Quality Associates, a partner of your SUCCESS.

Contact us by Line ID: isoconsult

Achievement & Sustainability

t: +66(0)889050555

ISO 22301-the International Management System standard for Business continuity management systems

ISO 22301- Introduction

When implemented properly, business continuity management will decrease the possibility of a disruptive incident, and if such incident does occur, an organization will be ready to respond in an appropriate way, thus drastically decreasing the potential damage of such incident. The purpose of ISO 22301 2012 is to show people how to set up and manage a Business Continuity Management System (BCMS).  A  BCMS is a set of interrelated  elements that organizations use to establish, implement, operate, monitor, review, maintain, and improve their business continuity capabilities. These elements include people, policies, plans, procedures, processes, structures, and resources. All of these elements are used to ensure that operations continue and that products and services are delivered at  predefined levels, that products, brands and  value-creating activities are protected, the reputations and interests of key stakeholders are safeguarded whenever disruptive incidents occur. Any organization – large or small, for profit or non-profit, private or public. The standard is conceived in such a way that it is applicable to any size or type of organization. benefits are as follows;

  • Protect assets and business: Effective business continuity management (BCM) enables organisations to protect their income steam following an incident or disaster, while reducing the risk of further losses.
  • Ensure continuity of business operations: A BCMS helps maintain an organisation’s service levels to its customers. It also helps business leaders to assess the potential impacts of an operational disruption, make the right decisions quickly, deploy an effective response and minimise the overall impact.
  • Increase competitive advantage and enhance corporate reputation: Organisations with an ISO 22301-compliant BCMS can improve customer confidence in the organisation’s ability to respond to incidents.
  • Obtain an independent assessment of your security posture: Accredited certification involves regular reviews and internal audits that provide an expert opinion as to whether the BCMS is functioning properly and provides the level of security needed to protect the organisation’s products and services.
  • Meet legal and regulatory requirements: We recommend ISO 22301 compliance as a useful tool for implementing a well-defined incident response and reporting structure, so organisations can demonstrate they are taking steps to comply with regulatory requirements.
  • Improve processes and organisational focus: Implementing a BCMS involves assessing and evaluating organisational processes, which identifies potential inefficiencies that can be improved. A BCMS implementation project involves the entire business, and helps the organisation focus on its objectives and maintain direction.

ISO 22301-Terms and definitions

A BCMS is a comprehensive approach to organisational resilience and helps organisations cope with incidents that affect their business-critical processes and activities. It provides a structure for organisations to update, control and deploy effective plans, taking into account organisational contingencies and capabilities, as well as business needs.

In the event of business disruption, a BCMS helps an organisation to maintain its service levels to its customers. The BCMS enables business leaders to assess the potential impacts of an operational disruption, make the right decisions quickly, deploy an effective response and minimise the overall impact to the organisation.

A business continuity plan (BCP) is not likely to work if it is not regularly tested and updated. Since it is not integrated with the organisation’s corporate governance and management system, the BCP often gets filed and forgotten, with just a few people being aware of it. A BCMS, on the other hand, is broadly accepted as the most comprehensive approach to organisational resilience. It enables organisations to update, control and deploy effective plans, taking into account organisational contingencies and capabilities as well as the business needs (product- and service- requirements). Unlike the BCP, the BCMS is embedded in the organisation’s culture.

There are some terms related to BCMS such as; 

  • Business Continuity Management System (BCMS) – part of an overall management system that makes sure business continuity is planned, implemented, maintained, and continually improved
  • Maximum Acceptable Outage (MAO) – the maximum amount of time an activity can be disrupted without incurring unacceptable damage (also Maximum Tolerable Period of Disruption – MTPD)
  •   Recovery Time Objective (RTO) – the pre-determined time at which an activity must be resumed, or resources must be recovered
  •   Recovery Point Objective (RPO) – maximum data loss, i.e., minimum amount of data that needs to be restored

ISO 22301- clauses (version 2012)

  • 1 Scope
    2 Normative references
    3 Terms and definitions
    4 Context of the organization
    5 Leadership
    5.1 General
    5.2 Management commitment
    5.3 Policy
    5.4 Organizational roles, responsibilities and authorities
    6 Planning
    6.1 Actions to address risks and opportunities
    6.2 Business continuity objectives and plans to achieve them
    7 Support
    7.1 Resources
    7.2 Competence
    7.3 Awareness
    7.4 Communication
    7.5 Documented information
    8 Operation
    8.1 Operational planning and control
    8.2 Business impact analysis and risk assessment
    8.3 Business continuity strategy
    8.4 Establish and implement business continuity procedures
    8.5 Exercising and testing
    9 Performance evaluation
    9.1 Monitoring, measurement, analysis and evaluation
    9.2 Internal audit
    9.3 Management review
    10 Improvement
    10.1 Nonconformity and corrective action
    10.2 Continual improvement

News & Update

ISO 31000:2018 (Risk management) published on 2018-02.It provides a common approach to managing any type of risk and is not industry or sector specific, and, can be used throughout the life of the organization and can be applied to any activity, including decision-making at all levels.

Aerospace QMS-AS9100/9110/9120 handbook Quality Associates provide a handbook for customers who book our in-house training on AS9100/AS9110/AS9120 course. This handbook is designed for our customers only.

ISO/TS 22163:2017 Railway applications - Quality management system - Business management system requirements for rail organizations: ISO 9001:2015 and particular requirements for application in the rail sector.