Cyber Security_Blog_with Book

CIR Standards ISO22301

This article introduces ISO 22301 and covers how an organisation sets up and manages its Business Continuity Management System (BCMS).

Reference: Chapter 11 Appendix 1: ISO 22301

Moh Heng Goh

Banner 3 ISO Standards for CIRCIR Related Standards

ISO 22301

1. Introduction

New call-to-actionISO 22301 (ISO 22301, 2012) covers how an organisation sets up and manages its Business Continuity Management System (BCMS).

The organisation’s needs and necessities are highlighted during the establishment of BCM policies and objectives.

The main reason organisations adopt this standard is to develop and implement controls and measures that improve their ability to manage business disruptions. After the business continuity plan has been developed, organisations need to maintain it to ensure relevancy. The plan needs to be continually improved and adjusted as the environment changes with objective measurements.

Organisations aim to protect against/reduce the likelihood/respond to and recover from disruptive incidents when business is disrupted. This is achieved through planning, establishing, implementing and maintaining the BCMS. Although it is an international standard, all organisations’ BCMS will not be identical; the BCMS has to be designed according to the organisation’s needs.

(Refer to Chapter 4.5.2)

1.2 Organisational Context

There are specific prerequisites before an organisation can start developing their BCMS. Firstly, the organisation understands the purpose and outcomes of developing a BCMS, so it must identify relevant internal or external aspects (ISO 22301, 2012) that affect these areas:

  • Operations/Business Functions;
  • Partnerships;
  • Supply Chains;
  • Relationships with stakeholders;
  • Potential Impacts associated with business disruptions;
  • Aligning business continuity policies with the organisation’s objectives and other policies; and
  • Risk Appetite.

1.3 Scope

The organisation needs to identify what the BCMS covers (ISO 22301, 2012) within their organisation:

  • Parts of the organisation to be included (Departments, Employees, Facilities, etc.);
  • Requirements of the BCMS according to the organisation’s needs and business objectives;
  • Products/Services offered and their respective business functions to produce/provide them;
  • Requirements of stakeholders (customers, suppliers, public, etc.); and
  • Realistic scope with size, nature and complexity of organisation taken into consideration.

 

BCMI Logo

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
 Certification Course
New call-to-action New call-to-action [BL-3-Catalog] What Specialist Level Blended Learning Courses that are Available? [BL-5-Catalog] What Expert Level Blended Learning Courses that are Available?

A Manager’s Guide to BCM for Cybersecurity Incident Response

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 11 Appendix 1: ISO 22301 

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.

 

 

Comments:

 

More Posts

New Call-to-action
BCMIWhiteLogoSmall.png
All rights reserved. Copyright 2024