ISO 22301:2019, Security and resilience – Business continuity management systems – Requirements (BCMS)
ISO 22301 is a management system standard published by International Organization for Standardization (ISO).
It describes the business continuity requirements for you to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented business continuity management system:
to protect against;
to reduce the likelihood of occurrence;
to prepare for;
respond to; and
recover
from disruptive incidents when they arise.
ISO 22301 is all about disaster recovery preparedness to ensure business continuity and sustainability.
The latest revision of ISO 22301 was published in October 2019. ISO 22301:2019 has replaced ISO 22301:2012, which was developed based on the British standard BS 25999-2.
The ISO 22301:2019 version is far more flexible and less prescriptive, adding more value to organizations and their customers as compared with the ISO 22301:2012 version.
Who Should Use ISO 22301?
Organizations of all types and sizes and natures can implement ISO 22301 BCMS.
It does not matter what size your organization is.
Any organisation with as few as 2 persons to as large as million persons can benefit from ISO 23001 BCMS.
It does not matter what industry you are in.
Any organisation in service or manufacturing, profit or non-profit organisation, private or public or government can implement ISO 22301 BCMS.
Any organization that wants to avoid and prevent large-scale damage arising from disruptive incidents.
Any organization that wants to save money from any disruption incidents. Whether by preventing disruptive incidents from happening or by becoming capable of faster recovery, you will save money.
Any organisation that wants to prove its compliance with business continuity to its customers, partners, owners, and other stakeholders.
You may face the risks and lost opportunities involved with not having an ISO 22301:
where ISO 22301 may be a legal or contractual requirement; and
you will potentially be eligible for more lucrative, large scale both government and private sector contracts that are only offered to organisations that have ISO 22301.
ISO 22301:2019 Requirements
Clause 4 Context Of The Organization
Understanding the organization and its context
Understanding the needs and expectations of interested parties
General
Legal and regulatory requirements
Determining the scope of the business continuity management system
General
Scope of the business continuity management system
Business continuity management system
Clause 5 Leadership
Leadership and commitment
Policy
Establishing the business continuity policy
Communicating the business continuity policy
Roles, responsibilities and authorities
Clause 6 Planning
Actions to address risks and opportunities
Determining risks and opportunities
Addressing risks and opportunities
Business continuity objectives and planning to achieve them
Establishing business continuity objectives
Determining business continuity objectives
Planning changes to the business continuity management system
Clause 7 Support
Resources
Competence
Awareness
Communication
Documented information
General
Creating and updating
Control of documented information
Clause 8 Operation
Operational planning and control
Business impact analysis and risk assessment
General
Business impact analysis
Risk assessment
Business continuity strategies and solutions
General
Identification of strategies and solutions
Selection of strategies and solutions
Resource requirements
Implementation of solutions
Business continuity plans and procedures
General
Response structure
Warning and communication
Business continuity plans
Recovery
Exercise programme
Evaluation of business continuity documentation and capabilities
Clause 9 Performance Evaluation
Monitoring, measurement, analysis and evaluation
Internal audit
General
Audit programme(s)
Management review
General
Management review input
Management review outputs
Clause 10 Improvement
Nonconformity and corrective action
Continual improvement
MLOK’s methodology and approach to making your company ISO 22301 complied for certification
We adopt four stages of the most practical and methodological process to help you certified for ISO 22301.
Stage 1: Planning
Conduct Kick-Off Meeting to:
establish implementation schedule and plan;
appoint BCMS Committee;
establish a ISO 22301 BCMS documentation framework; and
have a fundamental understanding of the requirements of ISO 22301.
Stage 2: Documentation
Drafting and writing documents to comply with ISO 22301 requirements:
BCMS Manual;
Job Description;
BCMS Procedures:
business impact analysis (BIA) and risk assessment;
procedure for identification of applicable legal and regulatory requirements;
business continuity strategy;
business continuity plans and procedure;
recovery procedure;
procedure for communication with interested parties;
exercising and testing the business continuity procedures; and
others as applicable.
BCMS Supporting Process Procedures;
BCMS System Procedures; and
BCMS Forms, Work Instructions and others.
Stage 3: Implementation
Guidance and advice on the implementation of the documented BCMS.
To conduct ISO 22301 BCMS Internal Audit Training.
To conduct an ISO 23001 BCMS Internal Audit.
To conduct an ISO 23001 BCMS Management Review Meeting
Stage 4: External Audit
Stage 1 Documentation Audit by the Certification Body.
Rectification of Stage 1 Audit Finding issued by the Certification Body.
Stage 2 Audit Compliance Audit by the Certification Body.
Rectification of Stage 2 NCRs issued by the Certification Body.
MLOK Holdings Sdn BhdProfessional ISO Consultant in Malaysia | ISO Training Services Selangor | Quality Management Training Consultant KL ~ MLOK Holdings Sdn Bhd