ISO22301
ISO 22301 is international BCM Standard in the field of Business Continuity Management (BCM). The convergence from the existing international and national BCM standards to an ISO standard is seen as a normal transition based on past management standards. It was updated in September 2019 and 2024.
The good news is that all BCM standards, including ISO 22301, will have similar BCM implementation requirements, e.g., “BC Programme Element” and “BCM Planning Methodology,” and these processes will not differ too extensively when implemented with another BCM standard.
The key is to adopt a rigorous understanding of the similarities and differences between ISO 22301:2012 and the organization’s existing standards, such as BS 25999-2:2007 or SS540:2008, and to continue with the BCMS implementation.
Glossary
Summary of ISO 22301 Requirement
- 1. Scope
- 2. Normative references
- 3. Terms and Definitions
- 4. Context of the Organization
- Understanding of the organization and its context
- Understanding the needs and expectations of interested parties
- Determining the scope of the BCMS
- BCMS
- 5. Leadership
- Leadership and commitment
- Management commitment
- Policy
- Organizational roles, responsibilities and authorities
- 6. Planning
- Actions to address risks and opportunities
- BC objectives and plans to achieve them
7. Support
- Resources
- Competence
- Awareness
- Communication
- Documented information
8. Operation
- Operational planning and control
- Business impact analysis and risk assessment
- Business continuity strategy and solutions
- Establish and implement BC procedures
- Exercising and testing
9. Performance Evaluation
- Monitoring, measurement, analysis and evaluation
- Internal audit
- Management review
10. Improvement
History
The BCM world in recognition of the rapidly growing global interest in BCMS, ISO has developed through the Technical Committee known as ISO/TC 223 Societal security, the ISO 22301; Societal Security – BCMS – Requirements.
It is a specification standard to which certification bodies may offer third party certification to their clients. It forms part of the wider Societal security – BCMS series of documents which also consists of ISO 22300 – Vocabulary and ISO 22313 – Guidance.
In September 2019. ISO22301 is updated.
BCM Framework or Elements of BC Programme
ISO 22301 (reflected from the ISO 22313 Guidance) adopts a 6-element BCM approach to represents the continuous operations of the BC programme within the organization. These six elements of the BC Programme are:
- Understand the Organization
- Selecting Business Continuity Options
- Developing and Implementing a Business Continuity Response
- Exercising and Testing
- Business Continuity Programme Management
- Embedding Competence and Awareness