ISO 22301 certification requires organisations to demonstrate their compliance with appropriate documentation, including a business continuity plan.
In Disaster Recovery and Business Continuity, Thejendra B.S. defines the business continuity plan as the “process of developing and documenting arrangements and procedures that enable an organisation to respond to an event that lasts for an unacceptable period of time and return to performing its critical functions after an interruption”.
Key elements of the business continuity plan
Clause 8 of the Standard states that organisations “shall establish documented procedures for responding to a disruptive incident and how it will continue or recover its activities within a predetermined timeframe”.
This is mandatory to pass part of the Stage 1 audit (often called a readiness audit) for ISO 22301 certification.
It should contain:
- Defined roles and responsibilities for people during and following an incident;
- A process for activating the response;
- Details to manage the immediate consequences of a disruptive incident (specifically focusing on the welfare of individuals, the organisation’s strategic, tactical and operational response options, and prevention of further loss);
- Communication details for the organisation’s employees, their relatives, key interested parties and emergency contacts;
- How the organisation will continue or recover prioritised activities within identified timeframes;
- Details of the organisation’s media response following an incident (specifically focusing on communications, templates for media statements and appropriate spokespeople); and
- A process for standing down once the incident is over.
Management review and approval is critical in making the business continuity plan work effectively.
Help with writing your business continuity plan
According to the Standard, each plan needs to define:
- “purpose and scope,
- objectives,
- activation criteria and procedures,
- implementation procedures,
- roles, responsibilities, and authorities,
- communication requirements and procedures,
- internal and external interdependencies and interactions,
- resource requirements, and
- information flow and documentation processes.”
Putting a business continuity plan together is not an easy task and as a result, many organisations choose to outsource support when it comes to tackling ISO 22301 business continuity management system (BCMS) documentation.
Below is an example of a customisable business continuity plan template from the bestselling ISO22301 BCMS Documentation Toolkit.
Designed and developed by experienced business continuity consultants, the ISO22301 BCMS Documentation Toolkit includes:
- A complete set of easy-to-use, customisable and fully ISO 22301-compliant documentation templates that will save you time and money;
- Helpful dashboards and gap analysis tools to ensure complete coverage of the Standard; and
- Direction and guidance from experienced business continuity consultants.
Find out how the ISO22301 BCMS Documentation Toolkit can help you with your ISO 22301 project >>