There are several steps which every organization should follow for successful implementation of ISO 22301:2012
ISO 22301: 2012 works on PDCA Principle. It's applied to all the process and BCMS as a whole for continuous improvement. Business continuity Management focused on PDCA Cycle. ISO 22301 consist of 10 clauses and all the 10 clauses are incorporated as per the PDCA life cycle principle.
At the organization level, we can't do anything without approval from top management. For successful implementation of ISO 22301, financial and technical approval needed from the top management. Top management doesn't approve anything without seeing any benefit from it. As an ISO 22301 implementer in the organization, your task starts from here to present the benefits of ISO 22301.
ISO 22301 is not only law or regulations, it is also the requirements in the agreements with your clients (e.g., SLAs). You have to list all of these requirements and define how to communicate with each of the stakeholders/interested parties.
Compare existing business continuity management system with ISO 22301 requirements (If any existing business continuity plan available in the organization).
Top management needs to create a policy which contained the rules and regulation of the business continuity. Top management needs to set up the objective which defines what is expected from the BCMS.
Define the dedicated team in the organization for implementation and maintenance of ISO 22301. Define roles and responsibilities of each team member for the project.
To comply with any standard or to run system smoothly, a required document is mandatory. As per the ISO 22301, create support documents.
You need to make aware your all employees, clients, vendors, other stakeholders by giving them training and motivate them to follow the guidelines of ISO 22301 by giving some incentive like certification.
Document Maintenance
Only training is not sufficient for successful operation of any project. Test the ISO 22301 policy in the live environment. Do testing by creating a mock drill. Involve all the stakeholder including top management, client, vendor, etc.
If any incidents happened, do the post-incident review and check at what level and how fast you have recovered your business. You also find following things like - how people react, how ready they are, what improvements are needed in the plans, etc
Evaluate the performance of the ISO 22301. Evaluate the outcomes of the ISO 22301 and check that objectives are achieved or not.
Internal audit is a part of the performance evaluation. In the internal audit, the internal employee from the different department evaluated the requirement and check whether all the control implemented as per the ISO 22301 or not.
As per the findings of the internal audit, take necessary corrective action for non-conformances and area of improvement.
Successful implementation is not sufficient. You have to regularly monitor the all the process, procedures and documents of ISO 22301 to ensure that it is aligned with the business objective.
If your organization needed certificate to comply with the requirement of the client, go for third-party audit (certification audit). If any organization can't be able to allow a dedicated team for the implementation of ISO 22301, they can hire a third party organization for implementation of ISO 22301.
ISO 22301: 2012 works on PDCA Principle. It's applied to all the process and BCMS as a whole for continuous improvement
There are several steps which every organization should follow for successful implementation of ISO 22301:2012
In the event of business disruption due to unwanted incidents, BCMS helps to top management to perform impact analysis of disruptive incidents on business.
Is business Continuity management means only IT disaster recovery?
https://advisera.com/27001academy/knowledgebase/mandatory-documents-required-by-iso-22301/
What Our Customers Say?
Valency Networks is a very techie company, focusing on a continuous improvement in service quality. Our customers like us exactly for that and that helps us keep our quality to the best extent.