ISO 22301

ISO 22301 describes requirements for the continuous planning, implementation, execution and monitoring of management strategies to protect against or reduce disruptions and their impact. Organizations that implement a Business-Continuity-Management-System based on ISO 22301 can be certified accordingly, which can be used for internal and external purposes to demonstrate good business continuity management practices. ISO 22301, like other ISO standards, can be implemented regardless of organizational form, industry, or organization size. The requirements for a company for an ISO 22301 certification and corresponding implementation are the knowledge of and recording of all critical processes of an organization, the recording of potential consequential damage in the event of critical business process failure (so-called business impact analysis), assessment of potential risks and their impact, development of responses in the event of an emergency  as well as the implementation of training exercises and monitoring of the Business-Continuity-Management process. ³³

ISO 22301 is based on 5 key principles and the PDCA Cycle.

The 5 key principles are Responsibility, Clear Objectives, Impact and Risk Evaluation, Communication, and Testing.

Responsibility is important because in a crisis event, a BCM plan should have been put inplace by responsible senior managers for this case, and clear defined responsibilities in executing such a plan are important for sucessful execution.

Hand in hand with this plan come clearly defined objectives of a BCM plan without which prioritazation and resource allocation in the case of crisis will not function properly. 

To determine these objectives however it is important to properly evaluate a potential risk and the impacts its occurrence might have.

To achieve an effective deployment of a BCM plan, the communication with all affected stakeholders should be planned and regular testing of the whole BCM plan should regularly occur.

In order to successfully achieve a ISO 22301 certification businesses should follow a PDCA cycle on the way to successfully implementing a BCM plan.

In the Plan-Phase the factors influencing the effectiveness of business continuity situations need to be identified as well the objectives of and resources for achieving business continuity in a crisis situation need to be defined.

Once the Do-Phase is entered, these identified factors, objectives and resources need to be funneled into implementing the necessary changes for achieving business continuity on every business level.

In the Check-Phase, these implemented measures evaluated for effectivness, and if needed adjustments are made on this basis during the Act-Phase.

In line with other related standards the ISO defines 10 core clauses to be aware of and adhere to for a successful implementation and maintainance of ISO 22301 standards.

These are:

1. Scope
2. Normative References
3. Terms and Definitions
4. Context of the Organisation
5. Leadership
6. Planning
7. Suppport
8. Operation
9. Performance
10. Improvement

For more information on how to achieve ISO 22301 certification you can refer to the ISO website, the implementation guide by BSI or the implementation guide by NQA.

 

Sources for the ISO 22301 Process: ^{46, 47, 48}