When a business is faced with the threat of sudden disruption to its operations, being able to respond quickly and effectively is the key to its survival.
Disasters can strike any time. These range from large-scale natural catastrophes and acts of terror to technology-related accidents and environmental incidents. The causes of hazards may be different – whether human negligence, malevolence or natural disasters but their likelihood (and seriousness) is no less real.
ISO 22301 Business Continuity Management System
ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
The requirements specified in ISO 22301 are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization's operating environment and complexity.
ISO 22301 has been developed by ISO/TC 223, Societal security. This technical committee develops standards for the protection of society from, and in response to, incidents, emergencies and disasters caused by intentional and unintentional human acts, natural hazards and technical failures. Its all-hazards perspective covers adaptive, proactive and reactive strategies in all phases before, during and after a disruptive incident. The area of societal security is multi-disciplinary and involves actors from both the public and private sectors.