An increase in global threats, large-scale natural disasters, increased volume of pandemic-related concerns, and more instances of companies affected by local and regional power or internet outages have elevated the importance of business continuity.
Many organizations develop a business continuity plan, which is a one-time exercise and then file the plan on a shelf to collect dust or stored away on an unknown hard drive. With the increasing frequency of disruptions on an increasingly technology dependent business environment, companies must focus efforts on their ability to provide services to customers no matter the situation.
ISO 22301 is a process-based standard similar to ISO 9001, which focuses on business continuity management. When implemented it will help:
ISO 22301 benefits companies that would like to not only create a business continuity plan, and be prepared to execute the plan.
An approach that emphasizes the business impact and the associated risks to services, ISO 22301 provides an organization a planning framework, which focuses on the priorities of restoring business services to minimize financial, brand and business impact.
In many cases, organizations have already invested time and resources to resolve specific issues. For example, a company has invested in cloud solutions with redundant systems to minimize the likelihood of a disruption, identified key suppliers of goods and services, as well as alternate supplier options, or created a business continuity plan that describes the activities that should occur during a disruption.
By combining the principles and practices of ISO 22301, an organization will be better prepared to respond to unforeseen events. One additional advantage of implementing ISO 22301 is that the standard has been adopted by FEMA as one of the optional certification standards included in the voluntary Private Sector Preparedness and Accreditation and Certification Program (PS-Prep). The PS-Prep program was created on the recommendations of the 9/11 Commission.
Since many organizations have started the implementation process to meet customers’ demands, the most pragmatic way to approach ISO 22301 is to evaluate the current system against each of the required processes and controls.
Many early adopters of ISO 22301 are already certified to one or more standards such as ISO 9001 or ISO 20000-1. This makes the transition to ISO 22301 easier, as some of the basic requirements of a management system, such as document and record control, are already in place, allowing the company to focus on incorporating new requirements in an existing method.
After implementing the guidance of ISO 22301, registration is a method in which a company can prove that it has successfully implemented the requirements. After documenting processes and performing reviews, a company can then look to an independent auditing company to review their processes and ensure that it is adhering to the developed processes.
At the end of the audit, the company is presented with a certificate that it can provide to existing and potential customers as proof of its commitment to information security.
The challenge that many organizations face in ISO 22301 is that the guidance is general in nature, rather than specific to a particular industry or company. ISO 22301 is risk-based situation-specific standard. Many companies review the requirements and work to fulfill every one, rather than evaluate the needs of the organization to determine which services should be considered in the business continuity management system and will improve the success of the organization.
When an organization begins to apply the standard to their operations, unnecessary or complicated solutions can be created for simple challenges. By over applying the standard to your operations, organizations expend precious resources and time, and have a less favorable opinion of the benefits of implementing ISO 22301.
Based on the level of flexibility of the standard, many companies are looking to consultants to:
ITG provides flexible solutions—from complete system development to company specific augmentation—providing valuable insight, advice, and troubleshooting along the way.
Our goal is to ensure that you understand your system, support you in any way possible, and leave you with the tools to manage your system after implementation. Our job is to understand your needs and provide you with the services that will meet your organizational goals, budget and timeframe.
©Copyright 2024. All Rights Reserved.
Our site, uses cookies to help us improve and customize your experience. Learn more about how we use cookies in Privacy Policy.