ISO 22301

Last updated

ISO 22301 is an international standard for business continuity management systems. It was developed in March 2012 by International Organization for Standardization. The goal of the standard is to specify requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. The standard was designed to fit into an integrated management system. [1] It is intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. [2] [3] [4]

Contents

Organizations that implement a business continuity management system (BCMS) based on the requirements of ISO 22301 can undergo a formal assessment process through which they can obtain accredited certification against this standard. A certified BCMS demonstrates to internal and external stakeholders that the organization is adhering to good practices in business continuity management. [5]

Scope and contents

Similar to other management system standards by ISO, the requirements specified in ISO 22301 are generic and intended to be applicable to all organizations, regardless of type, size, and industry. However, the extent of applicability of the requirements depends on the organization's environment and complexity. [6]

ISO 22301 is divided into 10 main clauses and has adopted the high-level structure and standardized text set out by Annex SL.

The standard is divided as follows:

  1. Scope
  2. Normative references
  3. Terms and definitions
  4. Context
  5. Leadership
  6. Planning
  7. Support
  8. Operation
  9. Performance evaluation
  10. Improvement

The high-level structure of ISO 22301, shared with other ISO management systems standards, such as ISO/IEC 27001, ISO 9001, ISO/IEC 20000-1, create a consistency which can help organizations integrate several management systems. [7] This can help organizations improve efficiency, eliminate duplication, and achieve cost savings. [8]

ISO 22301 is the first of a series of ISO standards and Technical Specifications on Business continuity management, including [9]

Versions

This standard was originally developed by ISO technical committee ISO/TC 223 on societal security and published for the first time in May 2012. ISO 22301:2012 was the first published ISO standard that had fully adopted the new format for writing management system standards described in Annex SL. ISO/TC 292 Security and resilience took over the responsibility of the work when ISO/TC 223 was dissolved and initiated a revision of the standard. [17] The 2nd edition was published on 31 October, 2019, essentially consisting in refactoring the text of the standard to avoid repetitions. [1]

YearDescription
2012ISO 22301 (1st Edition)
2019ISO 22301 (2nd Edition)

See also

Related Research Articles

<span class="mw-page-title-main">Business continuity planning</span> Prevention and recovery from threats that might affect a company

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning is the process of creating systems of prevention and recovery to deal with potential threats to a company. In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery. Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

BS was BSI's standard in the field of Business Continuity Management (BCM). It was withdrawn in 2012 and 2013 following the publication of the international standards ISO 22301 - ″Societal Security — Business continuity management systems — Requirements″ and ISO 22313 - ″Societal Security — Business continuity management systems — Guidance″

The ISO/IEC 27000 family comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO/IEC 27006 is an information security standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Part of the ISO/IEC 27000 series of ISO/IEC Information Security Management System (ISMS) standards, it is titled Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems.

ISO/TC 223 Societal security was a technical committee of the International Organization for Standardization formed in 2001 to develop standards in the area of societal security: i.e. protection of society from and response to incidents, emergencies, and disasters caused by intentional and unintentional human acts, natural hazards, and technical failures.

ISO 28000:2022, Security and resilience – Security management systems – Requirements, is a management system standard published by International Organization for Standardization (ISO) that specifies requirements for a security management system including aspects relevant to the supply chain.

ISO/IEC 27001 is an international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022. There are also numerous recognized national variants of the standard. It details requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS) – the aim of which is to help organizations make the information assets they hold more secure. Organizations that meet the standard's requirements can choose to be certified by an accredited certification body following successful completion of an audit.

<span class="mw-page-title-main">ISO/TC 292</span>

ISO/TC 292 Security and resilience is a technical committee of the International Organization for Standardization formed in 2015 to develop standards in the area of security and resilience.

ISO 22313:2020, Security and resilience - Business continuity management systems – Guidance to the use of ISO 22301, is an international standard developed by technical committee ISO/TC 292 Security and resilience. This document provides guidance for applying the requirements for a business continuity management system (BCMS) in accordance with the requirements set out in ISO 22301:2019.

The Annex SL is a section of the ISO/IEC Directives part 1 that prescribes how ISO Management System Standard (MSS) standards should be written. The aim of Annex SL is to enhance the consistency and alignment of MSS by providing a unifying and agreed-upon high level structure, identical core text and common terms and core definitions. The aim being that all ISO Type A MSS are aligned and the compatibility of these standards is enhanced.

ISO 22322:2022 is an international standard developed by the ISO/TC 292 Security and Resilience committee. It was published by the International Organization for Standardization (ISO) in 2015.

