ISO 22301:2012 – Business Continuity Management Systems
Continuity of business is as vital as continuity of life. And as we invest in continuity of life, we have to invest in the continuity of business. Investment in terms of thought. Investment in terms of action. Investment in terms of resources. All for business continuity. ISO 22301, the Business Continuity Management system standard, is the framework, wherein we can channelize thoughts, actions and resources for business continuity. We need to protect the organization and business. It is vital these days. Customers want products and services at all times. At the time they wish to have it. Customers like to do business with the organization which has a business continuity management system in place as this ensures the capability of organization to deliver service or product any time including in times of disaster or a crisis.
Purpose of ISO 22301:2012
ISO 22301 Societal Security –Business Continuity Management Systems –Requirements is an International Standard that specifies the requirements for setting up and managing an effective Business Continuity Management System (BCMS). ISO 22301:2012 specifies requirements to establish a management system to protect and respond to disruptive incidents when they arise.
Benefits of ISO 22301
The Key benefits are as under:
- improve organizational focus
- reduces the impact of disasters
- readiness towards handling business interruptions
- improves the reputation and credibility of organization
- attracts investors and customers.
- facilitates risk management – both internal and external
Features of ISO 22301
ISO 22301 BCMS is based on the structure of ISO Annex SL and emphasis the importance of PDCA (Plan-Do-Check-Act):
- Plan (Establish): Establish business continuity policy, objectives, targets, controls and processes relevant to improving business continuity in order to deliver results that align with the organization’s overall policies and objectives (Refer Clause 4, 5, 6 & 7 of Standard)
- Do (Implement and Operate): Implement and operate the business continuity policy, controls, processes and Procedures (Refer Clause 8 of Standard)
- Check (Monitor and Review): Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine the actions for remediation and improvement (Refer Clause 9 of Standard)
- Act (Maintain and Improve): Maintain and improve the BCMS by taking corrective actions based on the results of management review and reappraising the scope of the BCMS and business continuity policy and objectives. (Refer Clause 10 of Standard)
DQS Certification India appoints a competent & suitable auditor or team of auditors to audit the organization against the standard & scope requested by the clients. Gap analysis may be performed first to check readiness for the auditee organization. Certification Audit is carried out when the client is ready for assessment. Routine surveillance audits are carried out to evaluate continual improvement in the validity period. A re-certification audit is performed after every three years to maintain continuity of certification.