This perspective is the seventh in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process. Continue reading
Although plan documentation isn’t the only business continuity planning outcome, and absolutely should not be the sole focus during a program assessment, it’s certainly an important one. Plans are one of the first things customers and auditors ask to review because these documents should summarize the response and recovery approach used by the business following the onset of a disruptive incident, as well as a summary of the resources needed to deliver products and services. If asked to evaluate a plan, what’s the best approach, and what elements and content should you expect to see? The purpose of this perspective is to outline a simple, straightforward plan assessment approach. Continue reading
This perspective is the sixth in a series to discuss key elements of the ISO 22301 business continuity management system, including value-adding elements of the standard or requirements that could “trip up” an organization during the certification process.
Today we’re going to take a look at ISO 22301’s requirements for the establishment of an early warning network. Continue reading
The management system approach to business continuity requires a culture of continual improvement in business continuity programs. One of the key steps in facilitating continual improvement is to regularly evaluate existing business continuity procedures. This perspective takes a closer look at Clause 9.1.2, ISO 22301’s requirement for evaluation of business continuity procedures. Continue reading
This perspective takes a look at Clause 9.2, ISO 22301’s requirement for internal audit, defined as an independent assessment that provides management with feedback regarding the performance of the management system. The content found in this perspective is specifically based on lessons learned from our ISO 22301 certification audit (which Avalution completed successfully in the Spring of 2013). Continue reading
This perspective takes a look at ISO 22301’s requirement for documentation, which includes documented processes and procedures, as well as evidence of business continuity planning execution. The content found in this perspective is specifically based on lessons learned from our ISO 22301 certification audit (which Avalution completed successfully in the spring of 2013). Continue reading
This perspective takes a look at one element of Clause 9.3, the management review (a process that Avalution feels is one of the most valuable elements of ISO 22301). Continue reading
ISO 22301 is the first standard to employ the new ISO format for management systems standards, which involves a considerable amount of “templatized” management system content across ten clauses. Because this format, language, and many of the requirements are new to most business continuity professionals, it’s important to review and consider the intent associated with some of the content and concepts. Continue reading
Today we announced the release of a new white paper, Implementing ISO 22301: The Business Continuity Management System Standard, co-authored by Brian Zawada, Avalution’s Director of Consulting and the Chairman and Head of U.S. Delegation to ISO Technical Committee 223 (the group charged with developing ISO 22301), and Greg Marbais, a Consultant at Avalution. Continue reading
Similar to other management systems standards, ISO 22301 is based on the ‘Plan-Do-Check-Act’ model that seeks to improve – in a continual manner – the effectiveness of the organization’s performance through proficient planning, implementation, supervision, review and maintenance.
As such, it is only proper that we discuss the relationship of ISO 22301 with other management systems standards. The following summary offers a high-level comparison between ISO 22301 and another widely-adopted management systems standard, British Standard (BS) 25999-2 (2007). Continue reading