ISO22301

ISO22301: A Pocket Guide

TONY DREWITT
Copyright Date: 2013
Published by: IT Governance Publishing
Pages: 53
https://www.jstor.org/stable/j.ctt5hh556
  • Cite this Item
  • Book Info
    ISO22301
    Book Description:

    ISO22301: A Pocket Guide is designed to help you do what is necessary to satisfy the requirements of ISO22301, the latest international standard for Business Continuity Management (BCM). With the expert advice contained in this guide, you can ensure your organisation develops a business continuity plan that is fit for purpose.

    eISBN: 978-1-84928-481-3
    Subjects: Technology

Table of Contents

  1. Front Matter
    (pp. 1-4)
  2. Table of Contents
    (pp. 5-5)
  3. INTRODUCTION
    (pp. 6-8)

    This pocket guide is intended to meet the needs of two groups:

    1 Individual readers who have turned to it as an introduction to a topic that they know little about

    2 Organisations implementing, or considering implementing, a business continuity plan and management system.

    In either case, this guide furnishes readers with an understanding of the basics of business continuity, including:

    A definition of what business continuity means.

    How managing operational business continuity risk can be achieved using an approach increasingly recognised worldwide.

    The important distinction between operational, commercial and strategic risks in business.

    The role played by operational resilience...

  4. CHAPTER 1: BUSINESS CONTINUITY – WHAT’S THAT?
    (pp. 9-15)

    In any organisational endeavour, be it a business, a public body or a not-for-profit organisation, the basic premise is that it does what it does without being interrupted by unforeseen factors. In order to do this, all organisations must continue to have available to them all of the resources and services upon which they depend, and must be allowed to continue doing what they do.

    As they evolve, most businesses and other organisations acquire the resources upon which they depend. If any of these critical resources are lost or are taken away, the organisation is likely to find itself in...

  5. CHAPTER 2: BEFORE BCM
    (pp. 16-18)

    It is in the nature of any new discipline that assumptions tend to be made about what the new ‘thing’ is, and whether it is necessary or whether it is just another version of something else.

    Historically, people involved with running organisations tended to implement risk controls on anad hocand intuitive basis, responding to changing systems, rather than systematically. Locking doors, for instance, only became common when social change meant that a growing number of people were actually likely to walk into somebody else’s house or place of business and steal things.

    The genesis of business continuity arguably...

  6. CHAPTER 3: THE BUSINESS CONTINUITY MANAGEMENT SYSTEM
    (pp. 19-21)

    Chapter 1 refers to the key deliverable of business continuity planning as a business continuity plan that actually works. Every organisation should satisfy itself that its BCP is fit for purpose otherwise the investment in developing the plan will have been wasted.

    The BCMS is designed to ensure that the plan is, indeed, fit for purpose. It does this by:

    Understanding and analysing the business recovery requirements, so that the impact resulting from an incident or interruption is properly understood and balanced across the organisation.

    Identifying and planning the resources that would be required in the worst possible situation, and...

  7. CHAPTER 4: ISO22301 – BCMS - REQUIREMENTS
    (pp. 22-40)

    Similar to other standards, ISO22301 devotes its first three sections to Scope, Normative References and Terms & Definitions. The remaining seven sections are summarised as follows:

    What the organisation does and the potential impact of disruptions

    Relationship with other policies and wider risk management

    Contractual and other requirements

    Who the interested parties are

    Scope of the management system

    The standard definitely pushes the boundaries of trust in organisational managers; it is ever so slightly obsessive about repeatedly analysing and documenting what the organisation does. What used to be covered in the ‘understanding the organisation’ section of BS25999 is now split between...

  8. CHAPTER 5: CERTIFICATION
    (pp. 41-42)

    As with many other management system standards, there is a scheme that can be used by organisations to demonstrate their compliance with the new international standard for business continuity management.

    The certification process involves an external audit conducted by an accredited external certification body.

    Certification schemes exist for a number of management system standards such as ISO9001 and ISO27001. Accredited certification schemes are managed in the UK by the United Kingdom Accreditation Service (UKAS) and it would generally be unwise to secure certification from a ‘certification body’ that is not accredited by UKAS, or by another national accreditation body.

    At...

  9. CHAPTER 6: TERMINOLOGY
    (pp. 43-48)

    The following definitions⁸ are, unless otherwise specified, taken from ISO22301:2012. A number of the definitions are further supplemented by notes, and the reader should turn to a copy of the standard itself for that information.

    Activity – process or set of processes undertaken by an organisation (or on its behalf) that produces or supports one or more products or services.

    Audit – systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled.

    Business continuity - capability of the organisation to continue delivery of products or services...

  10. ITG RESOURCES
    (pp. 49-53)