Business continuity management covers the area of management that seeks to ensure an organisation’s ability to continuously deliver products or services at an acceptable and predefined level following a disruptive incident. By implementing a business continuity management system, organisations are better prepared to manage major incidents or disasters so that their impact is minimised and the recovery of the organisation’s operations is as quick as possible.
Business Continuity Management System based on ISO 22301
Natural disasters, fires, cyber-attacks, epidemics or supply chain problems are known threats that can threaten the operations of any organisation. The best protection is to prevent potential disruptions and prepare for the moment when a disaster occurs. An organisation’s resilience and preparedness can be ensured using a Business Continuity Management System (BCMS) based on ISO 22301. ISO 22301 defines the requirements for organisations that wish to establish, implement, maintain and continuously improve a business continuity management system (BCMS).
Benefits of BCMS for the organisation
- Increased credibility and competitiveness of the organisation
- Increased organisational resilience and ability to manage significant disruptions
- Effective organisational governance and high return on investment
- Protection of critical assets and reduction of business risks
- Compliance with legal, regulatory, contractual and other societal needs and expectations
Subject of our expert services
1 | Analysis of the existing system and BCMS project planning
Analysis of the context of the organisation and gap analysis of the current state • Development of an BCMS project plan
2 | Establishment and implementation of the BCMS
Identification and description of the boundaries and scope of the BCMS • Definition of the organisational structure, roles and responsibilities of individuals and relevant committees • Design of the business continuity policy • Setting up and documenting BCMS processes
3 | Business Impact Analysis (BIA) and Risk Assessment
Design of a business impact analysis (BIA) and business continuity risk assessment process • Determination of time and capacity frameworks and prioritisation of products and services, activities and resources • Identification, analysis and assessment of business continuity risks
4 | Business continuity strategy and solutions
Analysis and design of potential business continuity strategies for priority activities and resources • Recommendations for selecting appropriate continuity strategies and solutions
5 | Business continuity plans and procedures, training and testing
Design of the structure of disruption response teams • Support in the development of business continuity plans and procedures • Design and implementation of rehearsal and testing, training and awareness activities
6 | Internal audit, supplier audit and certification audit support
Draft and documentation of the BCMS internal audit charter • Draft BCMS audit programme and planning of audit activities • Implementation of internal audit and supplier audit • Support follow-up activities and actions after the audit • Preparation for and support during the certification audit
Advanced GRC applications
The difficulty of executing BCMS processes increases with the size of the organisation and the maturity of the management system. For complex organisations with complex management systems, we recommend using advanced modular tools.
More information can be found in the Applications section.
Quality of our services
During the provision of consulting services, the standards of quality of consultancy services based on ISO 20700, information security based on ISO/IEC 27001 and project management based on ISO 21502 are applied.
Competences of our consultants:
- Certified ISO/IEC 22301 Lead Implementer *
- Certified ISO/TS 22317 Foundation
When conducting an internal audit (first-party audit) or second-party audit, the best practice of auditing management systems, as defined in ISO 19011 and relevant standards, is applied.
Competences of our auditors:
- Certified ISO/IEC 22301 Lead Auditor *
* NOTE: ISO / IEC 17024 accredited certification.