BCM Institute | Blog

ISO22301 Update: What are the Non-Mandatory Documents?

Written by Goh Hua Wei | Feb 12, 2020 4:52:57 PM

Non-Mandatory Documentation

 
While Non-Mandatory implies that these documents are not strictly needed, they still serve as supporting pillars to a complete Business Continuity Management System (BCMS).
 
All the documents listed below, unless one belongs to a small organization, are commonly used, though not strictly required by the ISO22301 Standard.
Sample of Mandatory Documentation

ISO 22301 BCMS Standard Update: 2012 to 2019

 
Clause Document Name Description of Document
4.2.2 Procedure for identification of applicable Legal regulatory requirements Procedure for Legal Regulatory requirements
4.2.2 Procedure for identification of applicable legal and regulatory requirements Procedure for how to identify legal requirements
6.2 Implementation plan for achieving the business continuity objectives Plan detailing how to implement Business Continuity objectives
7.2/ 7.3 Training and awareness plan  Plan detailing training procedures for staff
7.5 Procedure for control of documented information Procedure for version of the document
8.1 Contracts and service level agreements (SLAs) with suppliers and outsourcing partners Documents detailing agreements with suppliers, vendors, and partners
8.2.1 Process for business impact analysis and risk assessment Document detailing how the BIA and RAR phase is conducted
8.2.2 Results of business impact analysis Conclusions drawn from the BIA phase
8.2.3 Results of risk assessment Conclusions drawn from the RAR phase
8.3.3 Strategies and solutions for business continuity  A list of Business Continuity Strategies to be employed in the event of a disruption
8.5 Incident scenarios A list of the various scenarios covered by the Business Continuity Plan
8.5 Exercise and testing plans A list of exercise and testing plans used for the Business Continuity Plan
8.5 Post-exercise reports Exercise Reports detailing what occurred during the planning, organization, and conduct of a Business Continuity plan exercise
8.6 Results of post-incident review Review detailing an incident
9.1.1 Methods for monitoring, measurement, analysis and evaluation Detailed procedures on how to evaluate a BCMS to see whether it is on par with ISO 22301 standards
9.2 Procedure for internal audit Document detailing the procedures on how to conduct an internal BCM audit
10.1 Procedure for corrective action Document detailing the procedure on how to go about implementing corrective actions for non-conformities in an internal audit

 

 

 ISO 22301 BCMS Standard Update: 2012 to 2019

Attend Our Latest Blended Learning [BL] BCM Courses


 Please feel free to send us a note if you have any of these questions
View full post