WHAT IS THATThe ISO 22301 standard “ Security and resilience — Business continuity management systems — Requirements” provides a series of requirements to effectively implement and manage a Business Continuity Management System.
KEY POINTSThrough the "Plan Do Check Act" approach shared with other management systems, the standard proposes an approach to business continuity starting from the needs of the interested parties, proposing a Business Impact Analysis (BIA) to support adequate risk management.
The second edition of the ISO 22301 standard, issued in 2019, is updated compared to the previous version of 2012 for the following aspects:
- ISO requirements for management system standards, developed since 2012, have been applied
- some requirements have been clarified, without adding new ones
- the specific requirements of the "business continuity" framework now fall almost entirely under point 8
- point 8 has been restructured to provide a clearer understanding of the key requirements
- A number of terms specific to the business continuity framework have been changed to improve clarity and to reflect current thinking
- Achieve adequate confidence to ensure business continuity of the Organization by implementing, maintaining and improving a management system to protect, mitigate, prepare for, respond to and recover from destructive events.