Synergos Consultancy Ltd is a specialist consultancy company who assist businesses to achieve various means of compliance, including, ISO certification, Health and Safety Management, SSIP Accreditations, AEO Status, GDPR compliance and more.
Working closely with UKAS accredited certification bodies and accreditation services, we provide clients with established and practiced methods of achieving desired results.
Our consultants have worked in varying industries and bring a wealth of knowledge and experience to ensure that they provide the right support for you and your business.
Business continuity is to key to the success of all our businesses and a plan that is rigorously tested to ensure we remain operational in times of a crisis, is something all business owners should implement
With the above in mind, we are often asked by our clients ‘what do I need to consider when developing a business continuity plan?’
This is why we have drafted a brief guidance of ISO 22301 that provides some general assistance in preparing you to put your plan together.
Business continuity means that an organisation or company, no matter how big or small, is agile enough to be able to adapt and change processes and systems to cope with disasters when they strike.
In the case of a natural disaster, for example, a business may be physically forced out of its premises but with backup of systems it should be able to run, albeit at a reduced capacity, from other premises. They may also have to adapt the supply chain, including how orders are fulfilled.
In order to do all of this however, companies need to have disaster planning and business continuity in place as part of their systems and processes.
ISO 22301 is, therefore, used as a demonstration of good practice. It will not stop a disaster, but it may stop a company from sinking further into the hole it creates.
ISO 22301 links with other standards including ISO 9001 quality management systems, the environmental standard ISO 14001 and ISO/IEC 27001 relating to information security. There are 10 main clauses as part of the standard as follows:
- Normative references
- Terms and definitions
- Context of the organisation
Clause 8 is the main body of the business continuity process covering 4 key areas
|1||Business Impact Analysis (BIA)
|What processes do you have in place for analysing business impact?
Consider all aspects of your business and how each department currently operates. Would the departments cope in a disaster recovery situation? How quickly could the business resume operation?
|2||Business risk assessment (BRA)
|Completed risk assessments will help you to understand your operational risks in a structured way, informing the development of your business continuity strategy.
Should an incident occur (or when an incident occurs), this plan ensures that the response is appropriate and escalated as needed.
|3||Business continuity strategies and solutions
|Once you have carried out your BIA and completed your BIA of all key areas of the business this then forms your business continuity plan.
|Document what resources you require to become functional for example, people, premises, IT infrastructure etc and build this into your plan.|
In summary, the purpose of ISO 22301 guides companies in setting up and managing a Business Continuity Management System (BCMS).
A BCMS is a set of interrelated elements that organizations use to establish, implement, operate, monitor, review, maintain, and improve their business continuity capabilities. These elements include people, policies, plans, procedures, processes, structures, and resources.
All of these elements are used to ensure that operations continue, and that products and services are delivered at predefined levels, that brands and value-creating activities are protected, and that the reputations and interests of key stakeholders are safeguarded whenever disruptive incidents occur.