ISO 22301 specifies the requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to help organizations protect against, respond to and recover from disruptive incidents when they arise. Either there are natural disasters or terrorism, or IT or environmental incidents, incidents happen all over the world. Although most of these incidents are minor, they can have a significant impact, which indicates that a business continuity management strategy is always necessary.
The requirements specified in ISO 22301 are generic and intended to be applicable to all organizations (or parts thereof), regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity.
This standard has been designed to assist companies in the implementation of a business continuity management system (BCMS) that is appropriate to its needs and meets its stakeholders’ requirements.
Advantages of the business continuity management system certification
- identify and manage current and future threats to your business;
- take a proactive approach to minimizing the impact of incidents;
- minimize downtime during incidents and improve recovery time;
- demonstrate resilience to customers, suppliers and for tender requests.
SRAC, as IQNet partner, offers Business Continuity Management certification systems.
Upon the certification process successfully completed, SRAC certified organizations:
- have the right to use SRAC and IQNet conformity marks for advertising purposes;
- are informed on the evolutions in the management systems domain and of the certification areas, by accessing SRAC websites, events organized by SRAC.
ISO 22301, the world’s first international standard for Business Continuity Management (BCM), has been developed to help organizations minimize the risk of such disruptions. This standard will replace the current British standard BS 25999.
ISO 22301 was developed so that compatibility with other management systems like ISO 9001 (quality management), ISO 14001 (environmental management) and ISO/IEC 27001 (information security management) etc. can be ensured, and this led to some differences of terminology by comparison to BS 25999-2.