In response to the recent COVID-19 outbreak, the International Organization for Standardization (ISO) has provided free access to some of its key standards supporting business continuity management, resilience, and risk management.
1 The Impact of ISO Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance We have all sat through presentations on How to Get and Keep Management Support for Your BCM Program. The problem is now solved. The new question becomes, How to Implement an Auditable and Internationally-Accepted Business Continuity Management System. Moving your business continuity program to a management system requires management commitment. It involves embedding business continuity management into the culture of the organization. It is the endgame. It is what we have been seeking. We finally have a standard method for BCM program development and improvement. We no longer need to rely on Consultant X s Patented Approach. We no longer have to discuss and argue about definitions. The vocabulary is defined. So how to you begin? 1. Learn about the standards. Buy them. Read them. Study them. Take classes on how to implement them. 2. Benchmark your current program against the requirements of the standards. What s missing? In what areas can you improve your program? 3. Use the guidance documents to guide you through the process (it s why they re there!) 4. Demonstrate to management how the implementation of the standard will increase the resilience of your organization. Learn About the Standards ISO 22301: Societal Security Business Continuity Management Systems Requirements is one standard that is part of a series of standards developed with the intention to, as defined in ISO 22312: Technical Specifications, work towards international standardization that provides protection from and response to risks of unintentionally, intentionally, and naturally-caused crises and disasters that disrupt and have consequences on societal functions. This series of standards address the public planning & response as well as private sector planning & response. The intent of ISO is to provide the structure for an organization to design a BCMS that is appropriate to its needs and that meets its interested parties requirements. Built upon the foundation of British Standard : 2007, it provides a framework for both BCM program development and improvement. If you are familiar with the requirements of BS you will note the following changes or modifications: New! Understanding of the Organization and its Context It is important for the cornerstone of the BCMS to be built upon an understanding of what internal and external factors should be taken into consideration when evaluating risk management and the requirements of interested parties. Terminology has been changed from key stakeholder to interested parties. Determining the Scope of the System Organizations must now document and explain exclusions from the scope of the BCMS.
Bs Iso 22313 Pdf Free
4 The following sections included in ISO do not vary significantly in intent or requirements from BS although they may be found organized differently between the two standards: Legal and regulatory requirements Policy Documented information Awareness Exercising and Testing Performance Evaluation, Continuous Improvement, Audit with the exception that ISO does not include the requirement for preventive actions. Benchmark your current program against the requirements of the standards. What s missing? In what areas can you improve your program? This is where the real work begins. Certifying Bodies often report that 90% of the time and resources required for a certification audit is in the preparation for the audit and not the audit itself. Don t underestimate the time it will take to bring your organization into conformance with a standard. But the upside is, it gives you specific program improvement goals and objectives that should provide for an annual budget. Use the guidance documents to guide you through the process (it s why they re there!) Yes, each standard and the guidance documents cost money. You can find out the exact cost by visiting ISO 22300: Societal Security - Terminology: Use this as a reference for how the world is going to be using terms related to business continuity in the future. Consider the need to modify and update how your organization defines terms and the relevance of aligning to international standards (or not). ISO 22313: Societal Security Business Continuity Management Systems Guidance: A great resource for how to interpret the requirements of ISO Kind of like having a teacher s guide for the standard. This document is also utilized by Certifying Bodies as a reference document for understanding the requirements. ISO 22398: Societal Security Exercises and Testing - Guidance: Learn how to manage your testing and exercise program. Why are tests pass or fail and exercises a demonstration improvement of the system? Activities are organized as discussion-based or operationally-based. Includes great Annexes with examples of how to do everything from create a scenario to how to evaluate the exercise itself. Demonstrate to management how the implementation of the standard will increase the resilience of your organization This is really where the rubber meets the road or how you can gain traction. Sometimes program leadership is not interested in aligning their customized and internally created program to a management system. The argument is made that if they tell senior management that changes need to be made that they will question the quality of the current program.
ISO 22313:2020 gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice. 2ff7e9595c
Comments