15 Nov ISO 22301:2012 The International standard on business continuity management
ISO 22301, “Societal security – Business continuity management systems – Requirements”, is the world’s first international standard for Business Continuity Management System (BCMS) that was officially launched in May 2012.
The standard specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise. It is generic and intended to be applicable to all organisations irrespective of size, type or nature of business. The extent to which the requirements of the standard are applied depends on the organisation’s operating environment and complexity.
ISO 22301 provides a framework based on international best practice rooted around the Plan-Do-Check-Act (PDCA) model as found in other ISO management system standards (Figure 1). This allows the BCMS to be implemented and operated in a manner that is consistent with other related management systems, including quality, environment, computer services, and IT security, under one common framework.
ISO 22301 emphasises the importance of:
- Understanding the needs of the organisation and establishing appropriate business continuity policy, objectives, targets, controls, processes and procedures (Plan)
- Implementing and operating the business continuity policy, controls, processes and procedures to develop capabilities for managing disruptive events (Do)
- Monitoring and reviewing the performance and effectives of the BCMS, and identifying remedial actions (Check)
- Maintaining and improving the BCMS by taking corrective actions (Act)
A key feature that differentiates ISO 22301 from other BCM frameworks and guidelines is that an organisation can now become formally certified by an accredited third-party certification body, and therefore demonstrate to its customers, partners, and other stakeholders its compliance to the standard.
For more information on how Riskwest may assist your organisation in implementing ISO 22301 or reviewing / auditing your BCM programme against ISO 22301 requirements, please contact us on +61(8) 6141 3380 or email us at firstname.lastname@example.org.