It has been seven years this June since the launch of the ISO 22301:2012 standard, and in this blog CertiKit takes a look at the benefits and relevancy of the standard and the steps to certification. The ISO 22301 standard describes the requirements for a business continuity management system, and helps businesses demonstrate to their clients, employees and stakeholders that a plan is in place to minimise the impact of potential disruptions. Disruptions can be a number of different things, including natural disasters, staff illness or hardware failures, to name a few.
This is highly dependant on resource and time dedicated to the project, but this is estimated to be up to one year. There are many routes to implement the standard into your business dependant on your own resource, time and budget.
We recommend having a copy of the ISO 22301:2012 standard. You can either purchase this directly from the ISO website or it is included in our Enhanced Gap Assessment Tool. This includes the exact text of sections 4 to 10 of the standard, broken down by individual requirement within a user-friendly spreadsheet. This enhanced gap assessment spreadsheet also includes tables and charts that show your status and progress to a precise level of detail, which is useful for reporting and audit readiness reviews.
Step 1: Become compliant to the standard using the method best suited to your business and industry.
Step 2: Perform an internal audit to highlight any non-conformities before the external audit. We advise an internal audit to be completed by an independent third-party auditor or an impartial qualified auditor within your organisation.
Step 3: The final external audit to achieve certification by an accredited Registered Certification Body (RCB), is not a requirement, however it is recommended as certification validates your ISO 22301 compliance.
The ISO standards are about continual improvement and include annual reviews and audits to ensure your business is conforming to the standard and has corrected any non-conformity highlighted at audit. ISO 22301 is suitable for businesses of any size and industry that want to put a business continuity plan in place.