The table below represents a methodology of how the ISO 22301 standard can be shown to be in relationship with other business continuity related standards regarding the creation of an integrated management system within an organization.
The “BCM System Element” titled column in this table represents a listing of the normal components that more or less all business continuity management (BCM) standards propose to represent.
All of the other columns attempt to list or identify where in each standard listed you will find in what section or chapter reference each basic BCM System Element is represented.
Hopefully, the information in this table is meant to simplify where each of the selected standards attempt to address its discussion(s) or direction regarding each relevant related BCM System Element. And, by doing so, our staff hopes that this will help our readers see a more clear reference point where each element of a BCM is to be found in each standard. And, while these references are not meant to state that all of the listed standards are the same, it does, however, attempt to show how all of the listed standards do at least address the commonly faced BCM elements.
ISO 22301 Mapping Chart
BCM Element
|
ISO 22301 |
ASIS/BSI BCM.01-2010 ASIS |
SPC.1:2009 BS |
BS 25999-2 |
NFPA 1600:2010 |
Understanding the Organization |
Section 4.1 |
N/A |
N/A |
Section 4.1 |
N/A |
Needs and expectations of interested parties |
Section 4.1
|
N/A |
N/a |
Section 4.1 |
Chapter 4.5 |
Scope |
Section 4.3 |
Section 1 |
Section 1 |
Section 3.2.1 |
Chapter 5.3 |
BCMS |
Section 4.4 |
Section 4 |
Section 4 |
Section 3 |
Annex D |
Management Commitment |
Section 5.2 |
Not Explicit |
Not Explicit |
Not Explicit |
Chapter 4.1 |
Policy |
Section 5.3 |
Section 4.3 |
Section 4.2.1 |
Section 3.2.2 |
Chapter 4 |
Rules and Responsibilities |
Section 5.4 |
Section 4.5.2 |
Section 4.4.1 |
Section 3.2.4 |
Chapter 6.6 |
Planning |
Section 6 |
Section 4.4 |
Section 4.3 |
Section 3 |
Chapter 5 |
Resources |
Section 7.1 |
Section 4.5.1 |
Section 4.4.1 |
Section 4.3 |
Chapter 6.1 |
Compliance |
Section 7.2 |
Section 4.5.3 |
Section 4.4.2 |
Section 3.2.4 |
Chapter 6.11 |
Awareness |
Section 7.3 |
Section 4.5.3 |
Section 4.4.2 |
Section 3.2.4 |
Chapter 6.11 |
Communication |
Section 7.4 |
Section 4.5.7 |
Section 4.4.3 |
Section 4.3.3 |
Chapter 6.8 |
Documented Information |
Section 7.5 |
Section 4.6.4 |
Section 4.5.4 |
Section 3.4.2 |
Chapter 4.8 |
Business Impact Analysis |
Section 8.2.2 |
Section 4.4.1.1 |
Section 4.3.1 |
Section 4.1.1 |
Chapter 5.5 |
Risk Analysis |
Section 8.2.3 |
Section 4.4.1.2 |
Section 4.3.1 |
Section 4.1.2 |
Chapter 5.4 |
BC Strategies |
Section 8.3 |
Section 4.3 |
Section 4.2 |
Section 4.2 |
Chapter 5 |
BC Procedures |
Section 8.4 |
Section 4.5.6.2 |
Section 4.3 |
Section 4.3.3 |
Chapter 6.7 |
Testing and Exercising |
Section 8.5 |
Section 4.6.2.2 |
Section 4.5.2.2 |
Section 4.4 |
Chapter 7 |
Monitoring and Measurement |
Section 9.1 |
Section 4.6.1 |
Section 4.5.1 |
Section 4.4 |
Chapter 7.1 |
Internal Audit |
Section 9.2 |
Section 4.6.5 |
Section 4.5.5 |
Section 5.1 |
Chapter 8.1 |
Management Review |
Section 9.3 |
Section 4.7.4 |
Section 4.6.5 |
Section 5.2 |
N/A |
Improvement |
Section 10 |
Section 4.7.4 |
Section 4.6.5 |
Section 6.2 |
Chapter 8 |
Auditing |
Section 9.2 |
Section 4.6.5 |
Section 4.5.5 |
Section 5.1 |
Chapter 8.1 |
Continuous Improvement |
Section 10.2 |
Section 4.7.4 |
Section 4.6.5 |
Section 6.2 |
Chapter 8 |
If any of our readers would like to add to this discussion, please share your comments below.
If you found this information valuable, please pass it along to those business continuity and risk management team members in your organization.
Our staff also wants to acknowledge that much of the information in this posting was gathered from a reading of a whitepaper published by the Professional Evaluation and Certification Board (PECB) and entitled “ISO 22301 – Societal Security, Business Continuity Management Systems”. Click here to download and read this whitepaper.