Both the Covid-19 Pandemic and recent increases in successful ransomware attacks have taught organisations many lessons. Undoubtedly, businesses have changed forever the way that they operate in response to these ever-changing threat scenarios. Being prepared for the worst is now foremost on many senior leadership agendas and being able to demonstrate the organisation's preparedness and the ability to respond to the unexpected is vital. Organisations are increasingly required, via formal supply chain processes, to provide assurances that they have sufficient measures in place to continue to provide their products and services in the face of major disruptive events. Widely recognised ISO Certifications, such as Business Continuity (ISO 22301) and Information Security (ISO 27001), formalise this assurance and take preparedness and operational resilience to the next level.
Business Continuity planning is all about ensuring that an organisation can continue its operations through a disruption or having plans in place to recover key services to the extent required by its stakeholders to ensure minimal damage to reputation or market position whilst also satisfying legal and regulatory obligations. For most, the overarching requirements of Business Continuity is associated with ensuring the safety and welfare of their employees. There are many studies that demonstrate that effective Business Continuity and Crisis Management is key to maintaining market position, share price and stakeholder confidence.
ISO22301 is an internationally recognised specification for a framework for managing Business Continuity. It comprises of a Business Continuity Management System (BCMS) designed to address the complete Business Continuity requirements and approach to Business Continuity within an organisation. Certification to ISO22301 is recognised worldwide as an indication that your BCMS is aligned with Business Continuity best practice.
Implementation of an ISO22301 BCMS
At Beeches Consulting we have helped many UK based and Global organisations achieve ISO22301 certification. The implementation follows three key stages as follows:
- Create the BCMS framework, detailing the strategy, aims and objectives for Business Continuity within the organisation. This framework must reflect the context of the organisation and have widespread support. Beeches Consulting assists you in eliciting this support from the board-level downwards.
- Identify the Business Continuity risks faced by the organisation and the potential impacts of those risks on key aspects of the business using a structured Business Impact Analysis (BIA). Using a methodical audit of risks Beeches Consulting will help to identify risk and using the BIA develop appropriate Business Continuity Strategy responses which, once agreed, then lead to the development of Business Continuity Plans (BCP). Alongside this the development of the BCP, mitigations to risks identified may be required, such as resilient technology solutions, supplier risk management, policies and procedures.
- The developed Business Continuity Procedures, are implemented, communicated, tested and revised / reviewed as required to ensure they fully reflect the aims and objectives of the organisation. The leadership of the organisation is then involved to confirm that the BCMS is effective in dealing with the aims of the BCMS and disruptive events identified.
Achieving ISO certification
Once all the requirements of the ISO 22301 standard have been met, we then apply with you, for certification via a UKAS accredited certification body. The above work will have prepared your organisation for the ISO audit carried out by the certification body carried out in three stages (and we fully support you through these stages):
|Stage 1||Stage 2||Stage 3|
|Stage 1 - documentation review, including the following - policy, scope of the BCMS, risk assessment, risk treatment plan, BIA and BCP. They will undertake a review of the identified BC Strategies & Solutions implemented to ensure they are appropriate to the size and nature of your organisation.||Stage 2 - this will be a more involved audit to ensure what happens in practice follows your documented procedures and that appropriate records are being maintained. Following a successful audit, a certificate of registration to ISO 22301 will be issued.||Stage 3 - is the process of ongoing audit, known as surveillance visits. These are carried out by your selected certification body once or twice per year to ensure the procedures are being maintained.|