BCMS ISO 22301 Business Continuity Management System

BCMS ISO 22301 Business Continuity Management System

BCMS ISO 22301 Business Continuity Management System Certificate

What is a business continuity management system? ISO 22301 BCMS ?

ISO 22301 standard specifies requirements for planning, establishing, managing, operating, monitoring, reviewing and maintaining a documented management system on an ongoing basis to protect your business against and reduce the likelihood of any disaster events having a negative impact and to respond to and recover from them when they occur.

Our ISO 22301 Business Continuity Consultant can assist you in implementing the ISO 22301 Business Continuity Management System (BCMS) standard. This provides an effective framework for business continuity and to get the BSCMS ISO 22301 certification

BCMS ISO 22301 Business Continuity Management System might be implemented regardless of the size of the organization or the complexity of its operations. Using the Deming Cycle Model (Plan – Do – Check- Act) “PDCA”

How to implement ISO 22301 Business Continuity System

Leadership and risk management

  • As with all ISO management systems based on Annex SL, ISO 22301 has a strong focus on leadership, This ensures clear and strong commitment from top management.
  • Business continuity management will be a part of the organization’s overall risk management program. The standard addresses the risks and opportunities associated with BCMS.


Business Impact Analysis

  • It’s nearly impossible to plan for every sudden event that might happen. That’s why we use Business Impact Analysis as a tool to identify critical products / services that your business needs to offer to customers and the activities and processes that support the delivery of those products and services.
  • As recommended in the BCI Good Practice Guide, We can help you assess this at the strategic, tactical and operational level, To ensure business continuity effectively meets your needs and is an integral part across the organization.


Business Continuity Strategies

  • There are several ways to define the right strategy for your organization. And it might be a mixture across different products / processes.
  • Evaluating the Maximum Tolerable Downtime (MTPD) and setting Recovery Time Objectives (RTO) is one of the methods that ISO 22301 Consultants can guide you when selecting strategies.


Incident response, communication and business continuity plan

  • It is also important to plan the response to an accident. Including the roles and responsibilities of the individuals involved.
  • Our consultant will help you in creating an Incident Response Structure.

Recovery and test plans

  • Recovery of activities and processes identified in the Business Impact Analysis (BIA) – above, Recovery plans are often the main focus of business continuity programs. They should be a part of the overall framework.
  • Plans can be department or team-specific. But it must be tested and implemented to ensure its effectiveness when needed. Many lessons can be learned by testing your plan and this helps drive continuous improvement. And spread awareness of the BCM Business Continuity Management System.

Benefits of Implementing ISO 22301 Business Continuity Management System

  • ISO 22301 is the international standard for business continuity management
  • Demonstrates your organization’s commitment to managing business continuity for external and interested parties
  • It provides an effective framework to ensure that your business, contractual and legal responsibilities are met
  • Provide a significant competitive advantage, It can be your gate to deal with major companies
  • Provide a plan for disasters and sudden unexpected events, and define treatment and recovery plans
  • The ISO 22301 application conveys an important message to customers and business partners that your business is stable and safe against any sudden disaster.
  • Enables you to monitor, review and maintain the business continuity management system in order to be able to give your customers and business partners more confidence in your business

The stages of the ISO 22301 project

  • Opening meeting and project introduction

The opening meeting is considered as the first preparation for the employees to introduce the project and its benefits and steps, explain the benefits and importance of complying with ISO 22301 requirements to obtain ISO 22301certification and the expected positive results for the company and the employees themselves to break down the barriers of fear of change.

  • Gap Analysis phase

Using check list and interviews with employees, all of operations and management staff, A site visit is made to the facility’s headquarters and places where products and services are provided to analyze the work procedures currently in place to assess the current situation of operations and determining their conformity and compliance with the requirements of the ISO 22301 standard and identifying the technical specifications, regulations and legal and national legislation governing the organization’s work, and knowing the gap between the current situation and the one hoped to reach. According to the requirements of ISO 22301.

  • Training of human resources

Conducting a set of training programs to qualify organization’s staff with the skills and knowledge necessary to understand the requirements of the ISO 22301 Business Continuity Management System, And the requirements for preparing the documents of the Business Continuity Management System (BCM) and identifying the basic concepts in those standards such as the “Deming cycle” PDCA, The context of the organization, Interested parties, Risk-based thinking, Documented information, Corrective actions, Business Impact Analysis, Recovery plans, Business Continuity Strategy … etc. “, In addition to qualifying a group of the organization’s cadres to be internal auditors

  • The documentation and creation phase of the business continuity management system BCMS ISO 22301

During this stage, based on the results of the gap analysis stage and after reviewing the organization’s working procedures, The consultant will start on the preparation of the required documents, Including the Business Continuity manual, procedures and forms, The ISO 22301 documented system include the following, but not limited to:

