Emergency planning and disaster recovery were initially largely driven by information technology to address the natural disasters and terrorist threats that struck businesses in the 1980s and early 1990s.
However, it has become increasingly clear that the process to be established in this area should be handled by the company and encompass the means to guard against multiple forms of disruption. As a result, a new discipline, known as "Business Continuity Management" (BCM).
As they began to recognize this discipline's interest in mitigating the effects of disruptive incidents on society, governments and regulators sought assurances that key players were equipped with appropriate mechanisms To ensure business continuity. At the same time, aware of their interdependence, companies also wanted to be sure that their main suppliers and partners were always able to provide critical products and services even in the event of incidents.
There was therefore a need for a recognized benchmark for good practice in GCA, and several countries, including Australia, the United States, the United Kingdom and Singapore, established national standards on this issue. For example, the purpose of British standard BS 25999 was to help establish a business continuity management system and was the first to serve as a reference for accredited certification purposes.
When internationally active organizations have begun to push for the introduction of a single International Standard, Technical Committee ISO / TC 223, Social Security, has begun work on ISO 22301: 2012, Social Security - Managing Business Continuity - Requirements. This new standard, the result of significant global interest, is the culmination of collaborative work and contributions from around the world.
ISO 22301 is a management system standard for BCM that can be used by organizations of all sizes and types. Once their BCM system is in place, organizations have the opportunity to seek accredited certification of compliance with the standard to demonstrate compliance with BCM best practices to legislative and regulatory bodies, potential clients and other interested parties. At the company level, the person in charge of the BCM can, through ISO 22301, show his management that a recognized standard is indeed in place.
Because ISO 22301 is usable for certification purposes, the requirements that it specifies describe the essential elements of the SCM in a relatively short and concise manner. A more comprehensive guidance standard (ISO 22313) providing more detail for each requirement of ISO 22301 is in preparation.
ISO 22301 can also serve as a reference for the company to assess its situation in relation to best practices, and to auditors to report back to management. The interest of this standard is not, by far, limited to obtaining a certificate of conformity.
Understand and prioritize threats to your business through the International Business Continuity Standard. ISO 22301 specifies the requirements of a management system to protect the company from disruptive incidents, reduce their probability and ensure recovery.
Do not hesitate to contact our experts for any additional information, study and free calculation of an audit service.