BUSINESS CONTINUITY MANAGEMENT IN THE FOCUS
Optimally protecting normal operations in order to avoid or minimize emergency situations -
this is the goal of a business continuity management system acc. to ISO 22301.
Business continuity is a key topic for all companies and organizations playing a crucial role as
providers for society. These companies and organizations include energy suppliers and public utilities, banks, transporting companies, IT and telecommunications providers and healthcare providers. However, they also include producing companies that might endanger the environment because of an accident, such as refineries or chemical and pharmaceutical producers. On the whole, however, the topic is interesting for any company for which on-time delivery, availability of goods and services as well as customer satisfaction are important success factors. In case of occurrence of a production or system failure, at the latest, it will become quite obvious that it is worth taking adequate endeavours to sufficiently prepare and test contingency and emergency plans that serve to restore normal operations. The International Standard ISO 22301 makes it possible to implement and certify a business continuity management system - with the aim to protect the organization from interruptions of operation, reduce the likelihood of failures, proactively prepare for such failures, respond to them in a timely manner and recover from them as soon as possible whenever they occur.
Suitability for adding the aspect of business continuity to an integrated management system covering security & quality
On the whole, it is assumed that ISO 22301 is suitable for adding the aspect of business continuity to an integrated management system covering quality management (EN ISO 9001) and information security (ISO/IEC 27001). In ISO/IEC 27001:2005, the preceding version, business continuity management still filled a separate clause within the Standard. In the meantime, BCM has been developed to an autonomous topic. In the present ISO/IEC 27001:2013, the BCM topic has been reduced to “information security aspects of business continuity management”, all the other BCM aspects being covered by ISO 22301. This procedure also emphasizes the high significance of the ISO Standard for Business Continuity Management in the international context.