Cybersecurity Series
Cyber Security_Blog_with Book

Appendix 1: ISO 22301

ISO 22301 (ISO 22301, 2012) covers how organisations set up and manage their Business Continuity Management Systems (BCMS). The organisation’s needs and necessities are highlighted during the establishment of BCM policies and objectives.

Reference: Chapter1 1 Appendix 1: ISO 22301

Moh Heng Goh

What is ISO 22301?

ISO 22301 (ISO 22301, 2012) covers how organisations set up and manage their Business Continuity Management Systems (BCMS). The organisation’s needs and necessities are highlighted during the establishment of BCM policies and objectives.

The main reason organisations adopt this standard is to develop and implement controls and measures that improve their ability to manage business disruptions. After the business continuity plan has been developed, organisations need to maintain it to ensure relevancy. The plan needs to be continually improved and adjusted as the environment changes with objective measurements.

Organisations aim to protect against/reduce the likelihood/respond to and recover from disruptive incidents when business is disrupted. This is achieved through planning, establishing, implementing and maintaining the BCMS. Although it is an international standard, all organisations’ BCMS will not be identical; the BCMS has to be designed to fit according to the organisation’s

1. Organisational Context

There are specific prerequisites before an organisation can start developing their BCMS. Firstly, the organisation understands the purpose and outcomes of developing a BCMS, so it must identify relevant internal or external aspects (ISO 22301, 2012) that affect these areas:

  • Operations/Business Functions;
  • Partnerships;
  • Supply Chains;
  • Relationships with stakeholders;
  • Potential Impacts associated with business disruptions;
  • Aligning business continuity policies with the organisation’s objectives and other policies; and
  • Risk Appetite.

2. Scope

The organisation needs to identify what the BCMS covers (ISO 22301, 2012) within their organisation:

  • Parts of the organisation to be included (Departments, Employees, Facilities, etc.);
  • Requirements of the BCMS according to the organisation’s needs and business objectives;
  • Products/Services offered and their respective business functions to produce/provide them;
  • Requirements of stakeholders (customers, suppliers, public, etc.); and
  • Realistic scope with size, nature and complexity of organisation taken into consideration.


BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter1 1 Appendix 1: ISO 22301

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

Comments

More Posts

New Call-to-action