Overview
ISO 22301 : BUSINESS CONTINUITY MANAGEMENT SYSTEM
We provide ISO 22301 consulting, implementation, audit and certification support. This includes a phase wise approach that involves understanding business context to business continuity, business impact analysis (BIA), risk assessment, exercise and testing, detail recommendations, policy/documentation support, training, coaching employees/teams, coaching business continuity managers, audit and management review leading to successful zero defect ISO 22301 certification. Our ISO 22301 consulting methodology ensures several benefits. Most important of them are the organisation preparedness to manage 'any' crisis or outage. The focus of any business continuity program is not limited to 'prevention' but more importantly 'ability to respond'. The standard uses these 4Rs - namely 'respond, recover, resume and restore'. Our approach of ISO 22301 audit ensures that you get true business value on this investment.
WHAT CONSTITUTES A TRUE BUSINESS CONTINUITY MANAGEMENT SYSTEM (BCMS)?
BCMS is the organizations' capability to respond post a crisis within a pre-determined response time. BCMS is not how you prevented crisis but more importantly what you will do post crisis. Crisis can be described in several outage scenarios but chiefly they can combine people outage or unavailability, physical site, communication or technology, and/or vendor unavailability. Setting up BCMS involves understanding business and its requirement for recovery expressed in unit of time. In addition, it also involves business continuity decisions on architecture, definition, documentation, implementation, measurement and audits. The most important feature of BCMS is testing your plans - because your business continuity is as good as it is tested. Absence of a defined process as to how your business will recover or its testing is therefore a clear case of absence of a business continuity management system (BCMS).
WHAT ARE THE ISO 22301: 2011 CERTIFICATION REQUIREMENTS?
Coverage
The standard is divided into 10 following clauses. For ISO 22301 certification only Clause 4 to 10 is applicable.
Management System Controls (Clause 4 to 10)
- Clause 1 - Scope
- Clause 2 - Normative references
- Clause 3 - Terms and definitions
- Clause 4 - Context of the organisation
- Clause 5 - Leadership
- Clause 6 - Planning
- Clause 7 - Support
- Clause 8 - Operation
- Clause 9 - Performance Evaluation
- Clause 10 - Improvement
WHAT IS NANJGEL SOLUTIONS APPROACH TO SUCCESSFUL BCMS – ISO 22301 CONSULTING/CERTIFICATION?
We bring our world-class experience in delivery BCMS ISO 22301 implementation leading to successful certification.
- Phase I - Understanding the business context and relevance of business continuity is the starting point of ISO 22301 implementation.
- Phase II - Detail business impact analysis (BIA) and risk assessment gives us an understanding of the core of the business. The process on one-hand helps in understand what are the key 'value creation' activities on one hand and their level of preparedness for different outage scenarios. The outcome of iso 22301 BIA and risk assessment leads to identification of flaws of various types, which can include single point of failures as well as lack of preparedness for managing certain threats and outages.
- Phase III - This phase is a management strategy and decision making phase. We help management take a right decision on which risks they should be prepared. Decision such as 'build or buy', hot site, warm site or cold site need to be taken. Once the decision is taken the development of the individual plan starts.
- Phase IV - This phase involves development of individual plans with teams that are responsible either for 'respond, recover, resume and restore' processes. Nanjgel has identified best practice business continuity plans that must be documented. The individual plans are discussed and handed to teams for adequacy, acceptance and ownership.
- Phase V - the testing phase is the most crucial phase for ISO 22301 certification. Any organizations BCP is as good as it is tested. So special emphasis is laid to cover all aspects of the plan – in order to ensure relevance, awareness among the teams, and the organisation.
- Phase VI - ISO 22301 Audit is verification of the newly established process against each requirement for ISO 22301. This is also to check the 'lifecycle' aspect of the process.
- Phase VII - ISO 22301 certification audit has two stages:
Stage 1 - documentation, and, Stage 2 - implementation verification.
What are the key consulting differentiators to our ISO 22301 consulting assignment?
- Business continuity Architecture in line with business objectives
- Testing each aspect of documented plan
- Enterprise risk reduction
- ROI consulting - We attempt to ensure that you become BCM compliant within existing investment
- Speed and comprehensiveness in consulting delivery
- Business continuity principles embedded in each business lifecycle/change
- Structured and proven risk assessment and risk measurement
- Documentation at 4 layers which encompass certification and internal maturity requirements
- Measurements that determine the degree of compliance for applicable controls
- Higher participation of compliance through head of department involvement
- Awareness to each and every member of the organization
- Framework implementation and continual improvement
- Successful ISO 22301 certification
Upon ISO 22301 certification what should happen in the organisation?
- Creates competitive advantage via the promotion of consistent and cost-effective services.
- More efficient use of resources for service provision leading to cost reductions.
- Lower incident volumes, faster incident resolution and less business disruption because of service failures.
- Alignment of information technology services and business strategy.
- The creation of a consistent approach that facilitates organizational change.
- Reduced risk of not being able to meet business objectives and Service Level Agreement targets.
- Higher customer satisfaction and improved reputation.
- A continuous improvement in the quality of IT services.