ISO 22301: The New Business Continuity Standard

Demystifying ISO 22301

Michael Brophy CEO of Certification Europe participated in the Business Continuity Institute’s Business Forum on the 6th September in Dublin. The event contained a collection of well-known speakers such as Brian Honan, Richard Harpur, Denis Woods   and Michael Brophy who imparted their knowledge and experience of business continuity management from both a planning and implementation perspective.

Michael’s speech explained the new ISO 22301: 2012 Societal security-Business Continuity management systems requirements standard to the audience and drew upon the similarities and differences which it shares with the old British Standard BS 25999. The business continuity management (BCM) standard has been developed to protect companies from the risks associated with company outages which can occur due to unexpected disruptions or disasters. Disruptions to your business can result in revenue loss, data risk failure and failure to deliver normal client services as per service level agreements (SLA’s).

During Michael’s presentation he touched upon the evolution of ISO 22301 which was first published on the 15th May 2012. The standard replaces the old business continuity standard BS 25999 which has now been ‘superseded’ and it will be withdrawn in November 2012.   Any organisation looking at business continuity certification should now look at the ISO 22301 standard; as although the BS25999 is still currently on sale, it carries a warning that it has been replaced. Therefore companies which are already undergoing BS 25999 certification can transition over to ISO 22301 certification post the November 2012 change over.

The predominant elements which have changed within the new business continuity standard is that organisations must develop a greater understanding of their organisation in the context that they must perceive the potential impact to their organization’s activities, functions, services, products, partnerships, relationships with interested parties and their supply chains due to a disruptive incident. An organisation completing ISO 22301 certification is required to articulate the objectives, define the internal and external factors that give rise to risk, and to define the purpose of the BCMS.

In essence they must identify any potential internal and external risks to the organisation as they assess the “Organisation’s risk appetite”. The risk appetite is a measure to evaluate the level of risk that companies are willing to take in connection with the type of industry they operate in.

Finally communications has become a key factor in business continuity certification as it is of imminent importance during a crisis or emergency.  While having a robust plan for crisis communications is definitely important to manage external communications in contingency times, it is possibly more relevant to build up a strong communication inside the organisation, for staff to be well trained and prepared on the communications processes to follow during an incident.

Please visit our the ISO 22301 section of our website to find out more about business continuity standard and hoe we can aid you on your journey to ISO 22301certification.

Person with laptop and hardhat ISO certification
Robert Lyons
Robert Lyons

Social
Share

Related ISO Certifications

Certification Europe small Rosette logo symbol

ISO 9001

Quality Management System

Quality Management System ISO 9001 is an internationally recognised global standard that confirms an …
Certification Europe small Rosette logo symbol

ISO 14001

Environmental Management System

ISO 14001 Environmental Management System ISO 14001 is the global standard for organisations wanting …
Certification Europe small Rosette logo symbol

ISO 45001

Occupational Health and Safety

Occupational Health and Safety ISO 45001 is an international standard that specifies requirements for …
Certification Europe small Rosette logo symbol

ISO 50001

Energy Management System

Energy Management Systems ISO 50001 is a global standard for organisations looking to improve …
Certification Europe small Rosette logo symbol

ISO 27001

Information Security Management Systems

Information Security Management Systems ISO 27001 is the international standard for managing risks related …
Certification Europe small Rosette logo symbol

ISO 22301

Business Continuity Management Systems

Business Continuity Management Systems ISO 22301 is the business continuity management system (BCMS) standard. …
Certification Europe small Rosette logo symbol

ISO 20000-1

IT Service Management Systems

IT Service Management Systems ISO 20000-1 Service Management is the international standard for quality …
Certification Europe small Rosette logo symbol

ISO 13485

Medical Devices

Medical Devices ISO 13485 is a globally recognised quality standard that identifies the requirements …
Certification Europe small Rosette logo symbol

ISO 27701

Privacy Information Management Systems

Privacy Information Management Systems ISO 27701 is the global standard for Privacy Information Management …
Certification Europe small Rosette logo symbol

BS 10012

Personal Information Management System

Personal Information Management System BS 10012 provides a framework for a Personal Information Management …
Certification Europe small Rosette logo symbol

ISO 27018

Protection of Personally Identifiable Information (PII)

Protection of Personally Identifiable Information (PII) ISO 27018 is the global standard organisations use …
Certification Europe small Rosette logo symbol

ISO 27017

Cloud Data Protection

Cloud Data Protection ISO 27017 is the global standard used by organisations to strengthen …
Previous
Next

Related Insights

How to make small business sustainability a priority

Small business sustainability is becoming a priority in the drive towards Ireland becoming net zero – here’s…

What is circular economy and what does it mean for organisations?

The circular economy is not a new phenomenon. Read our breakdown of what the circular economy is…
Previous
Next