Has Your Business Implemented BCMS based on ISO 22301:2019?
Business Continuity Management System (BCMS) is a management system that aims to implement, operate, monitor, and improve business processes and procedures. It includes people, policies, plans, procedures, processes, structures, and resources.
When major business disruptions occur, all of these elements are employed to recover, restore, and resume the delivery of products and services at acceptable preset capacities and within acceptable predefined time frames.
ISO 22301 is the international standard for BCMS, and its current version is ISO 22301:2019.
ISO 22301:2019 for BCMS Standard
ISO 22301:2019 is a management system standard that outlines the requirements for planning, establishing, implementing, operating, monitoring, reviewing, maintaining, and continuously improving a documented management system to protect against, reduce the likelihood of, prepare for, respond to, and recover from disruptive incidents.
This international standard aims to assist organizations in ensuring that operations continue, and products and services are delivered at predetermined levels, that brands and value-creating activities are protected, and that key stakeholders’ reputations and interests are protected when business disruptions occur.
BCMS Requirements in ISO 23301:2019
The standard’s BCMS requirements are described in ISO 22301:2019 clauses 4 to 10.
1. Clause 4: Context
It asks you to start by understanding your organization and its context before developing your BCMS.
2. Clause 5: Leadership
It asks your organization’s top management to provide leadership for its BCMS.
3. Clause 6: Planning
It asks you to prepare plans to address the risks and opportunities that could affect your BCMS, establish business continuity objectives and plans, control how BCMS changes are planned and implemented.
4. Clause 7: Support
It asks your organization to support its BCMS by providing resources, make sure that people are competent and aware of their responsibilities, manage information and control all communications.
5. Clause 8: Operations.
It asks you to plan and control your organization’s BCMS processes.
6. Clause 9: Evaluation
It asks you to monitor, measure, analyze, audit, and evaluate your organization’s BCMS, and to review its performance at planned intervals.
7. Clause 10: Improvement
It asks you to identify nonconformities, take corrective actions, enhance the suitability, adequacy, and effectiveness of your organization’s BCMS.
PDCA Cycle
ISO 22301:2019 uses PDCA (Plan-Do-Check-Act) cycle to implement, maintain, and continually improve the effectiveness of the BCMS. This ensures that various management system standards, such as ISO 9001, ISO 14001, ISO/IEC 20000–1, ISO/IEC 27001, and ISO 28000, are implemented and operated in a consistent and integrated manner.
1. Plan
Clauses 4 to 7 expect you to plan the establishment of your organization’s BCMS starting with preparing the necessary requirements to establish the context of the BCMS, top management’s role in BCMS, and strategic objectives and guiding principles for the BCMS as a whole.
2. Do
Clause 8 expects you to establish your BCMS based on your business continuity needs, determining how to address them and developing procedures to manage the organization during a disruption.
3. Check
Clause 9 expects you to evaluate BCMS performance. You will gather the requirements necessary to measure business continuity performance.
4. Act
Clause 10 expects you to identify and act on BCMS nonconformity and continual improvement through corrective action.
Effective business continuity management (BCM) enables organizations to protect their revenue following an incident or disaster, while reducing the risk of further losses. Therefore, the implementation of ISO 22301:2019 to organization’s BCMS is extremely crucial for the sake of your business. Make sure your business has implemented its BCMS based on the ISO 22301:2019 so that your BCMS runs effectively.
Visit our webpage for more insights about IT Governance, Risk, and Compliance!
