Managing risks such as natural disasters, power failures, cyber-attacks, pandemia, human errors and similar disruptive incidents means organizations need effective business continuity management (BCM) plans to help them quickly recover from any such event.
ISO 22301 (Security and resilience – Business continuity management systems – Requirements) is an international standard that describes how to manage business continuity in an organization.
The focus of ISO 22301 is to ensure continuity of business delivery of products and services after occurrence of disruptive events. This is done by finding out business continuity priorities (through business impact analysis), what potential disruptive events can affect business operations (through risk assessment), defining what needs to be done to prevent such events from happening, and then defining how to recover minimal and normal operations in the shortest time possible. The strategies and solutions that are to be implemented are usually in the form of policies, procedures, and technical/physical implementation (e.g.: facilities, software, and equipment). ISO 22301 implementation will involve not only setting organizational rules, but also developing plans and allocating technical and other resources to make the continuity and recovery of business activities possible.
As a result of BCMS implementation and certification, organizations will:
· demonstrate that they protect life, assets and the environment
· protect and enhance reputation and credibility
· contribute to competitive advantage by allowing them to work during disruption
· reduce the costs incurred by the disruption and improve its ability to remain effective during the disorder
· contribute to overall organizational resilience
· strengthening the confidence of interested parties
· reduce legal and financial exposure
demonstrate the ability to manage risk and address operational vulnerabilities.