trarzh-TWenfrdeelitfarues

ISO 22301 STANDARD

ISO 22301 Social Security and Business Continuity Management System
ISO 22301 Standard
  • 1 resim 2

As with many standards, a transition (from BS 7799-2 to ISO 27001) has been inevitable, and the International Organization for Standardization (ISO) has begun to prepare ISO 25999 to replace BS 22301. During the year 2011, the draft version was shared with the public, and in the middle of the year 2012 was published as ISO 22301 Social Security - Business Continuity Management System.

ISO 22301 specifies the requirements for a documented management system to ensure that the organization is prepared, responding, and returning when incidents that interrupt the organization occur.

 

General Features of ISO 22301 Standard

  • Applies to any type or size of industry or sector
  • Provides a tried and tested framework for a systematic approach
  • Provides a framework that meets customer needs, internal needs, legislation, regulatory and regulatory requirements
  • Determines the standard requirements for business continuity
  • Provides a model to meet business needs continuously despite interruptions
  • Provides the basis for certification that defined requirements are met

ISO 22301 Business Continuity Management System Standard Overview

The main sections of the standard related to Business Continuity Management System (ISMS) are under the following article numbers.

         Article 4: Organization Content

         Article 5: Leadership

         Article 6: Planning

         Article 7: Support

         Article 8: Operation

         Article 9: Performance evaluation

         Article 10: Improvement

A description of each of these key activities is given below.

ISO 22301 Article 4: Content of the Organization

The first article of the standard, which is related to ISMS, contains guiding statements for determining the structure of the organization, scope of ISMS and risk criteria.

These statements can be summarized as;

  • The activities of the organization, products and services, relations with related parties and related parties,
  • Risk criteria, identification of internal and external elements that may lead to risk,
  • The potential impact of a devastating event on the parties concerned by risk-taking disposition (risk appetite),
  • The needs and expectations of interested parties in ISMS and regulatory requirements
  • Scope appropriate to the nature and complexity of the organization parts to be included in ISYS and the need for ISYS,

It includes the need for definitions and explanations for such topics.

ISO 22301 Article 5: Leadership

The management system installation and maintenance requires a business continuity management system leader authorized by the top management. This leader needs to demonstrate constant commitment to the management system for reasons such as determining the organizational objectives of management, providing the necessary resources and authorization and creating an effective workable environment.

Standard for Business Continuity leader;

  • Establishing policies and strategies in line with Business Continuity targets,
  • Ensuring that resources are available,
  • Using leadership and commitment as motivating and empowering,
  • A business continuity policy in line with the purpose of the organization, including a commitment to continuous improvement and announced to the relevant parties within the organization,
  • Performing performance measurement to be presented to the senior management with the necessary authorization,

responsibilities.

ISO 22301 Article 6: Planning

While the Business Continuity Management System is being operated, a plan including the methods of setting up the management system is prepared and actions are taken according to this plan. The main goal is to achieve business continuity goals. When planning to achieve the Business Continuity objectives, the organization should determine the following;

  • Who will be responsible,
  • What will he do,
  • What resources will you need,
  • When will it be completed,
  • How the results will be evaluated.

ISO 22301 Article 7: Support

This is a section that explains all the resources, competencies, awareness, communication and documentation content required for the installation, execution, maintenance and development of the Business Continuity Management System together with its methods.

ISO 22301 Article 8: Operation

In the Operation section, the stages of setting up a Business Continuity Management System with the included organization parts under the responsibility of authorized persons according to the scope and policy determined are explained;

The steps are as follows;

  • Determining the criteria and deciding the documents and planning.
  • Business Impact Analysis and Risk Assessment studies should include,
  • Establishing a business continuity strategy after analysis and evaluation,
  • Preparing the business continuity procedures and instructions, depending on the business continuity policy,
  • Establishing a structure for informing and communicating with the incident response structure,
  • Creating Business Continuity Plans on how to take action in case of time-critical business interruption,
  • Establishing plans to ensure the continuity of the activities to be returned to the state before the event occurred,
  • Control of the compliance of these continuity procedures established with Business Continuity Targets through exercises and tests.

ISO 22301 Article 9: Performance evaluation

In this section, which includes monitoring, measurement, analysis and evaluation stages, there are explanations regarding the control of the applicability and validity of the established management system according to the criteria determination and measurement evaluation plans made in Article 6.

Check the operational and validity of the entire management system rather than the operational phases; procedures, internal audit and management review as well as methods for performing a performance assessment.

ISO 22301 Article 10: Improvement

When nonconformities arise in an established and operated Business Continuity Management System, corrective actions and nonconformities must be corrected and controlled. This section describes corrective actions and the requirements for continuous improvement to improve the effectiveness of the management system. Accordingly, the targets achieved and the efficiency of the management system are continuously tested and improvements are made.

 

 

Certification

The firm, which provides auditing, supervision and certification services to internationally recognized standards, also provides periodic inspection, testing and control services.

Contact Us

Address:

Mahmutbey Mh, Dilmenler Cd, No 2 
Bagcilar - Istanbul, TURKEY

Telephone :

+90 212 702 00 00

Whatsapp:

+90 532 281 01 42

Email:

[email protected]

Search