Business Continuity Management (ISO 22301)
Why the organisation needs to improve their business continuity management?
- Risk-based thinking, i.e. to buildup the capability to response and effectively recovery from incident
- IT service compliance with industrial legislation,, i.e. banking or financail services, emergency help desk
- Legal compliance, i.e. utility services, public infrastructure...
- Government regulation for IT service provider, i.e. telecommunication, financial, healthcare...etc.
- Contractual requirements, i.e. supply chain, supplier contract, service level agreement (SLA)
- Social responsibilities, common practice for business and service continuity management
- Technically sounds and effective, i.e. recovery procedures, BCP exercise and testing
- Market competition, i.e. competitor
Critical success factors
- Business continuity policy, objectives, and activities that reflect business objectives;
- An approach and framework to implementing, maintaining, monitoring, and improving business continuity that is consistent with the organizational culture;
- Visible support and commitment from all levels of management;
- A good understanding of business continuity requirements;
- Effective marketing of business continuity and management to all managers, employees, and other parties to achieve awareness;
- Distribution of guidance on business continuity policy and standards to all managers, employees and other parties;
- Provision to fund business continuity and improvement activities;
- Providing appropriate awareness, training, and education;
- Establishing an effective business continuity, incident and problem management process;
- Emplementation of a measurement system that is used to evaluate performance in business continuity management and reporting suggestions for improvement.
Starting Point of Business Continuity Management
Considered to be essential to an organization from a legal, legislative point of view include, depending on applicable legislation:
- business objectives
- compliance with industrial and legislation requirements
- fulfills service level agreements (SLA)
Considered to be common practice for managing business continuity include:
- Business/Organisational risk analysis according to risk management principal (ISO 31000)
- Selection and define the BCMS implementation scope
- Business continuity policy and objectives
- Plan, preparation and perform Business Impact Analysis (BIA)
- Prepare recovery procedures and resources
- Backup and redundancy
- Incident response management
- Prepare, exercise and testing Business Continuity Plans (BCPs)
- Post review and improve the BCP
- Supplier audit(s)
- Internal audit(s)
- Management review
Learn how to manage business continuity with our experts.
The international standard ISO 22301 sets out the requirements to establish, implement and continually improve a business continuity management systems (BCMS) for the organisation.
Base on BCMS (ISO 22301) family of standards, we are offering a serious of training programmes to help you to understand WHAT are the requirements, know HOW TO how to plan and implement a BCMS, and capability of audit.