Fall World 2014

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 27, Issue 3

Full Contents Now Available!

A Closer Look At: ISO 22301

I just downloaded the updated Rules and Regulations spreadsheet... To say there is a lot of great content and information in this spreadsheet would be an understatement. This Rules and Regulations spreadsheet was compiled by a team of industry experts (all members of the DRJ EAB). 

The most recent update to this resource was in August 2012, and I thought it would be a good idea to write about different rules and regulations that you might not know about, have been recently amended or added or you might not fully understand. (Yes, this is me urging you to post comments about which rules and regulations you would like me to investigate and write about for you!) 

For the first look at the rules and regulations that impact everyone in the BC space, this post focuses on ISO 22301. 

 ISO 22301 

Here is the short summary of ISO 22301 from the bsigroup.com website: 

ISO 22301 is the new international standard for business continuity management. It has been created in response to strong international interest in the original British Standard BS 25999-2 and other regional standards. And if you meet the requirements to gain certification, your organization will be recognized globally. 

ISO 22301 identifies the fundamentals of a business continuity management system, establishing the process, principles and terminology of business continuity management. 

It provides a basis for understanding, developing and implementing business continuity within your organization and gives you confidence in business-to-business and business-to customer dealings. Use it to assure key stakeholders that your business is fully prepared and you can meet internal, regulatory and customer requirements. 

The standard provides organizations with a framework to ensure that they can continue operating during the most challenging and unexpected circumstances – protecting their staff, preserving their reputation and providing the ability to continue to operate and trade. 

What does this really mean? 

Essentially, this standard gives your organization the basis for identifying the threats facing your organization and how to withstand and be prepared for these threats. With ISO 22301 you have the tools to react proactively and be prepared for these threats. 

With this level of preparation and framework, your investors, colleagues, partners and brand have the confidence that your organization is prepared and ready to face threats and disaster head-on. 

ISO 22301 provides a formal business continuity framework and will help you to develop a business continuity plan that will keep your business running during and following a disruption. It will also minimize the impact so you can resume normal service quickly, ensuring key services and products are still delivered. 

How does it impact your business? 

We’ve written before in this space about how critical it is to be prepared for every level of threat - this includes natural disasters as well as normal day-to-day disruptions such as employee illness or loss of supply chain continuity. All of these can have a big impact on the success of your business and its ability to remain profitable. 

With ISO 22301 you have undergone the certification that proves, you are aware of and have identified these threats. The impact to your business being that your business is ready and prepared to react to threats and limit disruption. 

What do you need to tell your colleagues? 

A visit to the bsigroup.com website details a long list of benefits - so we’ll highlight a few here that stand out: 

Cost savings : You'll have the opportunity to reduce the burden of internal and external BCM audits, improve financial performance and reduce business disruption insurance premiums.

Business improvement: 
Certification requires a clear understanding of your entire organization which can identify opportunities for improvement. 

Continuous improvement : The certification process involves regular audits that ensure your management system is up to date. 

Maximize quality and efficiency : ISO 22301 provides a framework based on international best practice based around the 'Plan, Do' Check, 'Act' concept. 

As you know there is a very long list of reasons why your business needs to adhere to rules and regulations - and each rule and regulation has its own benefits. 

What is interesting with ISO 22301 is the impact it has on BS 25999-2: 

  • BS 25999-2 has been superseded by ISO 22301. 
  • BS 25999-2 should be withdrawn on November 1, 2012. 
  • Businesses can make a transition from BS 25999-2 to ISO 22301. 
  • BS 25999-2 certification remains valid during the transition to ISO 22301. 
  • Certifications and renewals for BS 25999-2 will end after May 2014. 

Next steps? 

Now that you have the basics of this new standard, it is time to sit down and really review the website, watch the webinars, and send your questions to talkingbusinesscontinuity@bsigroup.com

Make sure you review the recently updated DR Rules and Regulations spreadsheet - you can use this spreadsheet to quickly compare these rules and regulations and easily access more information. (And don’t forget to respond to this post and let us know about the rules and regulations you’d like us to take a closer look at.)