ISO 22301

As you are probably aware by now, doing business in today’s world is far different than decades earlier.  With the fast pace of technology and innovation, companies need to adapt with the times, contingency planning and disaster recovery are now part of the everyday new business marketplace.  Contingency planning and disaster recovery were largely information technology-led responses to natural disasters and terrorism that affected businesses during the 80s and 90s.  Now, there is a need for a higher level of contingency planning and disaster recovery because the present-day threats have vastly multiplied in number and also increased in severity of potential damage caused.  A new field has been born, known as business continuity management (BCM).

As governments and regulators are aware of the modern day challenges in the business world, organizations need to proactive too when it comes to business continuity management.   Businesses need to take important action to protect their assets during any disaster or emergency situations.  Since the business climate has changed, businesses now recognize their dependence on each other and can take the necessary steps to engage key suppliers and partners to ensure cooperation when incidents happen.  A recognized benchmark of good practice in BCM was therefore needed and several national standards sought to address this issue, including those from Australia, Singapore, the United Kingdom (UK) and the USA.  The ISO 22301 standard plays a key role.  ISO 22301 is a management systems standard for BCM which can be used by organizations of all sizes and types. These organizations will be able to obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM. ISO 22301 also allows the business continuity manager to show top management that a recognized standard has been achieved.

While ISO 22301 may be utilized for certification and hence to include rather short and concise criteriaoutlining the central elements of BCM, however, a more extensive guidance standard (ISO 22313) is being developed to provide greater detail on each requirement in ISO 22301.  Nonetheless, ISO 22301 may also be used within an organization to measure itself against good practice, and by auditors wishing to report to management. The influence of the standard will therefore be much greater than those who simply choose to be certified against the standard.

ISO 22301 is the second published management systems standard that has adopted the new high-level structure and standardized text agreed in ISO.  The significant clauses outline the context of the organization, addressing both internal and external requirements, setting concise boundaries for scope of the management system.  It also addresses leadership, planning, support and operations accordingly.  Organizations need to identify risks to the implementation of the management system and set clear objectives and criteria that can be used to measure its success.  The necessary support mechanisms need to be also implemented and monitored accordingly.

BRCCI – Business Resilience Certification Consortium International (www.brcci.org)

We are thankful to the author for allowing us to post this insightful article on our website. BRCCI provides a comprehensive training and certification program in business resiliency, continuity and IT disaster recovery planning:

1. 3-day CBRM (Certified Business Resilience Manager) is a comprehensive, all-in-one, 3-day Business Continuity Planning and Management Training and Certification course which is designed to teach practical methods to develop, test, and maintain a business continuity plan and establish a business continuity program.

2. 3-day CBRITP (Certified Business Resilience IT Professional) is a comprehensive training on how to assess, develop, test, and maintain an information technology (IT) Disaster Recovery Plan for recovering IT and telecommunications systems and infrastructure in the event of a disaster or business disruption. The training provides a step-by-step methodology to ensure a reliable and effective IT disaster recovery and continuity plan consistent with the industry’s standards and best practices.

3. 2-day CBRA (Certified Business Resilience Auditor) It provides 2 days of intensive, Business Continuity Audit training to enable students to determine the effectiveness, adequacy, quality and reliability of an organization’s Business Continuity Program. Students will learn an audit methodology to evaluate compliance of Business Continuity and IT Disaster Recovery Programs with the current industry’s best practices and standards including:

• ISO 22301: Business Continuity Management Systems – Requirements
• NFPA: Standard on Disaster/Emergency Management and Business Continuity Programs
• ITIL: Information Technology Infrastructure Library

For information on the above program, please contact BRCCI (www.brcci.org, 1-888-962-7224).