ISO 22301:2014 for business continuity management systems (BCMS) is intended to support an organization’s response structures and increase its ability to cope with disruptions.
Why do organizations implement business continuity management systems?
The outcomes of maintaining a BCMS are shaped by the organization’s legal, regulatory, organizational and industry requirements, which products and services are provided, processes employed, size and structure of the organization and the requirements of interested parties.
A BCMS emphasizes the importance of:
- understanding the organization’s needs and the necessity for establishing business continuity policies and objectives;
- operating and maintaining processes, capabilities and response structures for ensuring the organization will survive disruptions;
- monitoring and reviewing the performance and effectiveness of the BCMS;
- continual improvement based on qualitative and quantitative measures.
What are the components of a BCMS?
A BCMS, like any other management system, includes the following components:
- a) a policy;
b) competent people with defined responsibilities;
c) management processes relating to:
- implementation and operation;
- performance assessment;
- management review;
- continual improvement;
- documented information supporting operational control and enabling performance evaluation.
- Nemko has a lean organization with an effective decision-making process and quick turnaround
- Auditors have valuable experience and inspire a culture of constant improvement
- They value communication with customers
- Observations and comments are clearly expressed to ensure measurable improvement
- The approach is practical and down-to-earth
- The auditor is responsible for the customer during the entire audit process and audit cycle
The certification process consists of two phases:
- Phase 1 consists of an audit of the business in order to review the status of the organization, system documentation, infrastructure, etc. This assesses the maturity of the system.
- Phase 2 is the certification audit, aiming to verify that the system documentation meets the requirements of the standard. The certification audit will give feedback to the organization on issues that are not in conformance with the standard and that need to be corrected before a certificate can be issued.