Cyber Security

CIR Standards ISO22301

Written by Moh Heng Goh | Nov 27, 2022 3:08:01 PM

CIR Related Standards

ISO 22301

1. Introduction

ISO 22301 (ISO 22301, 2012) covers how an organisation sets up and manages its Business Continuity Management System (BCMS).

The organisation’s needs and necessities are highlighted during the establishment of BCM policies and objectives.

The main reason organisations adopt this standard is to develop and implement controls and measures that improve their ability to manage business disruptions. After the business continuity plan has been developed, organisations need to maintain it to ensure relevancy. The plan needs to be continually improved and adjusted as the environment changes with objective measurements.

Organisations aim to protect against/reduce the likelihood/respond to and recover from disruptive incidents when business is disrupted. This is achieved through planning, establishing, implementing and maintaining the BCMS. Although it is an international standard, all organisations’ BCMS will not be identical; the BCMS has to be designed according to the organisation’s needs.

(Refer to Chapter 4.5.2)

1.2 Organisational Context

There are specific prerequisites before an organisation can start developing their BCMS. Firstly, the organisation understands the purpose and outcomes of developing a BCMS, so it must identify relevant internal or external aspects (ISO 22301, 2012) that affect these areas:

  • Operations/Business Functions;
  • Partnerships;
  • Supply Chains;
  • Relationships with stakeholders;
  • Potential Impacts associated with business disruptions;
  • Aligning business continuity policies with the organisation’s objectives and other policies; and
  • Risk Appetite.

1.3 Scope

The organisation needs to identify what the BCMS covers (ISO 22301, 2012) within their organisation:

  • Parts of the organisation to be included (Departments, Employees, Facilities, etc.);
  • Requirements of the BCMS according to the organisation’s needs and business objectives;
  • Products/Services offered and their respective business functions to produce/provide them;
  • Requirements of stakeholders (customers, suppliers, public, etc.); and
  • Realistic scope with size, nature and complexity of organisation taken into consideration.

 

Do You Want to Continue BCM Training onsite or online?

Competency-based Course
Certification Course

Goh, M. H. (2017). A Manager's Guide to Business Continuity Management for Cyber Security Incidents, 2nd Edition. GMH Pte Ltd.

Reference: Chapter 11 Appendix 1: ISO 22301 

Note:  This version was the draft 2nd Edition being updated in 2023. The numeric in the square bracket [X-X] cross-refers to the actual chapter and section in the 1st Edition.