Create a better Future, Go for ESG!
ISO 22301 Security and resilience — Business Continuity Management System
What is ISO 22301?
Organizations are operating in an increasingly global, complex, and risky context. Economic, social, political, technical, environment related events can interrupt corebusiness. Natural disasters,diseases, terrorist attacks, strikes,financial crises, unreliable systems,logistics, supply chain failures, as wellas unexpected lack of essentialproduction inputs, can severely affect growth and performance. Eachdisruption might have different effectson organizational resources. It has become almost impossible to predicttheir nature, time, and extent. Organizations are subject to manytypes of catastrophes, with little or nopredictability. Catastrophic events may arise in the form of security breaches, economic crises, volcanoeruptions, earthquakes, weathe rrelated incidents like hurricanes andtornadoes, astronomical events like meteor hits, and, as experiencedcurrently, the onset of pandemics like Covid-19.
ISO 22301 is a Business Continuity Management System (BCMS) that, through prior assessment, planning and review, then formulates a response plan mechanism, and conducts publicity and drills, when a special emergency situation is encountered, it can respond quickly and return to normal operation shortly.
Benefits of ISO 22301 Certification
Through implementing ISO22301, the organization can benefits in the followings:
-
Mitigate risks and financial exposure
-
Reduce the cost of business interruption insurance
-
Reduce duration of any disruption
-
Protect assets, turnover and profits
-
Ensure continuity of business operations
-
Comply with regulatory or legal requirements
-
Increase competitive advantage and enhance corporate reputation
-
Keep your business trading during and after an incident
-
Resume operations more quickly after interruptions
-
Build customer confidence and trust
-
Save lives, if catastrophic events (such as natural disasters) occur
ISO22301 Business Continuity Management System Requirements
For the detailed requirement, you can purchase from the website of the International Organization for Standardization (ISO) which develop and publish international standards or its authorities, ISO 22301 requires organisations to:
• understand external & internal issues, and interested parties, relevant to business scope
• develop an Business Continuity Management Policy declaring commitment to continuity management
• identify the risk and opportunity with the business scope which may cause business interruption
• develop and monitor management objectives and targets
• establish contingency plan or procedures
• test and drill the effectiveness of of your contingency plan
• ensure staff are competent and understand their responsibilities during continuity management
• control any outsourcing service or product
• monitor management performance
• control management nonconformances and take corrective action for significant or repetitive nonconformances
• conduct internal audits of the management system
• ensure top management review the management system.
How can we assist your organization to award ISO 22301 Certification?
Stage 1: Perform site visit and understand the organizational structure, style and culture of their operations, their existing documentation (e.g. manual, procedures or forms), resources and training you deployed.
Stage 2: Provide ISO requirement training to the responsible top management.
Stage 3: Discuss with the responsible top management to define the responsibilities of staff at all levels in your management system.
Stage 4: Perform risk assessment of your business potential catastrophic events and coordinate with you to prepare the relevant response plan with associated training, documentation or resources.
Stage 5: Coordinate and define Management Policy and Objective or Goals with you according to ISO requirement
Stage 6: Establish necessary mechanism with associated resources and elaborate your management system documents in order to meet ISO requirement. We will NOT provide a set of totally separated ISO procedures from your existing procedures that it will cause the difficulty in maintaining your management system or certification renewal.
Stage 7: Implement the approved procedures established in Stage 6 through training or briefing to the concerned staff. Among the trial period, any change is allowed to fit your needs or management style without deviating the ISO requirement.
Stage 8: Provide internal audit training to your audit team and perform the first internal audit with them to your management system together.
Stage 9: Perform management review to ensure your management system conforming the ISO requirement.
Stage 10: Select the certification body for certification.