ISO 22301 Business Continuity Management System

Nowadays hearing about terrorist attacks, disasters due to human fault but also due to nature’s revenge is an almost daily global phenomenon. Unfortunately, we cannot always control the magnitude of a disaster or prevent it from happening. However, with careful planning and proper preparation, it is possible to estimate the magnitude of the consequences that a potential disaster would bring, so as to limit the size of any loss to the minimum possible.

The frequent serious incidents of recent years have given the impetus to the International Community to create new methods and practices for managing such situations. To minimize the impact of such unfortunate incidents, the International Organization for Standardization (ISO) has issued a new standard for business continuity management. The ISO 22301 standard, entitled “Societal security — Business continuity management systems — Requirements”. The European Commission, recognizing the need to establish a European standard, adopted the said standard as European.

Business Continuity is defined as the strategic and tactical ability of an Organization to plan and respond to incidents or natural disasters, in order to continue its operations at an acceptable predetermined level. The term Business Continuity refers to all the organizational and technical measures, as well as the measures by which the necessary and appropriate personnel are ensured, so that immediately after the occurrence of a disturbance, the continuation of the main operational functions and, progressively, all the business operations.

Business Continuity Management is a holistic process that identifies potential threats/incidents to an Organization and their impact on its operations. The Business Continuity Management System provides the infrastructure on which the Organization’s operations are based in terms of their resilience to potential threats, while developing the ability to react immediately. The ISO 22301 standard is a valuable tool for all types of Organizations/services that can use it to improve their ability to handle crisis incidents.

After the development and implementation in the Organization of the Business Continuity Management System according to the ISO 22301 standard, the next phase of its evaluation and certification follows. Certification of an Organization’s Business Continuity Management System is the way of confirming that the Organization has implemented the system in accordance with the requirements of ISO 22301.