Business Continuity Management System

Business continuity is the ability of the organization to continue delivering products or services to an acceptable, predefined level, after the incident which caused the disorder.

Business continuity management is a management process that identifies potential threats to an organization and the impacts that these threats, if realized, can have on business processes. Business continuity management provides a framework for building resilience and the organization's ability to effectively respond to the resulting disturbances, which protects the interests of its key stakeholders, reputation, brand and activities that creates value. Putting business continuity management within the organizational management system creates a business continuity management system that enables an organization to control, monitor and continually improve the established system.

Requirements to establish business continuity management systems are defined by BAS EN ISO 22301: 2016.

This standard applies “Plan-Do-Check-Act” (PDCA) model for the planning, establishment, implementation, operation, monitoring, review, maintenance and continuous improvement of the effectiveness of the business continuity management of the organization.

PDCA model applied to the business continuity management system

Business continuity management system, as well as any other management system, has the following key components:

  • policy;
  • people with defined responsibilities;
  • management processes relating to:
    - policy;
    - planning;
    - implementation and operation;
    - performance assessment;
    - review by the management, and
    - improvement;
  • documentation that provides evidence that can be verified, and
  • all processes of business continuity management relevant to the organization.

The structure of BAS EN ISO 22301: 2016 is in line with Annex SL of ISO/IEC Directive Part 1. Annex SL defines the structure of the standards management system and this standard can be easily integrated with other management system standards.

Organizations can be certified in accordance with the requirements of BAS EN ISO 2230: 2016 by accredited certification bodies, which proves that they fulfill the requirements of the standard.

BAS EN ISO 22300: 2016, Social Security - Terminology, gives the terms and definitions applicable in the field of social security in order to establish their common understanding and consistent use.