ISO 22301 is an International Standard that focuses on Business Continuity. You can use ISO 22301 working methods to identify potential risks to your business therefore allowing you to make a plan should the worst happen. Organisations with effective plans are less likely to experience disruptions to the smooth running of the business because they are prepared for potential problems.
The topics discussed in ISO 22301
ISO 22301 has a strong emphasis on leadership, therefore top management should be involved in the creation and maintenance of a business continuity plan.
Business Continuity Management forms part of an organisation’s over-all Risk Management Programme. The standard addresses risks and opportunities related to the Business Continuity Management System.
You would not be able to plan for every disruptive event that could occur, but you can identify many risks. Business Impact Analysis is a tool to identify the important products/services your business needs to deliver to your customers. You can then identify activities and processes which support the delivery of those products/services.
Your organisation's best strategy may be a mixture across different products/processes. You can assess the Maximum Tolerable Period of Disruption (MTPD) for your business. Your organisation can set Recovery Time Objectives (RTO) as part of Business Continuity Management.
Planning your organisation's response to an incident is important. This includes the roles and responsibilities of those involved. Recovery plans are often the main focus of Business Continuity Programmes, and should form part of the over-all framework.
Plans can be department or team specific. They should be tested and exercised to ensure that they are effective when needed. Many lessons can be learned from testing your plan and this helps to drive the continual improvement, and over all awareness of Business Continuity Management in the organisation.
All staff should be included in the business Continuity Management plan at a level appropriate to their role. We can help you achieve this through a training programme tailored specifically to your organisation.
For an example of a basic online course see https://digital.lorators.com/courses/iso-22301-awareness-course-employees/