The structure of the ISO 22301 standard
ISO 22301 CERTIFICATION
ISO 22301
Business Continuity Management System
ISO 22301 is an international network standard for Business Continuity Management.
The standard provides a framework to plan, implement, operate, monitor, review, maintain and continually improve a Business Continuity Management System (BCMS)
Also ISO 22301 is applicable to any type of organization, large or small, and within any industry sector. It is particularly important for organizations operating in high risk environments like utilities, financial services, oil and gas, transportation, telecom and food production, or where continued operation is critical, like in the public sector.
An organization needs to take precautions and be prepared in order to continue business regardless of the nature of a challenge. Implementing business continuity management systems and standards enables your organization to handle any situation.
Benefits of ISO 22301
- Safeguard key assets and maintain your reputation
- Identify impacts of operational disruption and crucial improvements
- identify and manage current and future threats to your business
- Minimize the impact of incidents and losses
- Minimize downtime during incidents and improve recovery time
- Keep critical functions up and running during times of crises
- Meeting legal and regulatory requirements
The ISO 22301 standard consists of 10 sections that establish the requirements for Business Continuity Management Systems (BCMS) of organizations. The following are the sections of the ISO 22301 standard:
- Scope:
This defines the scope of the organization’s BCMS, specifying the processes, activities, and areas included in the system.
- Normative references:
This section includes an additional standard and related documents applicable to the BCMS.
- Terms and definitions:
It provides the breakdown of terms and definitions used in the ISO 22301 standard, ensuring that all parties involved in the BCMS use the same language and understand the same concepts.
- Context of the organization:
This section establishes requirements for the organization to understand the context in which the BCMS operates, including legal, regulatory, and contractual requirements, stakeholders, and the BCMS scope.
- Leadership:
Here, the requirements are listed for the top management of the organization to assume responsibility for implementing and maintaining the BCMS, and commit to providing the necessary resources, considering the continuity policy and associated roles and responsibilities.
- Planning:
This section sets the requirements for BCMS planning, including risk and opportunity identification and setting objectives.
- Support:
It outlines the requirements for supporting the BCMS, including resource provision, communication, documentation, knowledge, and competence.
- Operation:
Here, the requirements for BCMS implementation and operation are developed, including conducting Business Impact Analysis (BIA), risk analysis, mitigation measures, crisis management, and plans and tests.
- Performance evaluation:
This section indicates the requirements for evaluating the BCMS performance, including measurement, analysis, and evaluation of the system’s effectiveness, as well as conducting internal audits and management reviews.
- Improvement:
Lastly, this section lists the steps to follow for the continuous improvement of the BCMS, including taking actions to address non-conformities, evaluating the effectiveness of the actions taken, and updating the BCMS.
For more information about ISO certificates, click here