Business Continuity

The new ISO 22301:2012 standard, Societal security – Business continuity management systems – Requirements, will help organizations, regardless of their size, location, or activity, be better prepared and more confident in handling disruptions of any type.

Incidents can disrupt an organization at any time and applying ISO 22301 will ensure that organizations can respond to and continue their operations. Incidents take many forms, ranging from large scale natural disasters and acts of terror, to technology-related accidents and environmental incidents.

Although most incidents are small, they can have significant impacts, which makes business continuity management relevant at all times. This has led to a global awareness that organizations in the public and private sectors must know how to prepare for, and respond to, unexpected and disruptive incidents.

ISO 22301 provides a framework to plan, establish, implement, operate, monitor, review, maintain, and continually improve a business continuity management system (BCMS). It is expected to help organizations protect against, prepare for, respond to, and recover from disruptive incidents.

Organizations implementing ISO 22301 will be able to demonstrate to legislators, regulators, customers, prospective customers, and other interested parties that they are adhering to good BCM practice. It may also be used within an organization to measure itself against good practice, and by auditors wishing to report to management.

ISO 22301 will assist organizations in the design of a BCMS that is appropriate to its needs and meets its stakeholders’ requirements. These needs are shaped by legal, regulatory, organizational, and industry factors, as well as, the organization’s products and services, its size and structure, its processes, and its stakeholders.

Note: ISO 22301 is the first standard published which is aligned with the new ISO format for writing management systems standards. This will ease understanding and ensure consistency with other management systems, such as ISO 9001 (quality management), ISO 14001 (environmental management), and ISO 27001 (information security management).

ISO 22301 may be used for third-party certification, as well as, for self-assessment. To help users get the best out of the standard, it includes short and concise requirements describing the central elements of business continuity management.

Given the role of business continuity in every sector, ISO 22301 has a huge worldwide potential. So far, numerous countries have started to adopt ISO 22301, including the United Kingdom to replace its BS 25999.

ISO 22301 is part of a series of standards developed by ISO technical committee on Societal Security. An additional standard, ISO 22313, Societal security – Business continuity management systems – Guidance, is under development and expected to be published in early 2013 to provide guidance for implementing ISO 22301.

ISO 22301:2012, Societal security – Business continuity management systems – Requirements, is available from ANSI at this web page of their eStandards Store. For more information about ISO 22301, you may want to view the ISO 22301 Portal at the Professional Evaluation and Certification Board (PECB) web site.