Business Continuity Management Systems
ISO 22301 BCMS is a Plan-Do-Check-Act program for Business Continuity Management. With the increasing uncertainties in the world today, complexity of work processes and heavy reliance on technologies, there are more potential points of failure than before. This program involves the understanding of business activities and identification of the critical business functions, complying with obligations imposed by stakeholders, authorities and customers, preparing for foreseeable and unforeseeable service disruptions and conducting regular exercises to maintain its readiness towards service disruptions.
Scope:
Identification of major business activities need to plan for resiliency
Policy:
Identification of obligations towards stakeholder, authorities and customers Setting the minimum business continuity objectives
Infrastructural Setup:
Setting up response and recovery teams
Setting up communication plan and support group
Risk Management:
Define maximum tolerable period of disruption Identification of critical business functions Perform risk assessment against service disruption concerns Perform risk treatment against potential risks that are exposed
Implementation:
Create recovery strategies through identification of recovery time objectives and recovery point objectives
Create incident response plan
Create incident management plan
Create business recovery plan
Conduct regular business continuity exercise and test
Audit and Follow-Up:
Conduct regular audits to determine effectiveness of program
Ensure weaknesses and improvement areas are followed up