The table below represents a methodology of how the ISO 22301 standard can be shown to be in relationship with other business continuity related standards regarding the creation of an integrated management system within an organization.

The “BCM System Element” titled column in this table represents a listing of the normal components that more or less all business continuity management (BCM) standards propose to represent.

All of the other columns attempt to list or identify where in each standard listed you will find in what section or chapter reference each basic BCM System Element is represented.

Hopefully, the information in this table is meant to simplify where each of the selected standards attempt to address its discussion(s) or direction regarding each relevant related BCM System Element.  And, by doing so, our staff hopes that this will help our readers see a more clear reference point where each element of a BCM is to be found in each standard.  And, while these references are not meant to state that all of the listed standards are the same, it does, however, attempt to show how all of the listed standards do at least address the commonly faced BCM elements.

ISO 22301 Mapping Chart

 

BCM Element

 

ISO 22301

ASIS/BSI

BCM.01-2010 ASIS

SPC.1:2009 BS

BS 25999-2

NFPA 1600:2010

Understanding the Organization

Section 4.1

N/A

N/A

Section 4.1

N/A

Needs and expectations of interested parties

Section 4.1

 

N/A

N/a

Section 4.1

Chapter 4.5

Scope

Section 4.3

Section 1

Section 1

Section 3.2.1

Chapter 5.3

BCMS

Section 4.4

Section 4

Section 4

Section 3

Annex D

Management Commitment

Section 5.2

Not Explicit

Not Explicit

Not Explicit

Chapter 4.1

Policy

Section 5.3

Section 4.3

Section 4.2.1

Section 3.2.2

Chapter 4

Rules and Responsibilities

Section 5.4

Section 4.5.2

Section 4.4.1

Section 3.2.4

Chapter 6.6

Planning

Section 6

Section 4.4

Section 4.3

Section 3

Chapter 5

Resources

Section 7.1

Section 4.5.1

Section 4.4.1

Section 4.3

Chapter 6.1

Compliance

Section 7.2

Section 4.5.3

Section 4.4.2

Section 3.2.4

Chapter 6.11

Awareness

Section 7.3

Section 4.5.3

Section 4.4.2

Section 3.2.4

Chapter 6.11

Communication

Section 7.4

Section 4.5.7

Section 4.4.3

Section 4.3.3

Chapter 6.8

Documented Information

Section 7.5

Section 4.6.4

Section 4.5.4

Section 3.4.2

Chapter 4.8

Business Impact Analysis

Section 8.2.2

Section 4.4.1.1

Section 4.3.1

Section 4.1.1

Chapter 5.5

Risk Analysis

Section 8.2.3

Section 4.4.1.2

Section 4.3.1

Section 4.1.2

Chapter 5.4

BC Strategies

Section 8.3

Section 4.3

Section 4.2

Section 4.2

Chapter 5

BC Procedures

Section 8.4

Section 4.5.6.2

Section 4.3

Section 4.3.3

Chapter 6.7

Testing and Exercising

Section 8.5

Section 4.6.2.2

Section 4.5.2.2

Section 4.4

Chapter 7

Monitoring and Measurement

Section 9.1

Section 4.6.1

Section 4.5.1

Section 4.4

Chapter 7.1

Internal Audit

Section 9.2

Section 4.6.5

Section 4.5.5

Section 5.1

Chapter 8.1

Management Review

Section 9.3

Section 4.7.4

Section 4.6.5

Section 5.2

N/A

Improvement

Section 10

Section 4.7.4

Section 4.6.5

Section 6.2

Chapter 8

Auditing

Section 9.2

Section 4.6.5

Section 4.5.5

Section 5.1

Chapter 8.1

Continuous Improvement

Section 10.2

Section 4.7.4

Section 4.6.5

Section 6.2

Chapter 8

If any of our readers would like to add to this discussion, please share your comments below.

If you found this information valuable, please pass it along to those business continuity and risk management team members in your organization.

Our staff also wants to acknowledge that much of the information in this posting was gathered from a reading of a whitepaper published by the Professional Evaluation and Certification Board (PECB) and entitled “ISO 22301 – Societal Security, Business Continuity Management Systems”.  Click here to download and read this whitepaper.

Pin It on Pinterest