactivite-faut-il-se-doter-dun-label-reconnu","status":"publish","type":"post","link":"https:\/\/www.riskinsight-wavestone.com\/en\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/","title":{"rendered":"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ?"},"content":{"rendered":"<p><em>L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA). Difficile \u00e0 prendre en main telle quelle et peu op\u00e9rationnelle, la question se pose alors de la bonne mani\u00e8re d\u2019appr\u00e9hender la norme et surtout de savoir \u00e0 qui elle est aujourd\u2019hui destin\u00e9e.<\/em><\/p>\n<h2>Une relation de longue date avec l\u2019ISO 27001<\/h2>\n<p>L\u2019\u00e9volution de l\u2019ISO 27001:2005 vers l\u2019ISO 27001:2013 a chang\u00e9 le regard de la continuit\u00e9 d\u2019activit\u00e9 dans les Syst\u00e8mes de Management de la S\u00e9curit\u00e9 de l\u2019information. Alors que dans sa version pr\u00e9c\u00e9dente (2005), l\u2019ISO 27001 \u00e9voquait la mise en place d\u2019un PCA pour l\u2019ensemble de l\u2019organisation, la version actuelle (2013) ne parle de continuit\u00e9 d\u2019activit\u00e9 uniquement pour les activit\u00e9s li\u00e9es \u00e0 la s\u00e9curit\u00e9 de l\u2019information. La nuance est tr\u00e8s importante et souvent mal interpr\u00e9t\u00e9e\u00a0; il n\u2019est donc plus question dans un Syst\u00e8me de Management de la S\u00e9curit\u00e9 de l\u2019Information d\u2019impl\u00e9menter un PCA pour l\u2019ensemble de l\u2019organisation (il est toutefois compliqu\u00e9 de pr\u00e9voir la continuit\u00e9 des activit\u00e9s s\u00e9curit\u00e9 en l\u2019absence de PCA global\u2026). D\u00e9sormais, c\u2019est bien l\u2019ISO 22301 qui porte le sujet de la continuit\u00e9 dans les normes ISO existantes.<\/p>\n<p>Construite exactement sur la m\u00eame structure que l\u2019ISO 27001, l\u2019ISO 22301 pr\u00e9conise une d\u00e9marche similaire\u00a0: approche par processus, cycle de vie \u00ab\u00a0<em>Plan\u00a0<\/em>\u00bb \u00ab\u00a0<em>Do\u00a0<\/em>\u00bb \u00ab\u00a0<em>Check\u00a0<\/em>\u00bb \u00ab\u00a0<em>Act\u00a0<\/em>\u00bb (PDCA), implication du top management etc. mais elles portent \u00e9galement les m\u00eames travers\u00a0; <strong>les deux normes d\u00e9crivent \u00ab\u00a0ce qu\u2019il faut faire\u00a0\u00bb sans dire \u00ab\u00a0comment il faut le faire\u00a0\u00bb.<\/strong><\/p>\n<h2>Une norme ISO 22301 qui ne se suffit pas \u00e0 elle seule\u2026<\/h2>\n<p>Contrairement \u00e0 l\u2019ISO 27001 qui poss\u00e8de une annexe apportant des recommandations concr\u00e8tes sur la mise en place, l\u2019ISO 22301 ne dispose pas de guide permettant de s\u2019appuyer sur un socle solide \u00ab\u00a0de fond\u00a0\u00bb permettant de guider la d\u00e9finition et la mise en place des chantiers autour du Plan de Continuit\u00e9 d\u2019Activit\u00e9. Toutefois, on peut mentionner l\u2019ISO 22313\u00a0: \u00ab\u00a0Business Continuity Management System \u2013 Guidance\u00a0\u00bb. Cette norme qui se veut \u00eatre un guide soutenant l\u2019ISO 22301 reste cependant assez haut niveau et n\u2019apporte que peu de r\u00e9ponses m\u00e9thodologiques concr\u00e8tes.<\/p>\n<p>Il ne faut donc pas appr\u00e9hender l\u2019ISO 22301 avec pour objectif d\u2019y trouver des r\u00e9ponses sur l\u2019impl\u00e9mentation de son Plan de Continuit\u00e9 d\u2019Activit\u00e9, mais bien pour y trouver des r\u00e9ponses quant \u00e0 son pilotage.<strong> La norme va plut\u00f4t s\u2019adresser \u00e0 ceux qui ont d\u00e9j\u00e0 trouv\u00e9 des r\u00e9ponses sur le fond de l\u2019impl\u00e9mentation de leur Plan de Continuit\u00e9 d\u2019Activit\u00e9.<\/strong><\/p>\n<h2>\u2026mais qui poss\u00e8de une v\u00e9ritable force<\/h2>\n<p>Le probl\u00e8me r\u00e9current des Plans de Continuit\u00e9 d\u2019Activit\u00e9 r\u00e9side dans leur maintien \u00e0 jour dans le temps. Souvent construit en mode projet, ils deviennent vite obsol\u00e8tes une fois en phase de <em>run<\/em>, faute de maintien \u00e0 jour. Le projet se lance dans une p\u00e9riode o\u00f9 il est consid\u00e9r\u00e9 comme prioritaire (survenance d\u2019un incident majeur, prise de conscience de la direction des risques encourus\u2026). Avec le temps, la priorit\u00e9 bascule vers un autre projet au d\u00e9triment du PCA, sur lequel il est difficile de mesurer les b\u00e9n\u00e9fices\u00a0; l\u2019\u00e9ternel d\u00e9bat du \u00ab\u00a0tant que \u00e7a n\u2019arrive pas\u2026\u00a0\u00bb.