A new Business Continuity Standard ISO 22301 has been approved by the ISO Technical Committee to replace the current BS 25999 standard on Business Continuity. This was launched on 15 April 2013 by the International Standards Organization (ISO), as its first standard on business continuity management, This benchmark supersedes BS25999, which is now obsolete and has been formally withdrawn.
The structure and layout of the new Business Continuity ISO does differs from the British Standard BS25999, but the core elements still remain the same. There are some terminology differences, as ISO 22301 aligns across a broad framework of management system standards.
A characteristic that features throughout the new standard is more detail on activities and planning that are required to demonstrate capability and the management controls and documentation now align with other ISO’s in the Societal Security areas .
ISO 22301 will challenge organizations to look closely at their current planning and question whether or not these are precise and detailed enough and has highlighted the following valuable and practical steps that can be of assistance to the companies ;
- Do an environmental analysis, this step will assist you in understanding your legal requirement and how this standards can be applied in your environment
- Get the buy-in of the executive team and board of directors,
- Do a swot analysis so that you can be able to plan accordingly
- Companies must support and provide enough resources
- Conduct exercises and to test your business continuity plans and procedures
- You must be able to monitor, measure, audit, and evaluate your BCMS and to review its performance at different phases
Currently, most countries around the world do not have their ‘own’ national standard and through this Standard they now have the mechanism to easily adopt ISO 22301.
The Business Continuity Institute has released the Good Practice 2013 on Business Continuity. The Good Practice Guidelines (GPG) represent an independent body of knowledge for good Business Continuity practice worldwide. They represent current global thinking in good Business Continuity (BC) practice and now include terminology from ISO 22301.
The real value of the GPG lies in the fact that it considers not just the ‘what’ to do but also the ‘why’, ‘how’ and ‘when’ of practices written by real-world experts.