logo
logo
AI Products 

How to Structure a Business Continuity Plan According to ISO 22301 Standard?

avatar
Punyam
How to Structure a Business Continuity Plan According to ISO 22301 Standard?

The universal standard for Business Continuity Management (BCM) is ISO 22301. The ISO 22301 standard, which is available from the International Organisation for Standardisation, was created to assist organizations in preventing, preparing for, responding to, and recovering from unanticipated and disruptive crises. To do this, the standard provides a helpful framework for setting up and running a fruitful business continuity management system. The objective of ISO 22301 is to protect an organization against a variety of potential risks and disturbances.


The achievement of the standard's requirements and a company's dedication to business continuity are both attested to by an ISO 22301 certificate. Is it, however, required? The decision to become certified to ISO 22301, like certification to all other ISO standards, is one that the organization makes on its own. There are regulations regulating ISO 22301 certification in several nations, nevertheless, and in some economic sectors. Energy, finance, public transport, and logistics are a few examples of such sectors. Moreover, as was already said, businesses can gain a lot from implementation and certification by a third party after the assessment.

The ideal format for a business continuity plan for smaller and midsize businesses is shown below, along with the contents of each section:


  • Purpose, scope, and users – Why this plan is created, its goals, which parts of the organization it covers, who should read it, and more.
  • Reference documents – Which ISO 22301 documents are this plan related to? These are often Business Continuity BCMS Policy, Business Impact Analysis, Business Continuity Strategy, and so on.
  • Assumptions – The conditions that must be met for this approach to work.
  • Roles and responsibilities – Who will be accountable for managing the disruptive incident, and who is authorized to execute particular tasks in the event of a disruptive incident, such as plan activation, urgent purchases, media communication, etc?
  • Key contacts – Contact information for those who will be involved in the implementation of the business continuity plan - often found in one of the plan's annexes.


Structure of a Business Continuity Plan (BCP) by ISO 22301

  • Plan activation and deactivation – In what circumstances, and how, can the plan be activated? In what circumstances, and how, can the plan be deactivated?
  • Communication – During the disruptive occurrence, which communication methods will be utilized between different teams and with other interested parties? Who is responsible for talking with each interested party, and what are the unique regulations for dealing with the media and government agencies?
  • Incident response – How to respond right away to an incident to minimize harm - This frequently serves as the main plan's annex.
  • Physical sites and transportation – What are the assembly locations, where are the primary and alternative sites, and how do They get from one to the other?
  • Order of recovery for activities – The whole list of tasks, together with the Recovery Time Objectives (RTO) for each.
  • Recovery plans for activities – These are frequently appended to the main plan and provide a detailed description of the steps involved in recovering manpower, facilities, infrastructure, software, information, and procedures, as well as the interdependencies and interconnections with other activities and external interested parties. See How to develop business continuity plans for additional information.
  • Disaster recovery plan – Usually, the infrastructure for information and communication technologies is the main emphasis of this type of recovery strategy.
  • Required resources – A list of all the personnel, third-party facilities, infrastructure, data, tools, etc. required to carry out the recovery, along with details on who is in charge of providing each one.
  • Restoring and resuming activities from temporary measures – When the disruptive incident has been resolved, how to return business operations to normal.


collect
0
avatar
Punyam
guide
Zupyak is the world’s largest content marketing community, with over 400 000 members and 3 million articles. Explore and get your content discovered.
Read more