ISO 22301 Business Continuity System

Continuous operation of an organisation is a primary requirement. ISO 22301 is designed to ensure that the organization can operate during the most demanding and unexpected conditions.

Many organizations are required, for a variety of reasons, to provide "continuous" operations after an interruption within prescribed time intervals. ISO 22301 is designed in such a way that the organization continues to operate during the most demanding and unanticipated conditions. Helping an organization establish the fundamentals of a Business Continuity Management System (BCS-BCM) protects staff, preserves reputation and provides the ability for the organization to continue to operate and market.

The continued operation of an organization, in the event of an outage either due to a major disaster or an incident, is a primary requirement. ISO 22301 replaced the British Standard BS 25999 which was the world's first BCM standard, designed and developed to minimize the risks of interruptions that could potentially affect the operation of the entire organization.

It provides the basis for the development and implementation of business continuity in an organisation and promotes trust in business-to-business (B2B) and business-to-customer (B2C) transactions. It also contains a comprehensive set of controls based on BCM best practices and covers the entire lifecycle of a BCM.

ISO 22301 is suitable for all organizations, regardless of size and type of workplace. It is particularly suitable for organisations operating in high-risk environments such as financial institutions, telecommunications, transport and the public sector, where the ability to provide business continuity is essential not only for the organisation but also for customers and any stakeholders.

 

Benefits of ISO 22301

The benefits of ISO 22301 are many and cover many business areas:

• It provides a common framework, based on international best practice, for effective business continuity management
• Proactively improves an organisation's resilience to meet key objectives in the event of business interruptions
• It provides a proven and effective method of restoring an organisation's ability to deliver key products and/or services at the agreed level and time, given an outage
• Uses proven practices to effectively manage an outage
• Facilitates the protection and enhancement of the organisation's name and reputation
• Provides a competitive advantage by opening new markets and helps the organization win new business
• Facilitates everyone's understanding of the organisation's operation and helps identify opportunities for improvement
• Ensures that relevant legislation and standard regulations are implemented
• Provides opportunities to reduce costs from internal and/or external BCM audits and potentially reduce insurance premiums in the event of downtime.

 

Combination with other international standards

It is critical to emphasize, given the consequences of the Covid-19 pandemic, that in addition to business continuity, organizations are required to implement procedures and policies that will ensure their overall resilience and functionality, including the security of information managed due to specific circumstances (e.g. teleworking, teleclasses).

For this reason, international best practice recommends that the ISO 22301 Business Continuity Management System should be extended to include the requirements of the international standards for information security (ISO 27001 - Information Security) and organisational resilience (ISO 22316 - Organizational Resilience).