Business continuity - ISO 22301 when things go seriously wrong
- Hits: 4306
Contingency planning and disaster recovery were largely information technology-led responses to natural disasters and terrorism that affected businesses during the 1980s and early 1990s.
There was a growing recognition, however, that this needed to become a business-led process and encompass preparing for many forms of disruption. In light of this, the discipline became known as business continuity management (BCM).
As governments and regulators began to recognize the role of business continuity in mitigating the effects of disruptive incidents on society, they increasingly sought to gain assurance that key players had appropriate business continuity arrangements in place. Similarly, businesses recognized their dependence on each other and sought assurance that key suppliers and partners would continue to provide key products and services, even when incidents occurred.
A recognized benchmark of good practice in BCM was therefore needed and several national standards sought to address this issue, including those from Australia, Singapore, the United Kingdom (UK) and the USA. In the UK, BS 25999 was introduced to provide a management systems standard to which organizations could obtain accredited certification for the first time.
When organizations operating internationally started calling for a single International Standard, ISO/TC 223, Societal security, responded by developing ISO 22301:2012, Societal security – Business continuity management systems – Requirements. The new standard is the result of significant global interest, cooperation and input.
Demonstrating good practice
ISO 22301 is a management systems standard for BCM which can be used by organizations of all sizes and types. These organizations will be able to obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM. ISO 22301 also enables the business continuity manager to show top management that a recognized standard has been achieved.
While ISO 22301 may be used for certification and therefore includes rather short and concise requirements describing the central elements of BCM, a more extensive guidance standard (ISO 22313) is being developed to provide greater detail on each requirement in ISO 22301.
ISO 22301 may also be used within an organization to measure itself against good practice, and by auditors wishing to report to management. The influence of the standard will therefore be much greater than those who simply choose to be certified against the standard.
Article & Image Credits: ISOorg