Contingency planning and disaster recovery were largely information technology-led responses to natural disasters and terrorism that affected businesses during the s and early s. There was a growing recognition, however, that this needed to become a business-led process and encompass preparing for many forms of disruption. In light of this, the discipline became known as business continuity management BCM. As governments and regulators began to recognize the role of business continuity in mitigating the effects of disruptive incidents on society, they increasingly sought to gain assurance that key players had appropriate business continuity arrangements in place. Similarly, businesses recognized their dependence on each other and sought assurance that key suppliers and partners would continue to provide key products and services, even when incidents occurred. In the UK, BS was introduced to provide a management systems standard to which organizations could obtain accredited certification for the first time.
|Published (Last):||3 June 2019|
|PDF File Size:||15.95 Mb|
|ePub File Size:||17.8 Mb|
|Price:||Free* [*Free Regsitration Required]|
Contingency planning and disaster recovery were largely information technology-led responses to natural disasters and terrorism that affected businesses during the s and early s. There was a growing recognition, however, that this needed to become a business-led process and encompass preparing for many forms of disruption.
In light of this, the discipline became known as business continuity management BCM. As governments and regulators began to recognize the role of business continuity in mitigating the effects of disruptive incidents on society, they increasingly sought to gain assurance that key players had appropriate business continuity arrangements in place.
Similarly, businesses recognized their dependence on each other and sought assurance that key suppliers and partners would continue to provide key products and services, even when incidents occurred. In the UK, BS was introduced to provide a management systems standard to which organizations could obtain accredited certification for the first time.
The new standard is the result of significant global interest, cooperation and input. ISO is a management systems standard for BCM which can be used by organizations of all sizes and types.
These organizations will be able to obtain accredited certification against this standard and so demonstrate to legislators, regulators, customers, prospective customers and other interested parties that they are adhering to good practice in BCM.
ISO also enables the business continuity manager to show top management that a recognized standard has been achieved. While ISO may be used for certification and therefore includes rather short and concise requirements describing the central elements of BCM, a more extensive guidance standard ISO is being developed to provide greater detail on each requirement in ISO ISO may also be used within an organization to measure itself against good practice, and by auditors wishing to report to management.
The influence of the standard will therefore be much greater than those who simply choose to be certified against the standard. This technical committee develops standards for the protection of society from, and in response to, incidents, emergencies and disasters caused by intentional and unintentional human acts, natural hazards and technical failures. Its all-hazards perspective covers adaptive, proactive and reactive strategies in all phases before, during and after a disruptive incident.
The area of societal security is multi-disciplinary and involves actors from both the public and private sectors. The committee has previously published the following standards and other documents:. At the time, many experts argued that their own national standard was best suited to be developed into an International Standard.
As this was clearly no way forward, all the major players were gathered to identify the similarities between the standards. A challenge with ISO has been the large number of national documents on the subject, which has caused difficulties in gaining agreement.
The committee was then ready to create a management system standard with requirements and intended for certification. Input from the national standards was used to develop the initial draft wordings and gradually refined to become a new document bringing together good practice from around the world.
Many others contributed to its development, showing the truly international interest and input involved. ISO is the second published management systems standard that has adopted the new high-level structure and standardized text agreed in ISO.
The standard is divided into 10 main clauses, starting with scope, normative references, and terms and definitions. ISO emphasizes the need for a well-defined incident response structure. This ensures that when incidents occur, responses are escalated in a timely manner and people are empowered to take the necessary actions to be effective.
Life safety is emphasized and a particular point is made that the organization must communicate with external parties who may be affected, for instance if an incident poses a noxious or explosive risk to surrounding public areas. The requirements for business continuity plans are laid out in Clause 8, too.
Quickly understood, user-focused documents are more suitable than the large, unwieldy documents suited to auditors. Smaller plans are therefore more likely to be needed than one large plan. A requirement not previously addressed in business continuity standards is the need to plan for a return to normal business. This simple requirement belies considered thought, as organizations must determine what to do once the initial emergency has been addressed.
The final subsection of section 8 covers exercises and tests, a key part of BCM. Tests are where some element of the business continuity arrangements is demonstrated to work a pass or not fail. For instance, it is possible to test if the generator will run by switching it on. An exercise may include tests, but is generally a more nuanced approach that simulates some aspect of responding to an incident.
This will usually include elements of training and building awareness of how to handle disruptive incidents with difficult and unusual characteristics, as well as finding out if processes work as expected. Exercises and tests are fundamental in ISO : it is only through structured exercises — which should stretch the individuals and teams involved — that an organization can achieve objective assurance that its arrangements will work as anticipated and when required. To work well, ISO will need organizations to have thoroughly understood its requirements.
Every line and word has meaning and the relative importance is not necessarily reflected by the number of words devoted to a topic. He is an experienced consultant in business continuity, ICT continuity and crisis management. Later, at Siemens, he developed and led a business continuity consultancy.
Want to get the inside scoop on standards, or find out more about what we do? Get in touch with our team or check out our media kit. This news belongs to our archive. Demonstrating good practice ISO is a management systems standard for BCM which can be used by organizations of all sizes and types. Stefan Tangen. Dave Austin. Elizabeth Gasiorowski-Denis. Business continuity management systems.
ISO [Withdrawn] Societal security. Emergency management. Technological capabilities. Press Contact. Journalist, blogger or editor? Keep up to date with ISO Sign up to our newsletter for the latest news, views and product information Subscribe.
Business continuity - ISO 22301 when things go seriously wrong
Online Exclusive — as published on drj. Zawada participated in the and meetings as a member of Working Group 4, the team charged with developing ISO , and There are numerous articles and conversations currently taking place regarding ISO and ISO Technical Committee TC in general — some based on fact, but many based on assumption and rumor. The purpose of this article is to provide updated information to help business continuity professionals better understand the ISO TC standards development efforts underway and when to expect final work product that can help your organization better prepare for disruption.
Business Continuity Management
Croner-i is a comprehensive knowledge and resource platform that enables professionals to stay ahead of change in their industry, with legislation, trends and best practice. Call to learn more. Tim McCarr examines the likely impact of a new international standard on business continuity management. Health and safety professionals have been either contributing to, or responsible for, leading business continuity management BCM since the discipline began building momentum in the early s.