BCMS ISO 22301

BCMS

ISO22301 (ISO 22301) BCMS Requirements

ISO 22301:2012 specifies the requirements for a business continuity management system (BCMS). The requirements for a BCMS can be employed by any organization, no matter their size, type or location.

Deploying a BCMS that is ISO 22301-compliant will allow your organization to demonstrate to stakeholders - employees, customers, suppliers, shareholders - that your organization is prepared for disruptive incidents that might otherwise affect you achieving your organizational goals.

ISO 22301 is based on the Plan-Do-Check-Act model as found in other management system standards.

Organizations that don't employ a BCMS face being unprepared should a disruptive incident occur. Organizations suffering a disruptive incident without having a BCMS face the following consequences of doing so:

·         Loss of customers

·         Reputational damage

·         Monetary loss

·         Potentially going out of business

The list of side-effects is endless, do you really want to risk your organization?

Key Features and Benefits:

·         A standard that specifies the requirements for a BCMS. Deploying a BCMS and achieving certification against the standard demonstrates an organization is prepared should a disruptive incident occur, and that your organization should be able to continue should an incident occur.

·         The requirements in the standard can be applied in any type or size of organization, no matter the location, making it widely applicable.

·         Why risk damage to your organization’s turnover, profits and reputation by not being prepared should a disruptive incident occur?

What is ISO 22301?
Its official title is, “Societal Security – Business Continuity Management Systems – Requirements”. As the name implies, it’s a standard for implementing a business continuity management system and continuously improving business continuity capabilities based on management priorities and feedback. The purpose and intent of this standard is to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of, occurrence of, prepare for, respond to and recover from a disruptive incident when it arises. ISO 22301 was written in a manner that will allow organizations to pursue organizational certification.

ISO 22301 provides a framework to plan, establish, implement, operate, monitor, review, maintain and continually improve a business continuity management system (BCMS). It is expected to help organizations protect against, prepare for, respond to, and recover when disruptive incidents arise.

 “Organizations implementing ISO 22301 will be able to demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM.

“It may also be used within an organization to measure itself against good practice, and by auditors wishing to report to management.”

ISO 22301 will assist organizations in the design of a BCMS that is appropriate to its needs and meets its stakeholders’ requirements. These needs are shaped by legal, regulatory, organizational and industry factors, the organization's products and services, its size and structure, its processes, and its stakeholders.

Dave Austin, the project leader responsible for writing ISO 22301, explains: “To work well, ISO 22301 will need organizations to have thoroughly understood its requirements. Rather than being simply about a project or developing ‘a plan’, BCM is an ongoing management process requiring competent people working with appropriate support and structures that will perform when needed.”

ISO 22301 is the first standard published which is aligned with the new ISO format for writing management systems standards. This will ease understanding and ensure consistency with other management systems, such as ISO 9001 (quality management), ISO 14001 (environmental management) and ISO/IEC 27001 (information security management).