What exactly is ISO 22301?
Achieving an ISO 22301 certification will demonstrate that your organisation has implemented a business continuity management system. What this really means is you have documented procedures in place to reduce risk to your company; so if you do experience a crisis there will be plans and funds in place to minimise the potential damage. Of course not every eventuality can be prepared for; however you can plan for the majority of conceivable risk scenarios. This kind of preparation will enable your business to keep ticking over in any times of uncertainty – it is always good to have a backup plan.
How was the standard developed?
ISO 22301 is a relatively new standard; it was published in May 2012. It is essentially an improved version of the British Standard for business continuity management – the BS 25999. ISO certifications are particularly valuable because they are put together by global experts and build on older standards. The group of experts take the best aspects and rectify issues of similar previous standards. For example, BS 25999 has been criticised for being too ambiguous regarding the requirements in the standard, particularly when discussing warning and communication. So ISO 22301 was designed with more clearly specified requirements and more of an emphasis on warning and communication. Further improvements when compared to the BS 25999 include the language being more business focused and better use being made of the plan-do-check-act management system (the backbone of the ISO standards).
What is required to achieve an ISO 22301 certification?
One of the important first steps needed to gain an ISO 22301 certification is to perform a business impact analysis (BIA). This involves identifying which of your business practices are the most vital and thus are the first priority to check are on track after a crisis. Next you will have to consider potential risks or threats to your company; taking each one in turn and outlining the procedures to deal with the risk and limit its negative impact. The procedures for dealing with potential crises should consider which employees will be responsible for what; for instance if a crisis occurs who will respond to it, who will be in charge of communications etc.? Furthermore it is important to have the necessary resources readily available for these procedures, should they be needed. Another key consideration when establishing a continuity management system is the possible extent of the crisis impact. How will the crisis affect those associated with your organisations, such as suppliers? And how much can you control and account for this in your plans?
ISO 22301 provides you with a structured approach to plan and implement a continuity management system. The information here is a brief overview but in practice ISO 22301 provides a detailed guideline to establishing the system.
Why choose ISO 22301?
The core advantage ISO 22301 offers is to minimise risk and ensure you are prepared for various incidents; having these procedures in place will keep essential processes going, even if the worst happens. This will most likely result in less downtime and enable you to recover faster. It may also help ensure you adhere to relevant regulations, for example the UK Civil Contingencies Act 2004.
Achieving this certification illustrates the resilience of your organisation to potential customers and suppliers. Furthermore, it reassures them that in times of crisis you will still be able to manage and deliver the services they require. As with achieving most of the ISO standards, ISO 22301 can aid your organisation in accessing international markets because the certification is so widely used and respected.
Another advantage of ISO 22301 is its compatibility with other standards within the ISO family, considering they all based on the same underlying principles (plan do check act) they are all very integratable with each other. Meaning other concerns such as information security (ISO 27001) can also easily be managed in a systematic and structured manner.
Overall, ISO 22301 ensures that help for your organisation is there when you need it most and enables you to keep working to the best of your ability no matter what the circumstances. To find out more about ISO 22301 visit qmsuk.