The stages of the ISO 22301 project
Opening meeting and project introduction
The opening meeting is considered as the first preparation for the employees to introduce the project and its benefits and steps, explain the benefits and importance of complying with ISO 22301 requirements to obtain ISO 22301certification and the expected positive results for the company and the employees themselves to break down the barriers of fear of change.
Using check list and interviews with employees, all of operations and management staff, A site visit is made to the facility’s headquarters and places where products and services are provided to analyze the work procedures currently in place to assess the current situation of operations and determining their conformity and compliance with the requirements of the ISO 22301 standard and identifying the technical specifications, regulations and legal and national legislation governing the organization’s work, and knowing the gap between the current situation and the one hoped to reach. According to the requirements of ISO 22301.
Training of human resources
Conducting a set of training programs to qualify organization’s staff with the skills and knowledge necessary to understand the requirements of the ISO 22301 Business Continuity Management System, And the requirements for preparing the documents of the Business Continuity Management System (BCM) and identifying the basic concepts in those standards such as the “Deming cycle” PDCA, The context of the organization, Interested parties, Risk-based thinking, Documented information, Corrective actions, Business Impact Analysis, Recovery plans, Business Continuity Strategy … etc. “, In addition to qualifying a group of the organization’s cadres to be internal auditors
The documentation and creation phase of the business continuity management system BCMS ISO 22301
During this stage, based on the results of the gap analysis stage and after reviewing the organization’s working procedures, The consultant will start on the preparation of the required documents, Including the Business Continuity manual, procedures and forms, The ISO 22301 documented system include the following, but not limited to:
- BCMS ISO 22301 Manual
- legal and regulatory requirements procedure
- documented information and implementation procedure
- ISO 22301 Risk assessment procedure
- Skill and Competency of people procedure
- effective Communication with interested parties procedure
- Incident response procedure
- BIA business impact analysis procedure
- BCS business continuity strategy procedure
- BCM Business Continuity Management procedure
- IRS Incident response system procedure
- BCP testing procedure
- Organization Security procedure
- BCM Internal Audit procedure
- BCM Management Review procedure
- control of nonconformity procedure
- Corrective, preventative and improvement procedure
The stage of implementation of the documented system and preservation of records as evidence of the implementation
After preparation of the documented system for business continuity management, The most important stage begins in the project, Which is the implementation of the new procedures, the using of all forms attached to this procedures and the preservation of those records as evidence of the implementation, In addition to monitoring the implementation process to ensure optimal use of the documents and achieve their desired goal in having an effective business continuity management system.
At that stage, the role of internal audit is verifying previous stages and to confirm that it has been implemented well, It also guarantees the continuity of the efficiency of the ISO 22301 Business Continuity Management System and the commitment of all employees to the roles and tasks assigned to them. The internal audit plan is prepared by the consultant, An internal audit of the whole entire system will be carried out by the internal audit team under the supervision and assistance of the consultant, This stage is preceded by the implementation of the BCMS ISO 22301 internal auditor course
Implementation of the Management Review Meeting
The management review meeting is implemented as one of the most important requirements of ISO 22301 to ensure that the top management supports the implementation of the BCM business continuity system and demonstrates its commitment to that. In addition to reviewing the overall performance of the company and providing the required resources, The company’s management is assisted in processing the preparation of meeting inputs, Manage it, record decisions and recommendations and follow up of their implementation.
Certification stage ISO 22301 By the ISO 22301 Certification body
Once the consultant acknowledges the readiness of the organization to obtain ISO 22301 certification, requesting of the external audit to be carried out by one of the internationally accredited certification body, which are recognized for their experience, competence and good reputation in the field of certification, Through the implementation of a site visit and review of all documents and records, and then recommending the grant of the ISO 22301 certificate after ensuring that all the requirements stipulated in the ISO 22301 Business Continuity Management System specification are met and fulfilled.