The ISO 22301 Societal security – Business continuity management systems – Requirements
is the standard created by leading experts on this area to provide the best framework for business continuity management in an organization.
ISO 22301 is not that different from BS 25999-2 in most business continuity areas like business impact analysis, strategy or planning; the biggest changes are in the management part of the standard.
ISO 22301:2012 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
The requirements specified in ISO 22301:2012 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.
If an organization wants to implement this standard, the following documentation is mandatory:
- List of applicable legal, regulatory and other requirements
- Scope of the BCMS
- Business Continuity Policy
- Business continuity objectives
- Evidence of personnel competences
- Records of communication with interested parties
- Business impact analysis
- Risk assessment, including risk appetite
- Incident response structure
- Business continuity plans
- Recovery procedures
- Results of preventive actions
- Results of monitoring and measurement
- Results of internal audit
- Results of management review
- Results of corrective actions
More data about the ISO 22301 in: