- By: Staff Editor
- Date: January 25, 2013
ISO 22301 is an international ISO standard that specifies requirements for the setting up of and management of an effective Business Continuity Management System (BCMS).
Applicability
The ISO 22301 standard’s requirements are generic in nature and intended to be applicable to all organizations regardless of industry or size. The business continuity management system standard does not provide a one-size-fits all model for BCMS which organizations have to implement; rather it provides the requirements based on which the organization can design its own system.
The standard applies to all those organizations that wish to:
- Establish, implement and maintain a BCMS
- Ensure that they conform with their own stated business continuity policies
- Demonstrate they are conforming with their policies to others
- Get their BCMS certified or accredited by a third party
- Determine and declare (by themselves) that they conform to ISO 22301
Plan-Do-Check-Act (PDCA) Model
The ISO 22301 standard applies the Plan-Do-Check-Act or PDCA model in the planning, establishment, maintenance and review of a Business Continuity Management System.
This model was chosen by the standard as it provides consistency with other management system standards such as ISO 9001 Quality management systems, ISO 14001, Environmental management systems, ISO/IEC 27001, Information security management systems, ISO/IEC 20000-1, Information technology — Service management, and ISO 28000, Specification for security management systems for the supply chain. This ensures consistent and integrated implementation and operation with related management systems.
Summary of Requirements
- The ISO 22301 standard requires organizations to determine the scope of the BCMS they intend to implement.
- According to the standard, organizations must also adhere to the legal and regulatory requirements and details how they must do this.
- The role of leadership and policy in establishing and maintaining a Business Community Management System is explained in detail.
- The ISO 22301 standard explains the organizational role and responsibilities in implementing a BCMS as well as the ways in which to plan such a system after determining its objectives.
- The various components of support for a BCMS, the documentation requirements and operational planning and control as well as risk assessment processes are detailed in the standard.
- The requirements for a sound business continuity plan, warning and communications and reviews, internal audits and analysis as well as improvement of the system form a key part of the ISO 22301 standard.
Need training on business continuity? Check out our business continuity and risk management packaged training here.