There are several steps which every organization should follow for successful implementation of ISO 22301:2012
At the organization level, we can't do anything without approval from top management. For successful implementation of ISO 22301, financial and technical approval needed from the top management. Top management doesn't approve anything without seeing any benefit from it. As an ISO 22301 implementer in the organization, your task starts from here to present the benefits of ISO 22301.
ISO 22301 is not only law or regulations, it is also the requirements in the agreements with your clients (e.g., SLAs). You have to list all of these requirements and define how to communicate with each of the stakeholders/interested parties.
Top management needs to create a policy which contained the rules and regulation of the business continuity. Top management needs to set up the objective which defines what is expected from the BCMS.
Define the dedicated team in the organization for implementation and maintenance of ISO 22301. Define roles and responsibilities of each team member for the project.
Business Impact analysis and risk assessment - Identify the business risk by disruptive incidents. You have to identify the recovery object time. It means how you can recover your business from the disruptive incidents.
Business continuity strategy - Make a strategy that how to achieve all the requirement of the ISO 22301 with the minimum level of investment.
Business continuity Plan - Defined the plan like the incident plan and recovery plan of the for the business continuity.
You need to make aware your all employees, clients, vendors, other stakeholders by giving them training and motivate them to follow the guidelines of ISO 22301 by giving some incentive like certification.
Only training is not sufficient for successful operation of any project. Test the ISO 22301 policy in the live environment. Do testing by creating a mock drill. Involve all the stakeholder including top management, client, vendor, etc.
If any incidents happened, do the post-incident review and check at what level and how fast you have recovered your business. You also find following things like - how people react, how ready they are, what improvements are needed in the plans, etc
Internal audit is a part of the performance evaluation. In the internal audit, the internal employee from the different department evaluated the requirement and check whether all the control implemented as per the ISO 22301 or not.
As per the findings of the internal audit, take necessary corrective action for non-conformances and area of improvement.
Successful implementation is not sufficient. You have to regularly monitor the all the process, procedures and documents of ISO 22301 to ensure that it is aligned with the business objective.
If your organization needed certificate to comply with the requirement of the client, go for third-party audit (certification audit). If any organization can't be able to allow a dedicated team for the implementation of ISO 22301, they can hire a third party organization for implementation of ISO 22301.
ISO 22301: 2012 works on PDCA Principle. It's applied to all the process and BCMS as a whole for continuous improvementRead More
There are several steps which every organization should follow for successful implementation of ISO 22301:2012Read More
In the event of business disruption due to unwanted incidents, BCMS helps to top management to perform impact analysis of disruptive incidents on businessRead More
Is business Continuity management means only IT disaster recovery?Read More
Praesent nec nisl a purus blandit viverra. Praesent ac massa at ligula laoreet iaculis. Nulla neque dolor, sagittis eget, iaculis quis, molestie non, velit. Mauris turpis nunc, blandit et, volutpat molestie, porta ut, ligula.