<\/p>\n<p>La force de la norme r\u00e9side dans la construction d\u2019un SMCA avec pour pilier central l\u2019am\u00e9lioration continue\u00a0: le PCA doit s\u2019inscrire dans le quotidien des activit\u00e9s qu\u2019elles soient SI ou m\u00e9tiers. Int\u00e9grer dans les t\u00e2ches de tous les jours, le PCA n\u2019est alors plus per\u00e7u comme un projet \u00e0 part. Par ailleurs, mettre en place une organisation d\u00e9di\u00e9e au PCA peut s\u2019av\u00e9rer complexe et particuli\u00e8rement lourd. Le sujet du PCA doit s\u2019inviter aux diff\u00e9rentes instances existantes (comit\u00e9s s\u00e9curit\u00e9, revue de direction qualit\u00e9 \/ s\u00e9curit\u00e9, comit\u00e9 d\u2019architecture\u2026)\u00a0: <strong>Le PCA n\u2019est plus un sujet \u00e0 traiter \u00e0 part, il doit faire partie de tous les sujets.<\/strong><\/p>\n<p>Pour que ce principe soit vrai, l\u2019implication du top management est indispensable pour l\u00e9gitimer les actions entreprises et \u00eatre garant du planning PDCA\u00a0: Le rythme des exercices, les revues de direction, les campagnes de sensibilisation sont autant de rendez-vous qui vont contribuer au Maintien en Condition Op\u00e9rationnelle du PCA. L\u2019int\u00e9r\u00eat de la norme est ici la formalisation de toutes ces pratiques de maintien en condition op\u00e9rationnelle d\u00e8s la phase projet. Formaliser en amont ces pratiques vont permettre d\u2019\u00eatre applicables avant m\u00eame la fin de la phase projet. Les chances de survies du PCA vont donc \u00eatre augment\u00e9es de par l\u2019absence de discontinuit\u00e9 entre la phase projet et la phase de run.<\/p>\n<h2>Doit-on aller jusqu\u2019\u00e0 la certification de son SMCA\u00a0?<\/h2>\n<p>Au-del\u00e0 de son r\u00f4le de r\u00e9f\u00e9rence en mati\u00e8re de bonnes pratiques, la norme peut conduire jusqu\u2019\u00e0 une certification du Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9. Aujourd\u2019hui, l\u2019int\u00e9r\u00eat d\u2019aller jusqu\u2019\u00e0 la certification ne concerne pas tous les acteurs du march\u00e9. Les premiers int\u00e9ress\u00e9s vont \u00eatre <strong>ceux dont le m\u00e9tier est celui-l\u00e0 m\u00eame de la continuit\u00e9,<\/strong> c\u2019est-\u00e0-dire par exemple les h\u00e9bergeurs de services informatiques\u00a0; afficher sa capacit\u00e9 de r\u00e9silience aux sinistres majeurs \u00e0 travers un label mondialement reconnu constitue un \u00e9l\u00e9ment diff\u00e9renciateur ind\u00e9niable. Souvent d\u00e9j\u00e0 certifi\u00e9s sur d\u2019autres Syst\u00e8me de Management (qualit\u00e9, s\u00e9curit\u00e9) et adoptant d\u00e9j\u00e0 des bonnes pratiques en mati\u00e8re de continuit\u00e9 d\u2019activit\u00e9, la marche \u00e0 franchir jusqu\u2019\u00e0 la certification n\u2019est pas n\u00e9cessairement haute. C\u2019est le cas par exemple de \u00ab\u00a0<a href=\"http:\/\/www.telecitygroup.fr\/data-centers\/normes-industrielles-certifications.htm\">TelecityGroupe\u00a0<\/a>\u00bb, fournisseur de DataCenter qui a obtenu sa certification ISO 22301 sur ses activit\u00e9s d\u2019h\u00e9bergement en France, ou encore \u00ab\u00a0<a href=\"http:\/\/www.melbourne.co.uk\/stuff\/who-we-are\/awards\/\">Melbourne\u00a0<\/a>\u00bb, soci\u00e9t\u00e9 Britannique d\u2019h\u00e9bergement cloud.<\/p>\n<p>Outre les aspects de disponibilit\u00e9 et redondance des syst\u00e8mes, la disponibilit\u00e9 des donn\u00e9es est \u00e9galement un enjeu port\u00e9 directement par les PCA. Les acteurs <strong>dont le m\u00e9tier est la sauvegarde de la donn\u00e9e<\/strong> vont \u00e9galement trouver un int\u00e9r\u00eat \u00e0 impl\u00e9menter l\u2019ISO 22301 dans un objectif de certification. C\u2019est le cas par exemple de \u00ab\u00a0<a href=\"http:\/\/www.wanbishi.co.jp\/e\/\">Wanbishi Archives\u00a0<\/a>\u00bb, soci\u00e9t\u00e9 Japonaise sp\u00e9cialis\u00e9e dans la gestion de l\u2019information, certifi\u00e9e ISO 22301.<\/p>\n<p>Mais les soci\u00e9t\u00e9s sont encore peu nombreuses \u00e0 viser la certification, celle-ci ne repr\u00e9sentant pas aujourd\u2019hui un \u00e9l\u00e9ment d\u00e9terminant de leur strat\u00e9gie. Reste \u00e0 savoir si les ann\u00e9es \u00e0 venir rendront l\u2019ISO 22301 aussi incontournable que l\u2019ISO 27001.