What is ISO 22301 Business Continuity?
Business continuity is the planning and preparation of a company to make sure it overcomes serious incidents or disasters and resumes its normal operations within a reasonably short period. This concept includes the following three key elements:
1. Resilience: critical business functions and the supporting infrastructure must be designed in such a way that they are materially unaffected by relevant disruptions, for example through the use of redundancy and spare capacity;
2. Recovery: arrangements have to be made to recover or restore critical and less critical business functions that fail for some reason.
3. Contingency: the organization establishes a generalized capability and readiness to cope effectively with whatever major incidents and disasters occur, including those that were not, and perhaps could not have been, foreseen. Contingency preparations constitute a last-resort response if resilience and recovery arrangements should prove inadequate in practice.
Typical disasters that business continuity covers natural disasters including fires, floods, accidents caused by key people, server crashes or virus infections, insolvency of key suppliers, negative media campaigns and market upheavals (ex. stock market crashes). The locations of these disasters and the company real estates may be independent.
The management of business continuity falls largely within the sphere of quality management and risk management, with some cross-over into related fields such as governance, information security and compliance. Risk management is an important tool for business continuity as it provides a structured way to identify the sources of business disruption and assess their probability and harm. It is expected that all business functions, operations, supplies, systems, relationships, etc. that are critically important to achieve the organization’s operational objectives are analyzed and included in the business continuity plan. Business Impact Analysis is the generally accepted risk management term for the process of determining the relative importance or criticality of those elements, and in turn drives the priorities, planning, preparations and other business continuity management activities.
We review your existing management systems in relation to requirements of the relevant standards for certification.
Stage 1 Audit
A review of your management system(s) documentation is undertaken as the first step in the certification process.
The Certification Audit is conducted on site to verify that you have implemented the management system across your organisation.
Years 2 & 3: Certification Maintenance
We will conduct an annual Surveillance Audit to check the ongoing implementation of management systems across your organisation.