ISO 22301 is the international standard for Business Continuity Management Systems (BCMS). Part of ensuring that your BCMS is compliant with ISO 22301 is understanding the requirements laid out in Clause 2, which establishes the normative references for the standard.
What are Normative References?
Every ISO standard is made up of a number of clauses, each one covering a different aspect of the standard. For ISO 22301, Clause 2 provides the normative references, which are the standards, documents, and other publications that are referred to in the text of the standard and are essential for its application.
Types Of Normative References
There are four types of normative references:
1. International Standards - International standards are published by ISO and establish specifications and procedures that can be used consistently to ensure that materials, products, processes, and services are fit for their purpose.
2. International Workshop Agreement (IWA) - International standards are published by ISO and establish specifications and procedures that can be used consistently to ensure that materials, products, processes, and services are fit for their purpose.
3. ISO/IEC Guides - ISO/IEC guides provide recommended practices for fields such as Information Technology.
4. ISO Publications - ISO publications provide general information about the organization and its activities.
Requirements of ISO 22301: Clause 2 - Normative References
This standard is used to ensure that an organization's Business Continuity Management System (BCMS) is effective.
The requirements of Clause 2 - Normative References are as follows:
- The organization shall identify the normative references that are relevant to its organization and the environment in which it operates.
- The organization shall determine the applicability of each normative reference to its organization and the environment in which it operates.
- The organization shall ensure that the requirements of each normative reference that is relevant to its organization and the environment in which it operates are met.
The references listed in Clause 2 are important because they help to define the terms used in ISO 22301:2012. They also provide guidance on how to implement the requirements of the standard.
The normative references used in ISO 22301:2012 are:
• ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements
• ISO 22313:2012, Societal security - Business continuity management systems - Guidelines
• ISO 31000:2018, Risk management - Guidelines
• ISO/IEC 24762:2016, Information technology - Security techniques - Guidelines for information and communication technology disaster recovery
• BS 25999-1:2006, Business continuity management. Code of practice
• PAS 55:2008, Specification for the Occupational Health and Safety Assessment Series (OHSA)
Benefits of ISO 22301 Clause 2 - Normative References
ISO 22301 is a standard that outlines the requirements for a business continuity management system (BCMS). Clause 2 of the standard specifies the normative references, which are external documents that are referenced in the standard and which are essential for its implementation.
The benefits of clause 2 include:
- Clear guidance: The normative references provide clear guidance on the external documents required for ISO 22301 implementation. This ensures that the BCMS is designed and implemented in accordance with best practises in the industry and relevant international standards.
- Improved consistency: The use of normative references in ISO 22301 ensures that all organisations implementing the standard use the same external documents, improving industry consistency.
- Enhanced credibility: The normative references used in ISO 22301 are recognized by the industry and are widely used in business continuity management. By referencing these documents, ISO 22301 enhances the credibility of organizations that implement the standard and demonstrates their commitment to international standards and best practices.
- Facilitates benchmarking: The use of normative references enables organizations to benchmark their BCMS against international best practices and industry standards. This allows organizations to identify areas for improvement and to continuously improve their BCMS.
- Helps to address legal and regulatory requirements: ISO 22301's normative references can assist organisations in meeting legal and regulatory requirements for business continuity management. Organizations can demonstrate compliance with relevant laws and regulations by implementing ISO 22301.
ISO 22301 Clause 2 identifies the relevant standards and documents required for ISO 22301 standard implementation. These normative references ensure that related standards and guidance in the context of ISO 22301 are applied consistently and appropriately.