Mandatary Documents Of Iso 22301 Business Continuity Management System

By Author: John
Total Articles: 266
Comment this article

ISO 22301 Business continuity management systems – Requirements, will help organizations, regardless of their size, location or activity, to be well prepared and more assured to handle trouble of any type. Incidents can disturb an organization at any time and applying ISO 22301 will confirm that organizations can respond and continue its operations. Incidents take many forms ranging from large scale natural disasters and acts of terror to technology-associated accidents and environmental occurrences. However, maximum incidents are small but can have an important impact and that makes business continuity management appropriate at all times. This has led to a global awareness that organizations in the public and private sectors must know how to prepare for and respond to surprising and disruptive incidents.
ISO 22301 delivers a framework to plan, establish, implement, operate, monitor, review, maintain and constantly improve a business continuity management system (BCMS). It is probable to help organizations protect against, prepare for, respond to, and recover when disorderly incidents arise. Organizations applying ISO ...
... 22301 will be able to prove to legislators, regulators, clients, prospective customers and other interested parties that they are obeying to good practice in Business continuity management. ISO 22301 will assistance organizations in the design of a Business Continuity Management System that is proper to its requirements and encounters its stakeholders’ necessities. These needs are shaped by legal, regulatory, organizational and industry factors, the organization's products and services, its size and structure, its processes, and its stakeholders.
List of ISO 22301 Mandatory Documents:
• List of legal, regulatory and other requirements.
• Scope of the BCMS and explanation of exclusions.
• Business continuity policy.
• Business continuity objectives.
• Competencies of personnel.
• Business continuity plans and procedures.
• Documented communication with interested parties.
• Records of significant information about the disruption, actions taken and decisions made.
• Data and results of monitoring and measurement.
• Internal audit program.
• Results of internal audit.
• Results of management review.
• Nature of nonconformities and actions taken.
• Results of corrective actions.
Commonly used non-mandatory BCMS documents and records:
The list of ISO 22301 documents generally doesn’t end with the checklist of ISO 22301 mandatory documentation above. In most cases, also use these documents, even though they are not strictly essential by the standard:
• Procedure for identification of appropriate legal and regulatory requirements.
• Implementation plan for achieving the business continuity objectives.
• Training and awareness plan.
• Procedure for control of documented information.
• Contracts and service level agreements with suppliers and outsourcing partners.
• Procedure for business impact analysis and risk assessment.
• Results of business impact analysis.
• Results of risk assessment.
• Strategies and solutions for business continuity.
• Incident scenarios.
• Exercise and testing plans.
• Post-exercise reports.
• Results of post-incident review.
• Procedures for monitoring, measurement, analysis and evaluation.
• Procedure for internal audit.
• Procedure for corrective action.
Some requirements can be documented through some other documents. One example of this is determining the context of the organization, while it is not mandatory can be documented through List of legal, regulatory and other requirements, Business continuity policy, etc. On the other hand, combine some of these documents into a single document (especially for smaller company). For example, report the results of business impact analysis and of risk assessment through the Business continuity strategy.