Failing to Prepare is Preparing to Fail
Key Themes of Business Continuity Management
Leadership & Risk Management
As with all Annex SL based ISO Management Systems, ISO 22301 has a strong emphasis on leadership, ensuring clear buy-in and commitment from top management.
Business Continuity Management forms part of an organization’s over-all Risk Management Program, and the standard addresses risks and opportunities related to the BCMS.
Business Impact Analysis
It’s almost impossible to plan for every disruptive event that could occur, so we use Business Impact Analysis as a tool to identify the important products/services your business needs to deliver to customers, and their activities and processes which support the delivery of those products/services.
As recommended in the BCI Good Practice Guide, we can help you assess this on a Strategic, Tactical and Operational level, to ensure business continuity is effective for your needs and embedded across the whole organization.
Business Continuity Strategies
There are several ways to determine the right strategy for your organization, and it may be a mixture across different products/processes.
Assessing the Maximum Tolerable Period of Disruption (MTPD) and determining the Recovery Time Objectives (RTO) is one approach our ISO 22301 Consultants can guide you through when selecting strategies.
Incident Response and Communications
Planning a response to an incident, including the roles and responsibilities of those involved, is also important if your business continuity planning is to succeed.
Our Consultants will help you to establish your incident response structure.
Recovery Plans and Testing
Recovering the Actives and Processes identified in your BIA – above, the recovery plans are often the main focus of Business Continuity Programs, however they should form part of the over-all framework.
Plans can be department or team specific, but should be tested and exercised to ensure that they are effective when needed. Many lessons can be learned from testing your plan and this helps to drive the continual improvement, and over all awareness of BCM in the organization.
Relationship to ISO 27001
ISO 27001 Information Security Management System includes Annex A14 ‘Business Continuity Management’, which can be expanded to meet the requirements of ISO 22301, which is easily aligned with other ISO Standards.
ISO 22301 replaced the British standard BS 25999 as the framework for Business Continuity Management.
Ready to Implement ISO 22301?
Contact our ISO 22301 Consultants to find out how we can help you.
Free ISO 22301 Training
Access free ISO 22301 Training from our learning & development company Lorators.