    • BCMS ISO 22301 Manual
    • legal and regulatory requirements procedure
    • documented information and implementation procedure
    • ISO 22301 Risk assessment procedure
    • Skill and Competency of people procedure
    • effective Communication with interested parties procedure
    • Incident response procedure
    • BIA business impact analysis procedure
    • BCS business continuity strategy procedure
    • BCM Business Continuity Management procedure
    • IRS Incident response system procedure
    • BCP testing procedure
    • Organization Security procedure
    • BCM Internal Audit procedure
    • BCM Management Review procedure
    • control of nonconformity procedure
    • Corrective, preventative and improvement procedure
  • The stage of implementation of the documented system and preservation of records as evidence of the implementation

After preparation of the documented system for business continuity management, The most important stage begins in the project, Which is the implementation of the new procedures, the using of all forms attached to this procedures and the preservation of those records as evidence of the implementation, In addition to monitoring the implementation process to ensure optimal use of the documents and achieve their desired goal in having an effective business continuity management system.

  • Internal Audit Phase

At that stage, the role of internal audit is verifying previous stages and to confirm that it has been implemented well, It also guarantees the continuity of the efficiency of the ISO 22301 Business Continuity Management System and the commitment of all employees to the roles and tasks assigned to them. The internal audit plan is prepared by the consultant, An internal audit of the whole entire system will be carried out by the internal audit team under the supervision and assistance of the consultant, This stage is preceded by the implementation of the BCMS ISO 22301 internal auditor course

  • Implementation of the Management Review Meeting

The management review meeting is implemented as one of the most important requirements of ISO 22301 to ensure that the top management supports the implementation of the BCM business continuity system and demonstrates its commitment to that. In addition to reviewing the overall performance of the company and providing the required resources, The company’s management is assisted in processing the preparation of meeting inputs, Manage it, record decisions and recommendations and follow up of their implementation.

  • Certification stage ISO 22301 By the ISO 22301 Certification body

Once the consultant acknowledges the readiness of the organization to obtain ISO 22301 certification, requesting of the external audit to be carried out by one of the internationally accredited certification body, which are recognized for their experience, competence and good reputation in the field of certification, Through the implementation of a site visit and review of all documents and records, and then recommending the grant of the ISO 22301 certificate after ensuring that all the requirements stipulated in the ISO 22301 Business Continuity Management System specification are met and fulfilled.

Clauses of the standard ISO 22301

  1. Context

    • 4.1. Understand your organization and its unique context.
    • 4.2. Define the needs and expectations of your interested parties.
    • 4.3. Figure out what your BCMS should apply to and clarify its scope.
    • 4.4. Develop a BCMS that meets your needs and complies with this standard.
  1. Leadership

    • 5.1. Provide leadership for your organization’s BCMS.
    • 5.2. Show that you support your organization’s BCMS.
    • 5.3. Establish a suitable BCMS policy for your organization.
    • 5.4. Assign responsibility and authority for your BCMS.
  1. Planning

    • 6.1. Specify actions to manage your risks and address your opportunities.
    • 6.2. Set business continuity objectives and develop plans to achieve them.
  1. Support

    • 7.1. Support your BCMS by providing the necessary resources.
    • 7.Support your BCMS by making sure that people are competent.
    • 7.3. Support your BCMS by making people aware of their responsibilities.
    • 7.4. Support your BCMS by establishing communication procedures.
    • 7.5. Support your BCMS by managing all relevant information.
  1. Operation

    • 8.1. Carry out process planning and establish controls.
    • 8.2. Study disruptions and risks and set your priorities.
    • 8.3. Develop a business continuity strategy to handle disruptions.
    • 8.4. Establish and implement business continuity plans and procedures.
    • 8.5. Conduct exercises and test business continuity plans and procedures.
  1. Evaluation

    • 9.1. Monitor, measure, and evaluate your organization’s BCMS.
    • 9.2. Set up an internal audit program and use it to evaluate your BCMS.
    • 9.3. Review the performance of your organization’s BCMS.
  1. Improvement

    • 10.1. Identify nonconformities and take corrective actions.
    • 10.2. Enhance the overall performance of your BCMS.

Entities and sectors interested in implementing ISO 22301

  1. All industrial, commercial, service and agricultural companies and institutions of various sizes and types that aim to ensure the continuity of their ability to work in all circumstances
  2. Banks, insurance companies, financial brokerage, the stock exchange and all companies related to the financial and banking sector
  3. Technology, programming, communications, networking, IT, and information security and confidentiality companies
  4. Corporate, retail, wholesale, distribution, freight and transportation

Request for consultation / paid course

Providing consulting and training to implement the ISO 22301 Business Continuity Management System

The experts of the Arab Professionals Center for Training and Consulting qualify all companies and organization (such as banks, insurance companies, financial companies, transport, shipping and distribution companies, and all types of industrial and commercial companies) and provide technical support to build a business continuity management system and prepare all documents, procedures and forms that are compatible with the requirements of ISO 22301 in addition to Providing all required training courses and coordinating the implementation of the external audit to grant ISO 22301 certification.

You can press the button below to request a quote/details