ISO 22301 is international BCM Standard in the field of Business Continuity Management (BCM). The convergence from the existing international and national BCM standards to an ISO standard is seen as a normal transition based on past management standards. It is updated in September 2019.
The good news is that all BCM standards including ISO 22301 will be have similar BCM implementation requirement e.g. “BC Programme Element” and “BCM Planning Methodology” and these processes will not differ too extensively when it is implemented with another BCM standard.
The key is to adopted a rigorous understanding of the similarities and differences to ISO 22301:2012 standard with reference to the organization’s existing standards such as the BS 25999-2:2007 or SS540:2008 and to continue with the BCMS implementation.
Summary of ISO 22301 Requirement
- 1. Scope
- 2. Normative references
- 3. Terms and Definitions
- 4. Context of the Organization
- 5. Leadership
- Leadership and commitment
- Management commitment
- Organizational roles, responsibilities and authorities
- 6. Planning
- Actions to address risks and opportunities
- BC objectives and plans to achieve them
- Operational planning and control
- Business impact analysis and risk assessment
- Business continuity strategy and solutions
- Establish and implement BC procedures
- Exercising and testing
9. Performance Evaluation
The BCM world in recognition of the rapidly growing global interest in BCMS, ISO has developed through the Technical Committee known as ISO/TC 223 Societal security, the ISO 22301; Societal Security – BCMS – Requirements.
It is a specification standard to which certification bodies may offer third party certification to their clients. It forms part of the wider Societal security – BCMS series of documents which also consists of ISO 22300 – Vocabulary and ISO 22313 – Guidance.
BCM Framework or Elements of BC Programme
ISO 22301 (reflected from the ISO 22313 Guidance Draft) adopts a 6-element BCM approach to represents the continuous operations of the BC programme within the organization. These six elements of the BC Programme are:
- Understand the Organization
- Selecting Business Continuity Options
- Developing and Implementing a Business Continuity Response
- Exercising and Testing
- Business Continuity Programme Management
- Embedding Competence and Awareness