ISO 22301 outlines the conditions an organization must meet in order to approve a Business Continuity Management System. To comply with this standard, an organization must document a model to create, implement, monitor, review and maintain a BCMS in order to increase its resilience in the event of a disaster.
ISO 22301:2019 represents the latest version of the international standard on Business Continuity Management Systems. This standard provides a framework that helps organizations manage the disruption to their normal operations. The standard does not aim to reduce disruption’s impact completely. It helps an organization determine the impact it is willing and able to accept after a disruption. The organization then creates a business continuity plan that is appropriate for the organization’s needs.
What is BCP?
Business Continuity refers to an organization’s ability to continue its primary functions after a disaster. Business Continuity Planning is a set of risk management procedures and processes that aim to prevent interruptions in mission-critical services and reestablish full functionality to the organization as efficiently and quickly as possible.
The basic requirement for business continuity is to ensure that essential functions are kept up and running during a disaster, and that recovery takes place with minimal downtime. Business continuity plans consider irregular events such as natural disasters and fires, diseases outbreaks, cyberattacks, or other external threats.
What is BCMS?
The Business Continuity Management System’s purpose is to provide controls and capabilities that allow an organization to continue operating during disruptions.
What are the business benefits of BCMS?
Visible Resilience: A BCMS that is effective shows current and potential customers that an organization is prepared for disruption. This is particularly important in areas where disruption can have significant impacts on people’s lives and financial impacts.
Competitive Advantage: It could win business from competitors who are unable to operate or do so in a reduced capacity. A company can build a reputation that attracts customers and also gain financial strength. An organization can bid or tender more efficiently with a Business Continuity Management System.
Protect Organization Value: A BCMS can help to reduce the negative effects of disruptive events. This can help save money, time, as well as reputational damage.
What is the difference between ISO 27001 & ISO 22301? ISO 22301 requires the implementation of a Business Continuity Management System. This indicates the importance of implementing and operating controls to manage an organization’s ability to manage disruptive events. ISO 27001 requires the implementation of an Information Security Management System, (ISMS), to protect the confidentiality, integrity, availability, and privacy of information.
Which one should you implement first: ISO 22301, or ISO 27001
If your company is facing a variety of non-IT threats (each one being able to shut down operations), you might get more bang for your buck focusing on Business Continuity Management, based upon ISO 22301.
If you don’t provide physical deliverables but only deal with digital products, an Information Security Management System (based on ISO 2701) is recommended.
The 10 Clauses of ISO 22301.2019
ISO 22301 is made up of 10 sections.