<\/p>\n<h2>En synth\u00e8se\u00a0: \u00eatre mature et en tirer un r\u00e9el b\u00e9n\u00e9fice \u00e9conomique<\/h2>\n<p>La certification ISO 22301 s\u2019adresse \u00e0 des contextes matures dans la gestion de leur continuit\u00e9 d\u2019activit\u00e9, pourvu d\u2019un management convaincu du bien-fond\u00e9 de la d\u00e9marche de certification et dot\u00e9 d\u2019un int\u00e9r\u00eat \u00e9conomique certain l\u00e9gitimant le projet. Si la marche \u00e0 franchir entre les pratiques actuelles et la certification est grande, alors mieux vaut ne pas se lancer dans un projet de certification. L\u00e0 o\u00f9 les projets SMSI peuvent viser la certification en partant de z\u00e9ro, les projets de continuit\u00e9 n\u00e9cessitent une premi\u00e8re maturit\u00e9 op\u00e9rationnelle. La course \u00e0 la certification ISO 22301 est encore loin d\u2019\u00eatre engag\u00e9e mais l\u2019int\u00e9r\u00eat d\u2019y prendre part commence \u00e0 se faire sentir. Les \u00ab\u00a0fournisseurs de disponibilit\u00e9\u00a0\u00bb sont en train d\u2019ouvrir la marche, la vie de l\u2019ISO 22301 ne fait que commencer.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis&#8230;<\/p>\n","protected":false},"author":235,"featured_media":8539,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"page-templates\/tmpl-one.php","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[3222,36],"tags":[391,2508,2509,131],"coauthors":[1520],"class_list":["post-8533","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyberrisk-management-strategy","category-cybersecurity-digital-trust","tag-continuite-dactivite","tag-iso22301","tag-iso27001","tag-pca"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ? - RiskInsight<\/title>\n<meta name=\"description\" content=\"L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA).\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ? - RiskInsight\" \/>\n<meta property=\"og:description\" content=\"L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA).\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\" \/>\n<meta property=\"og:site_name\" content=\"RiskInsight\" \/>\n<meta property=\"article:published_time\" content=\"2015-11-17T10:59:27+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-12-30T14:03:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1780\" \/>\n\t<meta property=\"og:image:height\" content=\"1068\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Florian Bourdon\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Florian Bourdon\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\"},\"author\":{\"name\":\"Florian Bourdon\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/9c0f716c9e58da3980e78330ab624bad\"},\"headline\":\"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ?\",\"datePublished\":\"2015-11-17T10:59:27+00:00\",\"dateModified\":\"2019-12-30T14:03:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\"},\"wordCount\":1337,\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg\",\"keywords\":[\"continuit\u00e9 d'activit\u00e9\",\"ISO22301\",\"ISO27001\",\"PCA\"],\"articleSection\":[\"Cyberrisk Management &amp; Strategy\",\"Cybersecurity &amp; Digital Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\",\"name\":\"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ? - RiskInsight\",\"isPartOf\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg\",\"datePublished\":\"2015-11-17T10:59:27+00:00\",\"dateModified\":\"2019-12-30T14:03:56+00:00\",\"description\":\"L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA).\",\"breadcrumb\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg\",\"width\":1780,\"height\":1068},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#website\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"name\":\"RiskInsight\",\"description\":\"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants\",\"publisher\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#organization\",\"name\":\"Wavestone\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"contentUrl\":\"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png\",\"width\":50,\"height\":50,\"caption\":\"Wavestone\"},\"image\":{\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/9c0f716c9e58da3980e78330ab624bad\",\"name\":\"Florian Bourdon\",\"url\":\"https:\/\/www.riskinsight-wavestone.com\/en\/author\/florian-bourdon\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ? - RiskInsight","description":"L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA).","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/","og_locale":"en_US","og_type":"article","og_title":"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ? - RiskInsight","og_description":"L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA).","og_url":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/","og_site_name":"RiskInsight","article_published_time":"2015-11-17T10:59:27+00:00","article_modified_time":"2019-12-30T14:03:56+00:00","og_image":[{"width":1780,"height":1068,"url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg","type":"image\/jpeg"}],"author":"Florian