ISO 22301 2012 Plain English Introduction

ISO 22301 2012 is a generic business continuity management standard.
Use it to ensure that operations continue and that products and services
are delivered at predefined levels, that brands and value-creating activities
are protected, and that the reputations and interests of key stakeholders
are safeguarded whenever major disruptive incidents occur.

EXECUTIVE SUMMARY

ISO 22301 2012 is the world's first international business continuity
management standard. It was developed by ISO Technical Committee

223. ISO/TC 223 is responsible for the development of societal security
standards. ISO published this
standard on June 15, 2012. It cancels
and replaces the old BS25999 business continuity standard. BS25999
is now obsolete and has been officially withdrawn.

The official name of this new standard is ISO 22301:2012 Societal
security - Business continuity management systems - Requirements
.
These requirements can be found in the following seven sections:

  1. Context

  2. Leadership

  3. Planning

  4. Support

  5. Operation

  6. Evaluation

  7. Improvement

The purpose of ISO 22301 2012 is to show people how to set up
and manage a Business Continuity Management System (BCMS).
A
BCMS is a set of interrelated elements that organizations use to
establish, implement, operate, monitor, review, maintain, and improve
their business continuity capabilities. These elements include people,
policies, plans, procedures, processes, structures, and resources.

All of these elements are used to ensure that operations continue
and that products and services are delivered at
predefined levels,
that brands and
value-creating activities are protected, and that
the reputations and interests of key stakeholders are safeguarded
whenever disruptive incidents occur.

SCOPE OF ISO 22301

ISO 22301 is a generic business continuity management standard.
It can be used by any organization, or any part of an organization,
no matter what size it is or what it does.

However, exactly how you apply ISO 22301 is up to you and
will depend on your organization's unique business continuity needs
and obligations and the particular expectations and
requirements of
interested parties. It will also be influenced by its inherent complexity
and its operating environment. Exactly how you apply ISO 22301 will
depend upon your organization's unique structure, its legal and
regulatory obligations, and the processes it uses to support
and deliver its products and services.

USING ISO 22301 TO GET CERTIFIED

ISO 22301 is designed to be used for certification purposes.
Once you've established a
BCMS that meets both the ISO 22301
requirements and your organization's unique needs, you can ask
a
registrar (certification body) to audit your system. If you pass the
audit, your registrar will issue an official certificate that states that
your BCMS meets the ISO 22301 requirements.

While ISO 22301 is designed to be used for certification purposes,
you donít have to become certified. You can be in compliance without
being formally registered by an accredited certification body.

You can self-audit your system and then announce to the world that
your BCMS complies with the ISO 22301 standard (assuming that it
actually does). Of course, your compliance claim may have more
credibility if an independent registrar has audited your BCMS and
agrees with your claim.

OVERVIEW OF ISO 22301

As previously indicated, the standard's business continuity
requirements
are described in ISO 22301 parts 4 to 10. The
following material will briefly introduce these
seven sections.

Part 4. Context asks you to start by understanding your organization
and its
context before you develop your organization's business
continuity
management system (
BCMS). It asks you to identify who
your organization's
interested parties are and to clarify what their
needs and
expectations are; and it asks you to consider all relevant
legal and regulatory requirements. It then asks you to figure out what
your BCMS should apply to and to formally define its scope.

Part 5. Leadership asks your top management to provide leadership
for its BCMS by showing they support it, by assigning responsibility
and authority for it, and by establishing a business continuity policy.

Part 6. Planning asks you to prepare plans to address the risks and
opportunities that could affect your BCMS and to establish business
continuity objectives and plans to achieve them.

Part 7. Support asks your organization to support its BCMS by providing
resources. It asks you to make sure that people are competent and that
they are aware of their
responsibilities. And it asks you to manage
information and to establish
communication procedures.

Part 8. Operation asks you to plan, implement, and control your
organization's BCMS processes. It then asks you to study disruptions
and assess risks, to set recovery priorities, and to identify risk treatment
options. It then asks you to carry out an
impact analysis, to develop a
business continuity strategy, and to establish business continuity
plans and procedures. And, finally, it asks you to conduct exercises
and to test your business continuity plans and procedures.

Part 9. Evaluation asks you to monitor, measure, audit, and evaluate
your BCMS and to review its performance at planned intervals.

Part 10. Improvement asks you to identify nonconformities, to
take corrective actions, and to enhance the overall performance
of your organization's BCMS.

THE PDCA APPROACH

ISO 22301 uses what is called the Plan-Do-Check-Act (PDCA) Model.
It uses this model to organize the standard in the following way:

1. PLAN. Parts 4, 5, 6, and 7 expect you to plan
    the establishment of your organization's
BCMS.

2. DO. Part 8 expects you to establish your BCMS.

3. CHECK. Part 9 expects you to evaluate your BCMS.

4. ACT. Part 10 expects you to improve your BCMS.


OTHER RELATED PAGES

Plain English Business Continuity Definitions

ISO 22301 Business Continuity Management Checklist

Brief Overview of ISO 22301 Business Continuity Standard

ISO 22301 2012 Business Continuity Management Audit Tool

How to Carry Out an ISO 22301 Business Continuity Gap Analysis

Some of the Topics that Business Continuity Plans Should Address

ISO 22301 Business Continuity Standard Translated into Plain English

Knowledge and Skill Continuity Management Auditors Should Have

Updated on May 18, 2016. First published on March 23, 2013.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited   help@praxiom.com   780-461-4514


Legal Restrictions on the Use of this Page
Thank you for visiting this webpage. You are welcome to view our material as often as
you wish, free of charge. And as long as you keep intact all copyright notices, you are also
welcome to print or make one copy of this page for your own personal, noncommercial,
home use. But, you are not legally authorized to print or produce additional copies or to
copy and paste any of our material onto another web site or to republish it in any way.

Copyright © 2013 - 2016 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research
        Group Limited