Difference between revisions of "ISO22301"

From BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
Jump to navigation Jump to search
Line 45: Line 45:
 
* Operational planning and control
 
* Operational planning and control
 
* [[Business Impact Analysis (BIA) |Business impact analysis]] and [[Risk Analysis and Review |risk assessment]]
 
* [[Business Impact Analysis (BIA) |Business impact analysis]] and [[Risk Analysis and Review |risk assessment]]
* [[Recovery Strategy | Business continuity strategy]]
+
* [[Recovery Strategy | Business continuity strategy and solutions]]
 
* [[Plan Development |Establish and implement BC procedures]]
 
* [[Plan Development |Establish and implement BC procedures]]
 
* [[Testing and Exercising |Exercising and testing]]
 
* [[Testing and Exercising |Exercising and testing]]

Revision as of 07:03, 13 January 2021

ISO 22301 is international BCM Standard in the field of Business Continuity Management (BCM). The convergence from the existing international and national BCM standards to an ISO standard is seen as a normal transition based on past management standards. It is updated in September 2019.

The good news is that all BCM standards including ISO 22301 will be have similar BCM implementation requirement e.g. “BC Programme Element” and “BCM Planning Methodology” and these processes will not differ too extensively when it is implemented with another BCM standard.

The key is to adopted a rigorous understanding of the similarities and differences to ISO 22301:2012 standard with reference to the organization’s existing standards such as the BS 25999-2:2007 or SS540:2008 and to continue with the BCMS implementation.

ISO22301 Lifecycle.png
Comparison between BCM Planning Methodology and ISO 22301

Glossary

Summary of ISO 22301 Requirement

File:PDCA-Plan.jpg
Plan component of the PDCA Cycle
  • 4. Context of the Organization
    • Understanding of the organization and its context
    • Understanding the needs and expectations of interested parties
    • Determining the scope of the BCMS
    • BCMS
  • 5. Leadership
    • Leadership and commitment
    • Management commitment
    • Policy
    • Organizational roles, responsibilities and authorities
  • 6. Planning
    • Actions to address risks and opportunities
    • BC objectives and plans to achieve them

7. Support

8. Operation

File:PDCA-DO.jpg
DO component of the PDCA Cycle

9. Performance Evaluation

File:PDCA-CHECK.jpg
CHECKcomponent of the PDCA Cycle

10. Improvement

File:PDCA-ACT.jpg
ACT component of the PDCA Cycle

History

The BCM world in recognition of the rapidly growing global interest in BCMS, ISO has developed through the Technical Committee known as ISO/TC 223 Societal security, the ISO 22301; Societal Security – BCMS – Requirements.

It is a specification standard to which certification bodies may offer third party certification to their clients. It forms part of the wider Societal security – BCMS series of documents which also consists of ISO 22300 – Vocabulary and ISO 22313 – Guidance.


BCM Framework or Elements of BC Programme

ISO 22301 (reflected from the ISO 22313 Guidance Draft) adopts a 6-element BCM approach to represents the continuous operations of the BC programme within the organization. These six elements of the BC Programme are:

  • Understand the Organization
  • Selecting Business Continuity Options
  • Developing and Implementing a Business Continuity Response
  • Exercising and Testing
  • Business Continuity Programme Management
  • Embedding Competence and Awareness