ISO 22301:2012

BUSINESS CONTINUITY MANAGEMENT SYSTEM

ISO 22301 Certification is a standard that outlines a framework to control, maintain and deploy a successful Business Continuity Program, which helps organizations to prepare, respond and recover from disruptive incidents/disasters. Disaster Recovery is a part of this standard, with the only difference that each Disaster Recovery Plan is relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications.

Benefits OF ISO 22301 CERTIFICATION to your Customers

Continued services despite disasters/interruptions
Increased business resilience
Improves their ability to recover operations and demonstrate business continuity
Confidence in your business continuity arrangements
Meeting SLA requirements they may have with their clients
Cost savings through deuced impact of incidents
Compliance with regulatory and statutory laws

benefits of iso 22301 certification to your organization

Improved turn out time for service downtime
Preparedness to deal with disasters better
Ensuring continued services to your clients
Meeting SLA requirements
Avoidance of penalties due to downtime
Better management of incidents/disasters
Better resource management
Reduced financial and operational impact of disasters on the business

Who can get ISO 22301 certification?

Organizations that provide live services due to whose downtimes other services are affected need to consider ISO 22301. Examples of such industries are television and media broadcasting, internet service providers, BPOs, IT solutions companies, SaaS companies, technology support partners etc.

This standard is applicable to organizations of all domains and sizes. Any organization that requires to have a continuous service delivery as a part of its portfolio is eligible for this standard.

What are the requirements of ISO 22301:2012?

Business Impact Analysis

Measuring the amount of financial/operational damage depending on the time of the year
Determine what kind of assets are actually at risk – including people, property, critical infrastructure, IT systems etc.
Determine the Operational Impact. Eg. Downtime, outsourcing, expediting costs, contractual penalties, customer dissatisfaction etc.
Determine Financial Impact – Equating the above in terms of actual monetary loss

Recovery Strategies

Create an inventory of documents, databases and systems that are used on a day-to-day basis to generate revenue, and then quantify and match income with those processes as part of your recovery strategy/business impact analysis. Strategies are created based on this developed inventory along with RPOs and RTOs established as a part of Business Impact Analysis.

Business Continuity Plan Development

Using information derived from the Business Impact Analysis in conjunction with the Recovery Strategies, establish a plan framework. Documenting an IT disaster recovery plan is part of this stage. It involves restoring and recovering IT infrastructure, including servers, networks to keep the business running.

A data backup plan involves choosing the right hardware and software backup procedures for your company, scheduling and implementing backups as well as checking/testing for accuracy.

Testing and Deployment

Develop a testing process to measure the efficiency and effectiveness of your plans, as well as how often to conduct tests. Part of this step involves establishing a training program and conducting training for your company/business continuity team.

This allows you to allocate resources as needed to fill the gaps and build up a stronger, more resilient plan; also allowing you to clearly define roles and responsibilities and improve communication within the team, as well as identify any weaknesses in the plans that require attention.