ISO 22301:2018

One of the biggest differences that this standard has from ISO 22301:2012 is that ISO 22301:2018 no longer uses the term ‘risk appetite’. Instead, this standard looks to identify when and at what stage does the lack of business activities becomes a threat to the survival of the organization.

• The requirement to understand the organization’s needs and the importance of setting up policies and objectives about business continuity based on business impact analysis with the consideration of RTO, RPO, MBCO and MAO.
• The need for creating, maintaining and working with processes and structured response strategies to make sure of the fact that the organization and sustain and recover through disruptions
• To monitor, review and stay updated with the overall efficacy and performance of the BCMS
• To track all necessary qualitative and quantitative measures to improve every day

• A strong policy that outlines the tipping point, while identifying focus problem areas and solutions
• Identifying competent individuals capable of executing the strategies and allocating them with requisite responsibilities
• Creating management processes that are focused on the following:
  • Policy
  • Business Continuity and Disaster Recovery Plan
  • Implementation & Operation
  • Performance Assessment and Testing & Exercise
  • Management Review
  • Constant Improvement
• Creating a string of documented information that provides proof and operational support

This standard is applicable for large, small, for-profit, non-profit, private and public entities. The standard has been conceived in such a way that it applies to organizations of any size or type. The idea here is simple; disruptions affect companies of all sizes and verticals.

Thus, it becomes more important than ever to have a business continuity management system in place to keep the business on an even keel even during disruptions.