ISO 22301 – Business Continuity Management
The world’s first international standard for Business Continuity Management (BCM), has been developed to help organizations minimize the risk of such disruptions.
ISO has officially launched ISO 22301, “Societal security – Business continuity management systems – Requirements”, the new international standard for Business Continuity Management System (BCMS). This standard will replace the current British standard BS25999.
ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise.
The requirements specified in ISO 22301 are generic and intended to be applicable to all organizations (or parts thereof), regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.
Business continuity standardization evolves with ISO 22301 by adding:
Greater emphasis on setting the objectives, monitoring performance and metrics; Clearer expectations on management;More careful planning for and preparing the resources needed for ensuring business continuity.
ISO 22301 applies to all types and sizes of organizations that wish to:
establish, implement, maintain and improve a BCMS; assure conformity with the organization’s stated business continuity policy; demonstrate conformity to others; seek certification/registration of its BCMS by an accredited third party certification body; or make a self-determination and self-declaration of conformity with this International Standard.
Business continuity is not a project with a beginning and ending date, it is a program to be managed indefinitely.
Strengthen Company Management Process
Protects Shareholders, Assets and Operation
Makes risk visible to Top Management
Identifies clearly risk map for business continuity
Drives competency improvement to mitigate risk elements
Key products and services are identified and critical activities are understood and strategies planned and agreed
People, Premises, Technology, Infrastructure, Operational, Financial and Regulatory are all included in the Programme.
Incident response abilities are planned and Incident Management teams prepared
Strengthens Corporate Resilience