Business Continuity Management Systems

Business Continuity Management Systems

The ISO 22301 standard is one amongst the range of business continuity management systems standards.



Nature of the standard

The standard is a replacement of the BS 25999-2 standard. The BS 25999-2 was the leading business continuity standard before this replacement. The replacement standard was first published by the BSi Draft Review website last year. The standard comes with a number of changes.

The standard is called “Societal security – Business continuity management systems – Requirements.”  ISO notes that it is expected to deal with standardization in the area of societal security. That means enhancing crisis management and business continuity capacities. Organizations will do this through enhanced technical, human, company and functional cohesion.  It also retains most of the basic principles of its predecessor standard.

Contents of the standard

The standard contains components such as business impact analysis, risk assessment, continuity strategy, continuity policy, continuity options, continuity plans and exercising and testing amongst others. Nevertheless, aspects such as business impact analysis are further broken down for precision. Some parts have been broken down to refine them and make implementation more precise.

The standard also features more detailed sections, for instance parts on communication. Other parts of the standard include management aspects such as document control, internal audit, management review, corrective and preventive actions, human capital management amongst others. However, these aspects of the standard can also be found in other similar or related management standards.

Plan-Do-Check-Act (PDCA) model

The standard’s PDCA model retains most of the clarity of its earlier predecessors. It outlines the implementation of the recommendations of the standard in a logical manner. Unlike its counterpart, the standard puts more emphasis on objectives setting, monitoring, performance and metrics. The whole purpose of this is to bring business continuity management closer to top management. It is meant to align the standard and its implementation with the “management way of thinking.” As such, management has clear requirements on them outlined in one section.