Business continuity and disaster recovery planning is a key governance responsibility; the board of directors of any organisation is responsible for ensuring that disruptive risks to the continuity of business services are identified and controlled.
The international standard ISO 22301 sets out the requirements for a business continuity management system (BCMS).
The requirements in the Standard are widely applicable and can be implemented in any type or size of organisation, in any location. ISO 22301 enables organisations to prepare to continue trading and return to business as usual as quickly as possible after a disruptive incident.
According to the International Organization for Standardization (ISO), the Standard “specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.”
To find out more about ISO 22301 and how to implement a BCMS, download our free green paper here >>
Useful ISO 22301 and business continuity management resources:
The ISO 22301 BCMS Implementation Toolkit provides you with the pre-written documentation templates, policies and procedures you need in order to implement an ISO 22301-aligned business continuity management system.
ISO 22301: A Pocket Guide will help you to plan and implement a BCMS project. With the expert advice contained in this guide, you can ensure your organisation develops a business continuity plan that is fit for purpose
This book is full of illustrative examples and practical guidance on developing and implementing a BCMS. It discusses business impact analysis (BIA) and risk assessment in the context of business continuity, and outlines key areas of business continuity management (BCM) including strategy, procedures, testing, evaluation and improvement. A BCM policy and other useful document templates are provided in the appendices.
ISO 27031 provides a framework to identify and specify all aspects for improving an organisation's information and communication technology (ICT) readiness to ensure business continuity. The scope of ISO/IEC 27031:2011 encompasses all events and incidents (including security-related) that could have an impact on ICT infrastructure and systems. It includes and extends the practices of information security incident handling and management, and ICT readiness planning and services.