Cyber-attacks, IT failures, natural disasters, pandemics or the loss of skilled staff are only some of the business disruptions that can have an impact on organisations of any size and in any location. Every organisation needs to develop a Business Continuity Plan to ensure its business operations can continue, no matter what the disruption is. Consistent preparation on how to react when disaster strikes mean a more effective response and a speedier recovery. This management system was created to allow organisations to understand the amount and type of impact it is willing to handle following a disruption.
ISO 22301:2019 Security and Resilience – Business Continuity Management System was the world’s first International Standard for implementing operative Business Continuity plans, systems, and procedures when it was published in 2012. It was revised in 2019 to bring it up to date for best practice. The latest version of ISO 22301:2019 does not contain new requirements, however, it is now more clearly formulated, and the terminology has been modified for better understanding. It places a much greater emphasis on goal setting, performance evaluation and monitoring as well as the link between business continuity and the strategic approach from top management.
ISO 22301:2019 is based on the High-Level Structure (Annex SL) which is a shared framework for all new management system standards and aligns with many other internationally recognised standards such as ISO 9001:2015 Quality Management System and ISO 14001:2015 Environmental Management System. It makes the process easier for organisations to incorporate their Business Continuity Management System into their core business procedures. It ensures an increase in productivity and guarantees more involvement from top management. The Business Continuity Management System can be scaled to the size and complexity of an organisation to make it suitable for SME’s, and large establishments alike.
The Plan-Do-Check-Act (PDCA) model is one of the main operating principles of ISO 22301:2019. It is applied to all processes within the organisation and the Business Continuity Management System as a whole for continuous improvement. It is structured as follows:
- Plan – Understand the external context of the organisation and the needs of interested parties. Identify the risks and opportunities. Establish the objectives and resources required.
- Do – Implement what has been planned from a new Business Continuity Management System down to all small process changes.
- Check – Monitor and measure the effectiveness of the Business continuity management system and test all business continuity plans while monitoring and reviewing the outcomes.
- Act – Take action where necessary based on monitoring, measuring and other facets for action.
The PDCA model is an example of a closed-loop system. This means that knowledge gained from the ‘Do’ and ‘Check’ stages are used to inform the ‘Act’ and ‘Plan’ stages. In theory, this is recurring, however, it is more of an upward spiral as the knowledge gained moves you forward each time you go through the process.
What is challenging about the ISO 22301:2019 Business Continuity Management System is that it comes into action very rarely whereas Quality Management Systems are implemented into the organisation’s daily operations. A Business Continuity Management System is usually only fully brought into action when a disturbance occurs. This means that there needs to be a Business Continuity Plan (BCP) test or drill conducted, as well as periodic reviews of the system, its policies and its procedures to ensure it remains aligned to a changing environment and organisation.
WWISE can offer a helping hand with our ISO 22301:2019 Business Continuity Management System Awareness training. This course provides an organisation with the necessary skills required to prepare for any risk or disruptions in their market. After completing this course, the following benefits can be applied to your organisation:
- Improved flexibility for your organisation to change.
- Improve your organisation’s productivity after any change.
- Reduce the initial downtime by being more effective and prepared.
- Have a structured risk management plan for your organisation.
- Increased performance of service delivery.
Whether you are new to Business Continuity Management or looking to enhance your current ISO Management System, we have the right resources, consultants and training courses to help you implement ISO 22301:2019. Our support however does not stop there. We can ensure that your management system keeps on delivering the best results for your organisation.
WWISE creates excellence by driving the success of our clients through ISO standards. We help organisations to embed resilience, helping them to cultivate sustainably, adapt to any change, and thrive for the long term. When it comes to quality, is perception reality?