What is ISO 22301?
Our ISO 22301 Consultants can help you implement the international standard for Business Continuity Management Systems (BCMS), providing an effective business continuity framework and achieving recognised ISO Certification.
The standard can be applied regardless of the size or complexity of the organisation, using the recognised Plan, Do, Check, Act (PDCA) model to drive continual improvement of the over-all BCM Programme.
Failing to Prepare is Preparing to Fail
Key Themes of Business Continuity Management in ISO 22301
Leadership & Risk Management
As with all Annex SL based ISO Management Systems, ISO 22301 has a strong emphasis on leadership, ensuring clear buy-in and commitment from top management.
Business Continuity Management forms part of an organisation’s over-all Risk Management Programme, and the standard addresses risks and opportunities related to the BCMS.
Business Impact Analysis
It’s almost impossible to plan for every disruptive event that could occur, so we use Business Impact Analysis as a tool to identify the important products/services your business needs to deliver to customers, and their activities and processes which support the delivery of those products/services.
As recommended in the BCI Good Practice Guide, we can help you assess this on a Strategic, Tactical and Operational level, to ensure business continuity is effective for your needs and embedded across the whole organisation.
Business Continuity Strategies
There are several ways to determine the right strategy for your organisation, and it may be a mixture across different products/processes.
Assessing the Maximum Tolerable Period of Disruption (MTPD) and determining the Recovery Time Objectives (RTO) is one approach our ISO 22301 Consultants can guide you through when selecting strategies.
Incident Response and Communications
Planning a response to an incident, including the roles and responsibilities of those involved, is also important if your business continuity planning is to succeed.
Our Consultants will help you to establish your incident response structure.
Recovery Plans and Testing
Recovering the Actives and Processes identified in your BIA – above, the recovery plans are often the main focus of Business Continuity Programmes, however they should form part of the over-all framework.
Plans can be department or team specific, but should be tested and exercised to ensure that they are effective when needed. Many lessons can be learned from testing your plan and this helps to drive the continual improvement, and over all awareness of BCM in the organisation.
Benefits of ISO 22301
There are many benefits to implementing an ISO 22301 Business Continuity Management System including:
- Better understanding of critical areas of the business.
- Integration with existing ISO Management Systems.
- Identify leadership and responsibilities.
- Identify and treat risks to the business.
- Plan for disasters and business continuity events.
- Raise awareness of business continuity requirements.
- Test business continuity plans.
- Demonstrate compliance.
- Marketing value.
Relationship to ISO 27001
ISO 27001 Information Security Management System includes Annex A14 ‘Business Continuity Management’, which can be expanded to meet the requirements of ISO 22301, which is easily aligned with other ISO Standards.
ISO 22301 replaced the British standard BS 25999 as the framework for Business Continuity Management.
Ready to Implement ISO 22301?
Contact our ISO 22301 Consultants to find out how we can help you.