Demystifying ISO 22301: The New Business Continuity Management Systems Standard
Michael Brophy CEO of Certification Europe participated in the Business Continuity Institute’s Business Forum on the 6th September in Dublin. The event contained a collection of well-known speakers such as Brian Honan, Richard Harpur, Denis Woods and Michael Brophy who imparted their knowledge and experience of business continuity management from both a planning and implementation perspective.
Michael’s speech explained the new ISO 22301: 2012 Societal security-Business Continuity management systems requirements standard to the audience and drew upon the similarities and differences which it shares with the old British Standard BS 25999. The business continuity management (BCM) standard has been developed to protect companies from the risks associated with company outages which can occur due to unexpected disruptions or disasters. Disruptions to your business can result in revenue loss, data risk failure and failure to deliver normal client services as per service level agreements (SLA’s).
During Michael’s presentation he touched upon the evolution of ISO 22301 which was first published on the 15th May 2012. The standard replaces the old business continuity standard BS 25999 which has now been ‘superseded’ and it will be withdrawn in November 2012. Any organisation looking at business continuity certification should now look at the ISO 22301 standard; as although the BS25999 is still currently on sale, it carries a warning that it has been replaced. Therefore companies which are already undergoing BS 25999 certification can transition over to ISO 22301 certification post the November 2012 change over.
The predominant elements which have changed within the new business continuity standard is that organisations must develop a greater understanding of their organisation in the context that they must perceive the potential impact to their organization’s activities, functions, services, products, partnerships, relationships with interested parties and their supply chains due to a disruptive incident. An organisation completing ISO 22301 certification is required to articulate the objectives, define the internal and external factors that give rise to risk, and to define the purpose of the BCMS.
In essence they must identify any potential internal and external risks to the organisation as they assess the “Organisation’s risk appetite”. The risk appetite is a measure to evaluate the level of risk that companies are willing to take in connection with the type of industry they operate in.
Finally communications has become a key factor in business continuity certification as it is of imminent importance during a crisis or emergency. While having a robust plan for crisis communications is definitely important to manage external communications in contingency times, it is possibly more relevant to build up a strong communication inside the organisation, for staff to be well trained and prepared on the communications processes to follow during an incident.
Please visit our the ISO 22301 section of our website to find out more about business continuity standard and hoe we can aid you on your journey to ISO 22301certification.