What is this standard about?
This updated international standard details the requirements of a business continuity management system (BCMS). It enables organizations to prepare for disruptive incidents that might otherwise prevent them from achieving their objectives. Users will be better prepared for disruptions and will recover more quickly, minimizing the impact on employees, customers and suppliers.
Who is this standard for?
- Senior business managers
- Continuity, resilience, risk and change management industries
- Quality management industry
- Insurers
Why should you use this standard?
BS EN ISO 22301 specifies requirements to implement, maintain and improve a management system which prepares for, responds to, reduces the likelihood of, and speeds recovery from disruptions. It’s based on the ‘Plan-Do-Check-Act’ model which continually improves organizational effectiveness through proficient planning, implementation, supervision, review and maintenance.
The requirements are generic and to apply to all organizations, or parts thereof, regardless of the type, size and nature of the organization. It applies to organizations that:
- Implement, maintain and improve a BCMS
- Seek to ensure conformity with stated business continuity policy
- Need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption
- Seek to enhance their resilience through the effective application of the BCMS
The extent of application of requirements depends on the organization’s operating environment and complexity.
Business continuity contributes to the development of a more resilient society while organizations without an effective BCMS risk significant vulnerability.
The standard can also be used to assess an organization’s ability to meet its own continuity needs and obligations, and to establish a business continuity management policy that provides a framework for implementing effective business continuity arrangements.
What’s changed since the last update?
This second edition cancels and replaces the first edition (BS ISO 22301:2012), which has been technically revised. The main changes compared with the previous edition are:
- It now conforms to ISO’s requirements for management system standards, which have evolved since 2012
- Requirements have been clarified, with no new requirements added
- Discipline-specific business continuity requirements are now almost entirely within section 8
- Section 8 has been re-structured to provide clearer understanding of the key requirements
- A number of discipline-specific business continuity terms have been modified to improve clarity and reflect current thinking
Role of the BS EN ISO 22301:2019?
The role of BS EN ISO 22301:2019 is to define an internationally recognized integrated approach to business continuity management (BCM) and disaster recovery (DR) aims to assist organizations to prepare for disruptive incidents that might otherwise prevent them from achieving their objectives, and to recover to perform their mission-critical functions. Users will be better prepared for disruptions and will recover more quickly, minimizing the impact on employees, customers and suppliers.
The BCMS is not a stand-alone endeavour. It is but one of many tools needed to recover to perform a mission critical function, and it will adversely affect the speed and success of recovery to perform a mission critical function if done improperly. A BCMS is a complement to, not a replacement for, the organization’s business continuity policy.
Example Scenario 1
For example, it’s estimated that your organization will have to suspend its usual operations and recover its systems within hours after suffering a catastrophic physical loss. Your organization’s board of directors authorizes all necessary resources to execute this plan. This plan has been created to ensure that your organization can recover in the event of a catastrophic impact.
Your organization’s management has a company-wide vision and that all employees operate according to the highest international standards of conduct. You understand that risk is everywhere and its consequences can be very disrupting. You work hard to develop strategies that avoid exposure to major disruption.
Your organization has adopted a proactive risk management approach to all probability/impact matrix activities.
Your organization seeks to ensure that its plans and procedures support continuous improvement and work towards a clear end goal, which is to ensure that your organization can recover in the event of a catastrophic impact.
Example Scenario 2
It’s estimated that your organization will have to suspend its usual operations and recover its systems within five to seven days after suffering a disaster. Your organization’s board of directors authorizes all necessary resources to execute this plan.
This plan has been created to ensure that your organization can recover in the event of a disaster. To achieve this, your organization’s management has a company-wide vision and that all employees operate according to the highest international standards of conduct.
You understand that risk is everywhere and its consequences can be very disruptive. You work hard to develop strategies that avoid exposure to major disruption. Your organization has adopted a proactive risk management approach to all probability/impact matrix activities.
Your organization seeks to ensure that its plans and procedures support continuous improvement and work towards a clear end goal, which is to ensure that your organization can recover in the event of a disaster.
If you are planning on getting a BCMS implemented in your organization, you should ensure that it will be able to achieve all agreed recovery timescales (if such exists).
Why will I benefit from this standard?
BS EN ISO 22301 specifies requirements to implement, maintain and improve a management system which prepares for, responds to, reduces the likelihood of, and speeds recovery from disruptions. Its aims are to help organizations to recover from disruptive incidents, minimize the impact on employees, and recover to perform their mission-critical functions.