It sets out the policies and procedures you need to protect against, reduce the likelihood of and, help your organization recover from disruptive incidents.
The ISO standard sets outs requirements to implement, maintain and continually improve a Business Continuity Management System (BCMS). This can be used to guard against, reduce the likelihood of, prepare for, respond to and recover from disruptive incidents (e.g. natural disasters) when they take place.
You may already have a number of processes in place to help reduce the likelihood of and respond to disruptive incidents. Often this are called disaster recovery controls.
However, making sure that everybody is aware of your policies and that everyone follows them can be difficult.
With the ISO 22301 Standard, you have robust framework to help you define, monitor, review and update your business continuity processes. This can help ensure they are consistently applied.
To implement ISO 22301, you will need to:
- Define the context of the organisation (e.g interested parties) and determine the scope of the BCMS.
- Secure senior leadership support and establish a Business Continuity Policy.
- Set organisational objectives and plan how to achieve them
- Outline resources (people, infrastructure, etc) and documentation necessary to support the BCMS.
- Establish performance evaluation procedures (including an internal audit function)
- Define an improvement process.
What is a Business Continuity Management System (BCMS)?
A Business Continuity Management System, or BCMS, is a set of processes, policies and records that define and describe how your organization plans for and responds to significantly disruptive incidents. A well designed BCMS needs to be constructed around the specific needs of the company in question. It is here that ISO 22301 can serve as an excellent guide.
The most widely seen benefits of ISO 22301 certification include:
- Increased efficiency decision-making
- Improved organizational resilience (ensuring you can continue to deliver your products and services)
- Better organizational you can continue to deliver your products and services)
- Improved ability to respond to legislative requirements.- A competitive advantage over non-certified companies.
Who needs ISO 22301?
ISO 22301 is perfect for any organization, whatever their size, looking to improve their overall resilience.