Overview of ISO 22301
As the market widens, technology improves, and managing expectations became a top concern for managing processes; risk prevalence increases across every operation. With the recent calamities and aftermath of climate changes, there is likewise a growing need for emergency preparedness and organisational resiliency. Managing risks used to be a specialist function, but nowadays, we see every process owners becoming aware of business risks and initiating and instituting controls in their processes beyond basic requirements.
Managements systems can address such concern by putting in place the universal principle of PDCA as specified in ISO 22301:2012 to outline requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented business continuity management system . It is not with the intent to prevent disasters but to increase the organisation’s preparedness and protection against it, be proactive against its likelihood and known vulnerability, prepare for, respond to, and recover from disruptive incidents when they arise.
What are the actions if there is a fire, power outage, computer virus attack, equipment failure, flash flood, or theft? Business Continuity is not just about being up and running upon a crisis. It’s about being ready for any incident that may cause a disruption to your business.
Preparedness is the key to the above uncertainties. It provides a level of assurance. The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organisations, or parts thereof, regardless of type, size and nature of the organisation. The extent of application of these requirements depends on the organisation's operating environment and complexity.
Benefits of Business Continuity Management Systems (BCMS)
ISO 22301: 2012 Business Continuity Management (BCM) gives confidence and a visible means of meeting your customers' expectations and key stakeholders. It helps companies to continue to operate to meet minimum business level of operations including statutory, regulatory and contractual obligations. It provides the organisation with the required structure and infrastructure and assures the following:
- Managers and owners have the responsibility to maintain the ability of the organisation to function without disruption.
- Preparedness of business activities as subjected to disruptions, such as technology failure, flooding, utility disruption and terrorism.
- Provision of the capability to adequately react to operational disruptions while protecting welfare and safety.
- A management system that adds value to the organisation, and not just a costly planning process, but an investment for organisational resiliency
- Proactive practices towards threat and risk as an important element of good business, management, service provision and entrepreneurial prudence.
Implementing ISO 22301 will incorporate the universal and cyclical PDCA approach as we have seen in the typical management system, extending the conventional business continuity planning process to take greater account of business continuity to prepare the organisation’s critical business functions against unforeseeable events that could change the risk environment and impact business continuity. It will incorporate ‘failure scenario assessment methods’ such as Threat Profiling and Assessment, FMEA (Failure Modes and Effects Analysis), with a focus on identifying ‘triggering events’ that could precipitate serious incidents. It will streamline the resources among business continuity, disaster recovery, emergency response and security incident response and management activities.
The coverage of its implementation is similar to BS 25999-2 such as business continuity policy, business impact analysis, risk assessment, business continuity strategy , business continuity plans, exercising and testing etc. to raise the company’s level of resilience and credibility .
The level of importance of this standard is fast increasing along with the business intent to address action requirements for managing the risks that abound.
ISO 22301 Training Programmes
- Business Continuity Management for Executives
- Introduction to Business Continuity Management
- Business Impact Analysis
- Business Continuity Documentation
- BCM Lead Auditor Training Course
- Business Continuity Planning
- QISMS Application
- IMS Application
- Crisis Management
- Business Continuity Planning for Information Security
- Business Continuity Planning for Integrated Management System
- Business Continuity Planning for Compliance
- Enterprise Risk Management using ISO 31000
- Business Continuity Metrics Performance Management
- BCMR Skills Development
- Organization Preparedness for Business Continuity
- BCM Change Control
- Managing Business Continuity Capability and Cost
- Crisis Communication