This standard outlines the general structure and requirements to implement and maintain a business continuity management system (BCMS). It does this keeping in mind the scale and type of impact the organization can accept in case of any disruption.
There are currently over 4000 organizations that hold this certification and it has quickly become the international standard for business continuity management systems. While there are no large-scale structural changes from ISO 22301:2012, it provides a clearer outline of the requirements and filtering of the requirements for the certification.
One of the primary additions to ISO 22301:2018 is the requirement to make the requisite changes in a planned fashion. While this clause is freshly added, it is something that is an almost intuitive understanding of a business.
Another change is that the business impact analysis should be considering the impact categories as a starting point, once again something that is second nature to any business. The focus here isn’t about creating a grand strategy for business continuity; instead, it pragmatically focuses on identifying the solutions for specific risks and impacts.
- Features and Benefits
- Applicability
- Consulting Methodology
One of the biggest differences that this standard has from ISO 22301:2012 is that ISO 22301:2018 no longer uses the term ‘risk appetite’. Instead, this standard looks to identify when and at what stage does the lack of business activities becomes a threat to the survival of the organization.
The BCMS (business continuity management system) thus created looks to underline the importance of the following:
- The requirement to understand the organization’s needs and the importance of setting up policies and objectives about business continuity based on business impact analysis with the consideration of RTO, RPO, MBCO and MAO.
- The need for creating, maintaining and working with processes and structured response strategies to make sure of the fact that the organization and sustain and recover through disruptions
- To monitor, review and stay updated with the overall efficacy and performance of the BCMS
- To track all necessary qualitative and quantitative measures to improve every day
This business continuity management system implemented would need to have the following features built into it:
- A strong policy that outlines the tipping point, while identifying focus problem areas and solutions
- Identifying competent individuals capable of executing the strategies and allocating them with requisite responsibilities
- Creating management processes that are focused on the following:
-
- Policy
- Business Continuity and Disaster Recovery Plan
- Implementation & Operation
- Performance Assessment and Testing & Exercise
- Management Review
- Constant Improvement
- Creating a string of documented information that provides proof and operational support
There are multiple wide-spread benefits of this particular standard. From a simple business outlook, it helps create strategic objectives and creates a competitive advantage for the brand. Moreover, it also helps solidify the organization’s reputation and credibility, by building resilience to withstand downturns.
Moreover, this particular standard also helps curtail the legal and financial exposure for the business and helps reduce costs during disruptions. It also helps protect property, environment and life and allows for a confidence of the organization’s success.
ISO 22301:2018 helps the business set in place protocols to control and manage risks efficiently and addresses operational vulnerabilities while providing solutions for the same.
This standard is applicable for large, small, for-profit, non-profit, private and public entities. The standard has been conceived in such a way that it applies to organizations of any size or type. The idea here is simple; disruptions affect companies of all sizes and verticals.
Thus, it becomes more important than ever to have a business continuity management system in place to keep the business on an even keel even during disruptions.