Thursday, July 19, 2012

Business Continuity Management Evolves, Meet ISO: ISO 22301 ...

Since events such as 9/11, Katrina, the SARS (severe acute respiratory syndrome) pandemic of 2002/3, the 2011 Tohaku earthquake in Japan, and others, the field of Business Continuity Management (BCM) has become more formal and taken on greater visibility in overall organizational risk management.

Some of this evolution is seen in the recently published ISO Business Continuity Management System (BCMS) standard, ISO 23301:2012. The ISO Technical Committee (TC) that developed 22301:2012 is ISO/TC 223.? This TC?s overall subject area is ?Societal Security.?? ISO indicates that TC 223 is working on a ISO 22301 companion guidance document that will be called ISO 22313

ISO Focus+ reports that work on ISO 22301 originated in 2006 during a workshop on Emergency Preparedness and that an interim guidance document (ISO/PAS 22399:2007) was prepared that addressed business continuity (BC) and incident preparedness.On first blush, ISO 22301:2012 appears to do a good job of integrating a wide range of national standard requirements, from, for example: Singapore?s SS540:2008; Britain?s BS25999; and, America?s ANSI/ASIS SPC.1.

Aside from ISO 22301?s content, a historical point is that this is the second published management system standard (MSS) that has adopted ISO?s new high-level structure for MSSs.? While this shift to a new MSS structure is not a big deal for new standards, it has been a contentious issue for existing MSSs such as ISO 14001:2004.? ISO?s goal with the high level, generic MSS framework, is to aid with the integration of all ISO MSSs within an organization.

ISO 22301:2012 has 11 main grouping.? The standard?s meat starts with ?4-Context of the Organization.? This term ?context of the organization? is a phrase that has been evolving in ISO standards, and is formalized in the new MSS framework.? This initial step, in some circles referred to as an initial review, involves gaining an understanding of the organizations internal and external needs and defining clear boundaries for the MS scope. This includes identifying pertinent interested parties, legal and other requirements.

I will tease out nuances and offer insights on 22301:2012 in future posts.? As future ISO MSSs move to the new framework, there are important things to consider if you begin to migrate your existing MSs (e.g. EHS, Security, etc) to the new approach.? Another intriguing and powerful piece is how to fold in the ISO 31000 risk management recommendations to a generic MS structure.

&copy Redinger EHS, Inc. (2010)


10 minute trainer sarah burke death etta james funeral erin brockovich dodgeball 2012 pro bowl postsecret

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.