Business Continuity Made Easy: ISO 22301
It’s been around for a number of years now, but never has it been so timely to check out ISO’s standard 22301:2012 - Societal Security - Business Continuity Management Systems.
It’s a standard designed to help organisations of all shapes and sizes to be better prepared and more confident in the face of a sudden crisis, to help them develop a set of policies that will help them weather the storm.
In ISO’s words, “incidents can disrupt an organisation at any time and applying ISO 22301 will ensure that organisations can respond and continue its operations. Incidents take many forms ranging from large scale natural disasters and acts of terror to technology-related accidents and environmental incidents. However, most incidents are small but can have a significant impact that makes business continuity management relevant at all times.”
ISO says that there is growing awareness that organisations both in the public and private sector need to have a business continuity plan in place, so they can better mitigate the potential for danger in the wake of an unexpected or disruptive incident.
“ISO 22301 provides a framework to plan, establish, implement, operate, monitor, review, maintain and continually improve a business continuity management system (BCMS). It is expected to help organisations protect against, prepare for, respond to, and recover when disruptive incidents arise.”
Dr Stefan Tangen, Secretary of the ISO technical committee that was responsible for developing the standard said that “organisations implementing ISO 22301 will be able to demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM.”
“It may also be used within an organisation to measure itself against good practice, and by auditors wishing to report to management.”
ISO says that 22301 has been curated to assist organisations in the design of their BCMS, to ensure that it is appropriate to the organisation’s needs, as well as the needs of clients and suppliers. These are shaped by a range of legal, organisational, industry and regulatory factors, as well as the organisation’s products, services, size, structure, processes and obligations to stakeholders.
Dave Austin, project leader and author of the ISO 22301 standard said that “to work well, ISO 22301 will need organisations to have thoroughly understood its requirements. Rather than being simply about a project or developing ‘a plan’, BCM is an ongoing management process requiring competent people working with appropriate support and structures that will perform when needed.”