ISO 22301 - Business Continuity Management Certification

 

What is ISO 22301?

ISO 22301 is the international standard for Business Continuity Management Systems (BCMS). The standard puts controls in place to prevent unwanted occurrences in the operation of the company and prevent emergency situations.

This standard provides a framework for organizations to establish, implement, operate and continually improve their management system to protect against disruptive incidents and enhance their resilience against various unforeseen disruptions.

Once certified, organisations can proudly promote themselves as certificate holders in any of their promotional materials and can include the URS certification logo free of charge.

 

Who requires an ISO 22301 certification?

ISO 22301 is a must have for any organisation wanting to demonstrate a robust ability to continue operations during and after disruptive events. This standard is particularly important certification for business and organisations in the following sectors:  

 

• Energy


• Transport


• Healthcare


• Essential public services

How can ISO 22301 benefit your business?

Becoming certified for ISO 22301 can bring a wide range of benefits to your organisation, including:

 

• Enhancing your organisations resilience


• Improving risk management processes


• Solidifying a systematic response to crises


• Refined decision making

How can you prepare for an ISO 22301 Certification?

Although the thought of starting the certification process may seem daunting, there are a variety of steps you can take to make the process to becoming certified far more streamlined:

 

• Familiarise yourself with the ISO 22301 standard


• Carry out a Business Impact Analysis


• Develop a Business continuity plan


• Conduct regular testing and internal audits to highlight areas for improvement

What are the key requirements ISO 22301?

When working towards becoming certified for ISO 22301, there are various areas that will be a focus during the audit. These areas include:

 

• Demonstrating commitment to the BCMS


• Defining roles and responsibilities within your organisation


• Reviewing and improving your BCMS


• Identifying potential risks and disruptions

What clauses make up the structure of ISO 22301?

 

ISO 22301 consists of ten separate clauses which, in turn, outline the BCMS requirements that must be met by the organisation. These clauses are:

Clause 1-3 – Introductory Clauses

The first three clauses in ISO 22301 serve as an introduction to the standard and outline the scope, normative references and the terms and definitions. This also includes the benefits of a BCMS, and an explanation of the Plan-do-check-act cycle.

Clause 4 – Context of the organisation:

Clause 4 introduces the requirements that must be in place when an organisation establishes a Business Continuity Management System. This includes identifying the needs and expectations of interested parties, legal requirements, and the scope of the BCMS.



Climate Change Amendments:

The amendments have not changed the requirements of clause 4.1 and 4.2, rather they have added an assurance that climate change is considered for the management system. Due to the necessity of climate awareness, it should be considered by organisations and is therefore included as part of the standard.

Rather than a transition being required, organisations should instead consider and apply the guidance provided in the amendment. Should a company minute their considerations during their Management Review regarding CCC as well as evidence of their considerations and any actions, a discrepancy shall NOT be raised. However, should no minute exist for any considerations, then a discrepancy will be raised.

Where a minute and evidence does exist but is clearly of little relevance to CCC an Opportunity for Improvement (OFI) will be raised.

 

Clause 5 – Leadership:

This clause outlines the role that Top Management plays in implementing, maintaining and improving the BCMS. As well as the roles and responsibilities that top management should ensure are assigned and communicated.

 

Clause 6 - Planning:

Clause 6 tackles the organisations approach to risks and opportunities. It also highlights how planning can assist with risk management and prepare for changes to the Business continuity management system.

 

Clause 7 - Support:

This clause focuses on employees in the organisation and the requirements in place to ensure that all staff members have training and competency related to business continuity. This includes competency, awareness, communication and methods of documenting and recording information.

 

Clause 8 - Operation:

Of the entire standard, clause 8 contains the majority of the requirements and provides an in depth exploration of the operational requirements for a BCMS. Throughout this clause, you will find information on Business Impact Analysis, risk assessments, continuity strategies, continuity plans and procedures, and evaluation processes.

 

Clause 9 – Performance evaluation:

Clause 9 defines the variety of methods that must be used to evaluate the performance of the organisation and the BCMS. These methods range from monitoring and evaluation, all the way to management reviews and internal audits.

 

Clause 10 - Improvement:

The final clause of the standard, section 10, covers means of improvement for the organisation and the BCMS. This primarily relates to the handling of nonconformities and implementation of corrective actions.

How long will your ISO 22301 certificate be valid for?

Your ISO 22301 certificate will be valid for at least three years; dependent on the type of site that is being certified.  

 

Ready to get started? Apply using the quotation link below.