With the recent release of the new ISO 22301 standard, our staff has begun to receive inquiries from our readers interested in pursuing certification of ISO 22301 — but,  whose organizations may have already certification status in other ISO standards – and how would that relate to the pursuit of an ISO 22301 certification?  Or, can a BCMS be considered jointly with other management systems?

While the answer to the question certainly requires more study and research regarding each individual organization, our staff would at least like to offer some response to those readers.

To that point, the table below is meant to show how a business continuity management system (BCMS) may be considered as part of a suggested “combined audit” effort by an organization.

 

REQUIREMENTS

ISO

9001:2008

ISO

14001:2004

ISO

20000:2011

ISO

22301:2012

ISO

27001:2005

Objectives of the management system

5.4.1

4.3.3

5.5.2

6.2

4.2.1

Policy of the management system

5.3

4.2

4.1.2

5.3

4.2.1

Management Commitment

5.1

4.4.1

4.1

5.2

5

Documentation Requirements

4.2

4.4

4.3

7.5

4.3

Internal Audit

8.2.2

4.5.5

4.5.4.2

9.2

5

Continual Improvement

8.5.1

4.5.3

4.5.5

10

8

Improvement

5.6

4.6

4.5.4.3

9.3

7

 

The general requirements presented in the table above are commonly stated in any management system and would relate to determining objectives, applying them according to the organization’s habits and needs, keeping them alive based on a strong management commitment, monitoring and reviewing, supporting the management system by good documentation, regular “health-checks” via internal or external audits and to gaining benefits through continual improvement efforts as achieved by regular management review(s).

Hopefully this information may assist those organizations that either already have or are planning to comply or certify with both ISO 22301 and one of those other standards listed above.

In every case though, good business continuity management is all about recognizing the positive value of embedding business continuity best practices within and throughout each organization.

If applicable, please pass this information along to those risk management, organizational resilience or business continuity team members in your organization.

Pin It on Pinterest