What is ISO 22301?
The international Societal Security standard, ISO 22301, carries on from the British standard for Business Continuity Management, BS 25999.
Business continuity management (or societal security, as it is named in the ISO 22301 standard) is a global term covering all the systems, operating controls and measures an organisation should have in place for managing its overall business continuity risks, i.e. managing how you would carry on working in as seamless a manner possible in the event of a disruptive incident, such as fire, flood, systems failure, fraud, industrial espionage or even terrorist type actions.
In the event of an incident occurring, non-existent or bad planning for it can result in disruption to your ability to provide goods or services, stress or injury to people on your premises and damage to your reputation. But with the correct approach, you may even turn a crisis into an opportunity and enhance your reputation and future success.
ISO 22301 is an internationally accepted standard providing a structured, systematic approach to the introduction and maintenance of effective business continuity management. It uses Plan-Do-Check-Act methodology, like many of the ISO management system standards and is founded on the key steps of the business continuity life-cycle (see above). It has been designed to be similar in structure to other ISO management system standards, which ensures that all of these standards can easily be integrated by users.
What are its benefits?
- gives a greater chance of surviving a major incident – there is significant evidence to suggest that a high proportion (up to 80%) of businesses never recover from a major incident, yet revenues, market share, image and reputation can all be protected if you respond well
- helps ensure continuity of supply – maintaining the delivery of goods or services during or immediately following a major incident will enhance your reputation and significantly strengthen customer loyalty (don’t forget too that your own suppliers need to be just as good in this area!)
- helps ensure compliance with legislation – if you are a “level 1 responder” (e.g. emergency services, local government) the Civil Contingencies Act requires you by law to have in place measures to deal with incidents, which also allows these organisations to pass on the requirements to their suppliers
- creates potential to lower insurance premiums – whilst insurance is available to a certain extent for specific risks, premiums often take account of how much you have done yourself to limit the risk of any damage you may later claim for. By being able to demonstrate you have a sound business continuity management system (e.g. by gaining ISO 22301 accreditation) you may well be able to negotiate lower premiums
How we can help you implement and maintain it
Our business continuity management experts can undertake the initial business impact analysis and risk assessment for your organisation and help you to determine an appropriate strategy and response to any potential incidents, followed by – quite crucially – helping you to test and exercise your plans to see if they really work in practice. We can also help if you wish to go through the full certification route and achieve ISO 22301. We have a wealth of experience in
- assisting organisations to undertake business impact analysis, create business continuity plans and implement business continuity management systems
- integrating business continuity management approaches into operational and strategic planning processes
- exercising bespoke scenarios to test organisational business continuity plans
- security planning and security awareness training
- training organisations in the requirements of business continuity management and the BS 25999/ISO 22301 standard
- utilising risk management frameworks based on the EFQM Excellence Model and ensuring compliance to organisational systems
- running networking groups to share business continuity best practice
- supporting management teams through the ISO certification process – we only work with certification bodies approved by UKAS * or, outside of the UK, members of the International Accreditation Forum (IAF)
- conducting readiness reviews/gap analysis in preparation for certification audits
*Why use a certification body accredited by UKAS or IAF to certify your quality management system? See related links to the right on why this matters.
Ask The Expert
Related pages and links
How not to choose a certification body unfit for purpose
If the body awarding your certification is not itself operating to internationally recognised standards, you could find yourself implementing something of no real value to your organisation. UKAS and its overseas equivalents (only one per country) are appointed by Government to help you avoid this potential pitfall.
Each country’s Government appointed accreditation body is a member of the International Accreditation Forum (IAF).
Example of an excellent piece of business continuity management
Would you survive if disaster struck? Click here to see how United Airlines managed it.