The organisation’s needs and necessities are highlighted during the establishment of BCM policies and objectives.
The main reason organisations adopt this standard is to develop and implement controls and measures that improve their ability to manage business disruptions. After the business continuity plan has been developed, organisations need to maintain it to ensure relevancy. The plan needs to be continually improved and adjusted as the environment changes with objective measurements.
Organisations aim to protect against/reduce the likelihood/respond to and recover from disruptive incidents when business is disrupted. This is achieved through planning, establishing, implementing and maintaining the BCMS. Although it is an international standard, all organisations’ BCMS will not be identical; the BCMS has to be designed according to the organisation’s needs.
(Refer to Chapter 4.5.2)
There are specific prerequisites before an organisation can start developing their BCMS. Firstly, the organisation understands the purpose and outcomes of developing a BCMS, so it must identify relevant internal or external aspects (ISO 22301, 2012) that affect these areas:
The organisation needs to identify what the BCMS covers (ISO 22301, 2012) within their organisation:
| Competency-based Course |
Certification Course | ||
Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.
Reference: Chapter 11 Appendix 1: ISO 22301
Note: This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.