ISO 22320:2018, Security and resilience - Emergency management - Guidelines for incident management, is an international standard published by International Organization for Standardization that provide guidelines to be used for organizations that helps to mitigate threats and deal with incidents to ensure continuity of basic function of society. ISO 22320 can be used by all types and sizes of organizations, no matter whether they are private or public but it is mostly focused on national emergency management organizations

ISO 22319:2017, Security and resilience - Community resilience - Guidelines for planning the involvement of spontaneous volunteers, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2017. ISO 22317 gives various of recommendations on how to deal with spontaneous volunteers (SVs) that show up at the incident scene to help the official emergency management team. When emergencies happen, concerned citizens want to help out in many ways. Following a disaster or crisis, members of the public often show up and offer their help. These spontaneous volunteers are not usually part of an organized volunteer organization such Search and Rescue Teams or the Humanitarian groups and may not have any training or experience as a volunteer. However, these volunteers can make very valuable contributions to the emergency response. But they can also present challenges for the emergency managers who may not be prepared for these volunteers. The purpose of this standard is to help organizations plan for the participation of spontaneous volunteers and to manage their work effectively and safely. .

ISO 22382:2018 Security and resilience – Authenticity, integrity and trust for products and documents – Guidelines for the content, security and issuance of excise tax stamps, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2018.
ISO 22382 is a guidance document that provides various of recommendations for the content, security, issuance and examination of physical tax stamps. The purpose of the standard is to avoid counterfeited products and ensure that the required taxes have been paid for, for example on items as tobacco and alcohol. The recommendations includes:

ISO 22395:2018, Security and resilience -- Community resilience -- Guidelines for supporting vulnerable persons in an emergency, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in October 2018. This document is a voluntary guidance standard for supporting vulnerable persons in an emergency.

ISO 22315:2014Societal security – Mass evacuation – Guidelines for planning, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2014. ISO 22315 gives various of recommendations on how to plan for possible mass evacuations, for example a city. The standard includes guidance on the various phases of mass evacuation from how to prepare the public, take the decision for evacuation to analyzing the evacuee movement and assessing the shelter where the evacuees is put.

ISO 22380:2018 Security and resilience – Authenticity, integrity and trust for products and documents – General principles for product fraud risk and countermeasures, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2018.
ISO 22380 is a guidance document that provides principles on how to identify the risks related to various types of product fraud and product fraudsters. The included guidance can be used by any type of organization in order to establish strategic, countermeasures to prevent or reduce any harm from fraudulent attacks.

ISO 22392:2020, Security and resilience - Community resilience - Guidelines for conducting peer reviews, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2020: ISO 22392 gives various of recommendations on how to conduct peer reviews of community resilience and design a peer review tool to assess community preparedness for disasters.

ISO 22396:2020, Security and resilience - Community resilience - Guidelines for information exchange between organizations, is an international standard developed by ISO/TC 292 Security and resilience and published by the International Organization for Standardization in 2020: ISO 22396 gives various of recommendations on how to exchange information between organizations. It is applicable to all types of organizations, both public and private. The recommendations include various of principles for information exchange as well as a framework and process on how to work.

References

  1. 1 2 "ISO 22301:2019". ISO. 5 June 2023.
  2. "What is ISO 22301? Learn the Basics". 27001Academy.
  3. Howard, Casey (August 6, 2018). "What is business continuity/ISO 22301 and why do you need it?". IT Governance UK Blog.
  4. "What is ISO 22301 (International Organization of Standardization standard 22301)? - Definition from WhatIs.com". SearchDisasterRecovery.
  5. Tangen, Stefan; Austin, Dave (June 2012). "Business continuity: ISO 22301 when things go seriously wrong" (PDF). ISO Focus+. 3 (6): 22–23. ISSN   2226-1095. OCLC   834139006.
  6. "ISO 22301:2019(en), Security and resilience — Business continuity management systems — Requirements". iso.org. Retrieved 2021-07-09.
  7. "ISO 22301 - Business continuity" (PDF). iso.org. 2019-10-29. Retrieved 2021-07-09.
  8. The integrated use of management system standards (IUMSS). Geneva: International Organization for Standardization. 2018. ISBN   9789267108308. OCLC   1108681092.[ page needed ]
  9. Gasiorowski-Denis +41 22 749 03 25, Elizabeth (5 June 2012). "ISO publishes new standard for business continuity management". ISO.{{cite web}}: CS1 maint: numeric names: authors list (link)
  10. "ISO 22313:2020". ISO.
  11. "Iso/Ts 22317:2021".
  12. "Iso/Ts 22318:2021".
  13. "ISO/TS 22330:2018". ISO. 12 July 2019.
  14. "ISO/TS 22331:2018". ISO.
  15. "Iso/Ts 22332:2021".
  16. "ISO/IEC TS 17021-6:2014". ISO.
  17. "ISOTC292". www.isotc292online.org.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.