ISO 22301:2012 (business continuity management system)
ISO 22301 standard stands for business continuity management system, which can be applied by organizations of all sizes and types. These organizations will be competent to attain accredited certification alongside with this standard and consequently exhibit to legislators, supervisors, clientele, potential customers and other concerned parties that they are remaining to good practice in business continuity management system. ISO 22301(BCM) also allows the business continuity manager to demonstrate top management that a documented standard has been accomplished.ISO 22301 perhaps also be used within an organization to calculate itself contiguous to good practice, and by auditor’s aspiration to report to management. The pressure of the standard will consequently be much superior to those who basically wish to be certified against the standard.
Following these are the standard’s requirements,
Context of the organization The first step engaged is getting to know the organization, both internal and external needs, and setting clear boundaries for the scope of the management system. In exacting, this requires the organization to know the requirements of appropriate interested parties, such as regulators, clients and employees. It must in particular understand the relevant legal and regulatory requirements. This enables it to decide the scope of the business continuity management system (BCMS).
Leadership ISO 22301 places particular importance on the need for appropriate management of BCM. This is so that top management makes certain that appropriate resources are provided, establishes policy and employ people to implement and maintain the BCMS.
Planning This requires the organization to classify risks to the implementation of the management system and set plain objectives and criteria that can be used to calculate its success.
Support Since resources are required for implementation, this clause introduces the important concept of capability. For business continuity to be successful, people with appropriate knowledge, skills and experience must be in place to both contribute to the BCMS and respond to incidents when they occur. It is also important that all staff is alert of their own role in responding to incidents and this clause deals with all of these areas. The need for communication about the BCMS – for example in telling customers that the organization has appropriate BCM in place – and preparedness to communicate following an happening (when normal channels may be disturbed) is also covered here.
Operations This section holds the main body of business continuity-specific knowledge. The organization must carry out business impact analysis to comprehend how its business is affected by disruption and how this changes over time. Risk assessment seeks to recognize the risks to the business in a controlled way and these notify the development of business continuity strategy.
Evaluation For any management system, it is vital to appraise performance against plan. ISO 22301 therefore requires that the organization pick and measure itself against appropriate performance metrics. Internal audits must be conducted and there is a requirement that management review the BCMS and act on these reviews.
Improvement No management system is ideal at the outset, and organizations and their environments are continuously changing. This clause defines actions to take to improve the BCMS over time and guarantee that corrective actions arising from audits, reviews, exercises and so on are addressed.
Ascent Tanzania (IDSL) can guide the organization for the Successful implementation of ISO 22301:2012 (BCMS)
Assign an ISO Consultant who systematically understand the requirement for the f ISO 22301 and guide the organization to achieve the certification. Ascent Tanzania having the best consultant for ISO 22301:2012 (BCMS) who can guide you through-out the certification process and make certain that the requirement is successfully implemented so it doesn’t create any hurdle during the audit .