ISO 22301:2019 Security and resilience — Business continuity management systems

The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational and industry requirements, products and services provided, processes employed, size and structure of the organization, and the requirements of its interested parties.

A BCMS emphasizes the importance of:

a) understanding the organization’s needs and the necessity for establishing business continuity policies and objectives

b) Operating and maintaining processes, capabilities and response structures for ensuring the organization will survive disruptions

c)Monitoring and reviewing the performance and effectiveness of the BCMS;

d)continual improvement based on qualitative and quantitative measures.

Benefits of a business continuity management system

The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organization’s overall ability to continue to operate during disruptions. In achieving this, the organization is:

a) From a business perspective:

1) Supporting its strategic objectives;

2) Creating a competitive advantage;

3) Protecting and enhancing its reputation and credibility;

4) Contributing to organizational resilience;

b) From a financial perspective:

1) Reducing legal and financial exposure;

2) Reducing direct and indirect costs of disruptions;

c) From the Perspective of interested parties:

1) Protecting life, property and the environment;

2) Considering the expectations of interested parties;

3) Providing confidence in the organization’s ability to succeed;

d) From an internal processes perspective:

1) Improving its capability to remain effective during disruptions;

2) Demonstrating proactive control of risks effectively and efficiently;

3) Addressing operational vulnerabilities.