“ISO International Organization for Standardization is the world’s largest developer and publisher of International Standards. Established in 1947, ISO is a network of the national standards institutes of 159 countries, one member per country, with a Central Secretariat in Geneva, Switzerland, that coordinates the system.” (ISO International Organization for Standardization)
ISO 22301:2012 is the world’s first international business continuity management standard. ISO published it on June 15, 2012 and It cancels the old BS25999 business continuity standard as it was deemed obsolete and replaced by the ISO 22301: 2012. (ISO22301:2012). Cancellation of the BS25999 ensures consistency with all future and revised management system standards and make integrated use more comfortable with, for example, ISO 9001 (quality), ISO 14001 (environmental) and ISO/IEC 27001 (information security). The standard is divided into ten main clauses, starting with scope, normative references, and terms and definitions.
Following these are the standard’s requirements.
“Benefits of ISO 22301 business continuity management are:
Identify and manage current and future threats to your Authors have tried to answer the question of what elements make up the formal BCM system.
Ian Storkey gave a six steps framework while Gilbert and Gips saw a BCM system as consisting of four major elements: risk identification, risk assessment, risk ranking risk and management.
Six steps BCP/DRP framework by Ian Storkey, Business continuity institute(BCI) and ISO, all frames that would be discussed below. These prove the point that there are various ways to divide the different steps in making a Business Continuity Plan. The Business continuity institute framework is explained below. Regardless of which framework a company chose to work with, it needs to be modified to suit the company’s requirements. Gallagher (2005) describes the steps and elements of a BCP it is illustrated in figure x.
1.1.1 ISO 22301:2012
Taking proactive approach to minimising the impact of incidents
Critical functions are kept up and running during times of crises
Minimization of downtimes during events and improvement of recovery time
Demonstration of resilience to customers, suppliers and for tender requests (ISO 22301)
The following documents are mandatory if an organisation wants to implement ISO 22301:
List of applicable legal, regul