Bourdon","twitter_misc":{"Written by":"Florian Bourdon","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#article","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/"},"author":{"name":"Florian Bourdon","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/9c0f716c9e58da3980e78330ab624bad"},"headline":"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ?","datePublished":"2015-11-17T10:59:27+00:00","dateModified":"2019-12-30T14:03:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/"},"wordCount":1337,"publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg","keywords":["continuit\u00e9 d'activit\u00e9","ISO22301","ISO27001","PCA"],"articleSection":["Cyberrisk Management &amp; Strategy","Cybersecurity &amp; Digital Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/","url":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/","name":"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ? - RiskInsight","isPartOf":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage"},"thumbnailUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg","datePublished":"2015-11-17T10:59:27+00:00","dateModified":"2019-12-30T14:03:56+00:00","description":"L\u2019ISO 22301 d\u00e9crit les exigences li\u00e9es \u00e0 la mise en place d\u2019un Syst\u00e8me de Management de la Continuit\u00e9 d\u2019Activit\u00e9 (SMCA). Alors que l\u2019ISO 27001 fait office de r\u00e9f\u00e9rence incontest\u00e9e aupr\u00e8s des Responsables de la S\u00e9curit\u00e9 des Syst\u00e8mes d\u2019Information (RSSI) depuis plusieurs ann\u00e9es, l\u2019ISO 22301 peine \u00e0 trouver sa place aupr\u00e8s des Responsables des Plans de Continuit\u00e9 d\u2019Activit\u00e9 (RPCA).","breadcrumb":{"@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#primaryimage","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2015\/11\/Fotolia_74362160_Subscription_Monthly_M.jpg","width":1780,"height":1068},{"@type":"BreadcrumbList","@id":"https:\/\/www.riskinsight-wavestone.com\/2015\/11\/continuite-dactivite-faut-il-se-doter-dun-label-reconnu\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.riskinsight-wavestone.com\/en\/"},{"@type":"ListItem","position":2,"name":"Continuit\u00e9 d\u2019Activit\u00e9 : faut-il se doter d\u2019un label reconnu ?"}]},{"@type":"WebSite","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#website","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","name":"RiskInsight","description":"The cybersecurity &amp; digital trust blog by Wavestone&#039;s consultants","publisher":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.riskinsight-wavestone.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#organization","name":"Wavestone","url":"https:\/\/www.riskinsight-wavestone.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","contentUrl":"https:\/\/www.riskinsight-wavestone.com\/wp-content\/uploads\/2021\/08\/Monogramme\u2013W\u2013NEGA-RGB-50x50-1.png","width":50,"height":50,"caption":"Wavestone"},"image":{"@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.riskinsight-wavestone.com\/en\/#\/schema\/person\/9c0f716c9e58da3980e78330ab624bad","name":"Florian Bourdon","url":"https:\/\/www.riskinsight-wavestone.com\/en\/author\/florian-bourdon\/"}]}},"_links":{"self":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8533","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/users\/235"}],"replies":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/comments?post=8533"}],"version-history":[{"count":5,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8533\/revisions"}],"predecessor-version":[{"id":8540,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/posts\/8533\/revisions\/8540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media\/8539"}],"wp:attachment":[{"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/media?parent=8533"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/categories?post=8533"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/tags?post=8533"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.riskinsight-wavestone.com\/en\/wp-json\/wp\/v2\/coauthors?post=8533"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}