The new business continuity standard ISO 22301 specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS). It is auditable, enabling organisations to demonstrate compliance.
What is ISO 22301 certification?
Based on the BS 25999 standard, ISO 22301 introduces a requirement for metrics for business continuity management, as well as additional emphasis for BCMS operational planning and setting controls.
BS 25999 will be withdrawn, so new clients are assessed against ISO 22301. For companies that already have certification to BS 25999, the required transition to the new standard is relatively straightforward and can be done within the UKAS-dictated timeline.
Using industry best practice guide as a foundation, the standard has been introduced specifically to enable you to understand, develop and implement a structured and formalised Business Continuity Management system which will help minimize risk and so the chance of disruption to your organisation.
Benefits of ISO 22301
- Minimizing risk - increased resilience when faced with organisational threat
- Resilience - enhanced capability to handle disruption and protect brand reputation when integrated with business planning
- Reducing costs - action plan rehearsals mean that, should the worst happen, the organisation's financial position is protected
Why choose LRQA for ISO 22301?
LRQA has a long standing relationship with the Business Continuity Institute who are leaders in business continuity development.
Proven track record
We have high profile clients in the IT, defense, government, justice and telecommunications sectors.
LRQA has been carrying out assessments against business continuity standards for many years and our experience will benefit your organisation.
ISO 22301 and the revised ISO 9001:2015 & ISO 14001:2015
Risk based approach
The incorporation of Annex SL into ISO 9001:2015 drives a risk based approach to thinking and acting. The requirements under a risk based approach affect quality and environmental planning and incorporate much of what was previously titled preventive action. Now an organisation will need to determine the risks and opportunities that need to be addressed to give assurance that the QMS & EMS can achieve its intended results.
This greater focus on risk will mean that an organisation will need to demonstrate how this requirement is met. The extent and formality of the approach needed in a particular organisation will – of course – be influenced by its context.