Business Continuity Management Systems
What is ISO 22301:2019 and business continuity management system?
The objective of a business continuity management system (abbreviated as BCMS) is to ensure continuity or recovery of business should it be disrupted
The BCMS comprises scope, risk assessment & evaluation, business continuity strategies, business continuity objectives, development planning, awareness & training, exercises & testing, monitoring & measurement, analysis & evaluation, review, and continual improvement. There may not be a single event of a disruption in your business, however, having effective continuity management systems implemented, means you are ready to tackle, should an incident occur.
ISO 22301 is internationally agreed-upon best practices that cover the whole lifecycle in regards to business continuity management.
It defines the capability of an organization at the strategic and tactical level to plan for and respond to incidents and disruptions in the business in order to continue at an acceptable pre-defined level. An organization is supposed to be prepared for the worst and take steps to improve its resilience.
Who is ISO 22301:2019 for?
The possible threats of disruption to a business are endless: some of them, for example, include natural disasters, cybersecurity breaches, breakdown in IT systems, unavailability of a key supplier, the most skilled staff leaving the organization etc.
Consequently, if not addressed appropriately, they’ll definitely disrupt and possibly lead to business failure.
ISO 22301 is internationally agreed-upon best practices and applies to all organizations, regardless of size, sector or nature of business.
ISO 22301 is useful for professionals dealing with corporate governance & risk, supply chain matters, audit, corporate social responsibility reports, regulatory bodies, and anyone else involved or interested in business continuity.
The benefits of ISO 22301:2019
The benefits include:
- Assurance to the stakeholders that the organization has proven systems in place for business continuity
- Improved organizational resilience through an in-depth understanding of critical issues and areas of vulnerability
- A detailed view of how an organization operates offers valuable insights that are in turn used for strategic planning, risk management, supply chain management, business transformation, and resource management.
The Process (Development & Implementation of Business Continuity Management Systems against ISO 22301)
Gap Analysis against ISO 22301
- Business Excellence' team will conduct an initial assessment/gap analysis according to the scope of services with reference to the STANDARD including office as well as sites
- A comprehensive written report will be presented to the Top Management on the status of the compliance against standard’ requirements in order to know as to what are the gaps
Awareness Training on ISO 22301
- Business Excellence's team will provide awareness training to the key process owners and relevant staff, on the requirements of the standard
- Further to this, they'll explain how these requirements apply to their business
Business Excellence' team will provide full assistance for the development of documentation according to the requirements
These documents will be of different types at different levels (in the order of importance) including policies, manual, system element procedures, and associated 'forms' including RACI matrix, process maps, risks & opportunities register, KPI’s, etc
Implementation of Documented BCMS
Business Excellence' team will extend its full support in regards to the implementation of the aforementioned documented management systems in letter and spirit
This may include SWOT analysis, process mapping, setting objectives & targets, development of RACI matrices, training need analysis, internal audit, corrective action including root cause analysis, management review meeting etc
Internal Audit against ISO 22301
- Finally, a mock assessment by the 'Business Excellence' team will be performed before third-party arrives
- The detailed report of which shall be submitted to the management and will help rectify the non-conformities & concerns
- However, management to ensure rectification of the identified concerns within the time frame, as agreed
Third Party Audit by Certification Body against ISO 22301
- The selected third party to review documentation including records
- Lastly, conduct an onsite audit
Closing-out of Non-conformities
- Consequent upon the independent review and assessment by the relevant authority, the corrective action plan to be developed for each of the non-conformities
- Business Excellence to provide guidance to implement the corrective action plan
Key Deliverables (Development & Implementation of BCMS against ISO 22301)
Gap Analysis Report against ISO 22301
To evaluate the existing systems to ascertain as to what is in compliance and what're the gaps and submitting a comprehensive report to the client
The templates for documents of all types (at all levels) including policies, manuals, system element procedures, work instructions, RACI matrices, forms, process maps, checklist, registers, etc.
Training on ISO 22301
On the requirements of the international standard and how these apply in the context of the business
Review of Documentation and Associated Records
- Business Excellence' team will review each & every provided document prior to finalization
- However, after review by us; the client shall also review these documents prior to approval
Support for Implementation of Documented Management Systems
Business Excellence's team will extend its full support in regards to the implementation of the documented management systems in letter & spirit. This may include SWOT analysis, process mapping, risk assessment, objectives and targets, RACI matrices, training need analysis & training plan, internal audit, corrective action, management review etc
Internal Audit Report against ISO 22301
Finally, a mock assessment by Business Excellence' team will be performed before the third-party assessment and a detailed report of this shall be submitted to the management in order to help rectify the non-conformities & concerns
Audit by Certification Body
The management systems documentation including records shall be submitted to the accredited CB for its review and on-site audit.
Business Excellence' team shall help develop and implement corrective actions to closeout findings consequent upon 3'rd party review &/or assessment till approval of the management systems and issue of the certificate