Professional Documents
Culture Documents
MANAGEMENT &
ISO22301
Frequently asked questions
January 2015
BUSINESS CONTINUITY
MANAGEMENT &
ISO22301
Business continuity management is often
“Statistics indicate that 80% of
described as a business-critical activity, but
conversation on the subject is often organisations that are faced
confused by the parallel concept of disaster with a significant business
recovery management. Understanding has
discontinuity, and do not have
not been improved by the existence of
several different business continuity related adequate and appropriate plans
standards. In May 2012, however, the to ensure business continuity,
publication of ISO/IEC 22301 provided a
single standard that replaced the prior do not survive the event.”
dominant standard, BS25999, while offering
greater clarity on the subject.
organisation and the impacts to business
So, what exactly is business continuity operations that those threats, if realised,
management, and how do the current might cause, and which provides a
standards relate to one another? framework for building organisational
1. What is business continuity resilience with the capability for an effective
management (BCM)? response that safeguards the interests of its
key stakeholders, reputation, brand and
A range of internal or external risks could value-creating activities.”
negatively impact your organisation. These
include a fuel crisis, pandemic, the loss of 2. And what is disaster recovery
business facilities due to fire, flooding, theft management (DRM)?
and vandalism, communications failure, One definition is: “the ability of an
industrial action, power failures – any event organisation to respond to a disaster or an
that interferes with the normal running of interruption in services by implementing a
your business. disaster recovery plan to stabilise and
Business continuity management is the restore the organisation’s critical functions.”
planning process and activities used to On the surface, then, it seems extremely
identify those aspects of your business similar to BCM.
activities and resources that are essential 3. So, how do the two concepts relate?
or critical.
A simple way of approaching these two
Documented and tested plans are essential concepts is to view business continuity
if your organisation is to continue with management as the overall process of
‘business as usual’ when there is a civil identifying and planning to counteract
emergency or business interruption. business continuity risks; part of that
The formal definition from ISO/IEC 22301 planning should include recovering the
is: “A holistic management process that business from a disaster scenario to get it
identifies potential threats to an back to normal working.
Useful resources
IT Governance offers a unique range of products and services, including books, standards, pocket guides,
training courses, staff awareness solutions and professional consultancy services.
Standards
ISO/IEC 22301 (Specification)
The standard provides the requirements for a business continuity management system
(BCMS) to enable a company to prepare for a disruptive incident. This standard is
essential for an ISO22301-certified BCMS.
Training
ISO22301 Certified BCMS Foundation Training Course
This course provides delegates with the practical knowledge and skills required to plan
and execute audits of business continuity management systems in line with the
requirements specified by the ISO 22301:2012 standard.
Consultancy
FastTrack™ Business Continuity Management/ISO22301 Consultancy
This unique consultancy service helps you to implement a robust business continuity
management system (BCMS) and achieve certification to ISO22301, with minimal
business disruption and within a limited budget.
IT Governance solutions
IT Governance sources, creates and delivers products and services to meet the evolving IT
governance needs of today's organisations, directors, managers and practitioners.
IT Governance is your one-stop shop for corporate and IT governance information, books,
tools, training and consultancy. Our products and services are unique in that all elements are
designed to work harmoniously together so you can benefit from them individually and also
use different elements to build something bigger and better.
Books
Through our website, www.itgovernance.co.uk, we sell the most sought after publications
covering all areas of corporate and IT governance. We also offer all appropriate standards
documents.
In addition, our publishing team develops a growing collection of titles written to provide
practical advice for staff taking part in IT governance projects, suitable for all levels of staff
knowledge, responsibility and experience.
Toolkits
Our unique documentation toolkits are designed to help small and medium-sized organisations
adapt quickly and adopt best management practice using pre-written policies, forms and
documents.
Visit www.itgovernance.co.uk/product-demos to view and trial all of our available toolkits.
Training
We offer training courses from staff awareness and foundation courses, through to advanced
programmes for IT practitioners and Certified Lead Implementers and Auditors.
Our training team organises and runs in-house and public training courses all year round,
covering a growing number of IT governance topics.
Visit www.itgovernance.co.uk/training for more information.
Through our website, you can also browse and book training courses throughout the UK that
are run by a number of different suppliers.
Consultancy
Our company is an acknowledged world leader in our field. We can use our experienced
consultants, with multi-sector and multi-standard knowledge and experience to help you
accelerate your IT GRC (governance, risk, compliance) projects.
Visit www.itgovernance.co.uk/consulting for more information.
Software
Our industry-leading software tools, developed with your needs and requirements in mind,
make information security risk management straightforward and affordable for all, enabling
organisations worldwide to be ISO27001-compliant.
Visit www.itgovernance.co.uk/software for more information.
1
http://www.ukas.com/services/Technical_Bulletins/BCM_BS25999_to_ISO_22301_Transition.asp