ISO 22301 is the standard which defines the requirements for a Business Continuity Management System (BCMS) in order to guarantee the Organization’s ability to protect itself against destructive events that can directly or indirectly affect it and to recover its operations in an organized way, with the goal to protect its own Customers.
The requirements specified by the standard can be applied to the whole Organization or a part of it, regardless of the nature, type and size of the Organization itself. The degree of application of the requirements of ISO 22301 standard depends on the environment in which the organization operates and on its complexity.
The Business Continuity Management System must take into consideration the legal requirements, the reference standards, the products and services provided by the Organization, its processes and the requirements of the Interested Parties, first of all the Customers.
Respond and restore operations to a predefined level after a destructive event and guarantee the supply continuity to the Customers.
The Business Continuity Plan has to provide information and procedures to guide an organization to react to an incident and restore operations at a predefined level after a disruptive event and guarantee the supply continuity to its Customers. The Plan has to provide with actions to be executed after an emergency such as, for example, a natural disaster (earthquake or flooding), a terrorist attack, a long-lasting power outage or default of a critical supplier. The plan has to allow the organization to overcome an emergency while safeguarding its ability to meet the needs of its customers and stakeholders, minimizing the damage from a management point of view.
The Business Continuity Management System must be able to minimize the consequences caused by an incident, which can have impact on:
- Employees safety
- Environment
- Loss of productive resources (infrastructures, equipment, plants)
- Supplies
- Economic losses, Customers loss or a possible loss of market share
The procedures established by a Business Continuity Management System must therefore address all operational aspects both inside and outside the company and the relationship with the parties involved. They must be tailored to the specific characteristics and needs of each company.
NEM & ISO 22301
The method proposed by NeM for the achievement of the ISO 22301 certification is described in the section:
“THE PATH TO CERTIFICATION”.
