The ISO 22301:2012 defines the international standard for the business continuity of an organization.
The ISO 22301 standard specifies the requirements for planning, implementing, managing and continuously improving a documented management system to prepare, react and recover from unforeseeable or accidental events, such as:
The standard has been developed to minimise the risk of interruption of the activities of each organisation.
The application of the ISO 22301 requirements allows companies to be able to demonstrate to the stakeholders that there is a business continuity management system modeled on best practices recognised worldwide.
The standard requires working on broad objectives, for this reason it is not prescriptive and can be applied by all organisations, regardless of their size or whether they operate on local, national and global markets or whether they are public or private.
In addition to all the mentioned advantages, ISO 22301 Certification is a fundamental tool in order to:
- Minimise the time to restore full activity
- Guarantee the survival in case of interruption of operations and restoration of activities within the predetermined times
- Reduce the risk of business interruption
Initially the efforts must be aimed at understanding the nature of the organisation, identifying the critical activities, assessing the potential threats and the impact related to a possible interruption of the work/production activity, determining the continuity requirements and the risk propensity.
In this way it is possible to identify the scope of application of the Business Continuity Management System (BCMS), taking into account:
- Strategic business objectives
- Key products and services
- Processes necessary to achieve them and correlation with the organisational structure
- Risk propensity and applicable regulatory and contractual obligations.
The development of the plan can follow the phases of the Deming cycle (PDCA):