ISO 22301: Clause 6 - Planning
Introduction
The Business Continuity Management System (BCMS) is based on the International Standard ISO 22301, Clause 6 of the standard deals with the planning process. ISO 22301 provides a framework for organizations to plan, implement, operate, monitor, review, and continually improve their ability to protect against, respond to, and recover from disruptions.
ISO 22301 Clause 6 – Planning, is the guidance for developing, maintaining, and improving the BCMS. It describes the activities needed to establish, document, implement, monitor, review, and continually improve the Business Continuity Management System.
The process of planning for business continuity is an iterative one that should be populated with as much relevant information as possible. The goal is to produce a set of comprehensive plans that will enable the organization to respond effectively to any incident or event that disrupts normal operations.
What Is Business Continuity Planning?
Business continuity planning (BCP) is the creation of a plan to protect an organization from potential threats to its business operations. The plan includes procedures for how the organization will continue to function in the event of an incident or disaster.
BCP is also known as business continuity and resiliency planning, business continuity management, and continuity of operations planning.
The purpose of BCP is to minimize the impact of an incident or disaster on an organization. BCP helps organizations keep their operations running despite disruptive events.
BCP is a proactive process that helps organizations prepare for disruptions. The goal is to identify potential threats and develop plans to mitigate the impact of those threats.
BCP plans typically address 3 areas:
1. Continuity of operations: This includes plans for how the organization will continue to function in the event of an incident or disaster.
2. Recovery: This includes plans for how the organization will recover its operations after an incident or disaster.
3. Crisis management: This includes plans for how the organization will manage a crisis situation.
BCP plans should be reviewed and updated on a regular basis. They should be tested periodically to ensure that they are effective. Organizations should have BCP plans in place before an incident or disaster occurs.
ISO 22301 Planning Process
ISO 22301 is the international standard for business continuity management. The standard is designed to help organizations protect themselves from the disruptive effects of disasters. Clause 6 of the standard deals with the planning process.
The planning process is critical to the success of any business continuity plan. The goal of the planning process is to ensure that the organization is prepared to respond effectively to a disaster.
There are 6 steps in the planning process:
1. Identify the organization's goals and objectives: The first step in the planning process is to identify the organization's goals and objectives. The goals and objectives of the organization will determine the scope of the business continuity plan.
2. Identify the organization's critical functions: The second step in the planning process is to identify the organization's critical functions. The critical functions are those functions that must be performed in order to maintain the organization's business operations.
3. Identify the organization's critical assets: The third step in the planning process is to identify the organization's critical assets. The critical assets are those assets that are essential to the operation of the organization.
4. Identify the organization's vulnerabilities: The fourth step in the planning process is to identify the organization's vulnerabilities. The vulnerabilities are those factors that could potentially disrupt the organization's business operations.
5. Identify the organization's risks: The fifth step in the planning process is to identify the organization's risks. The risks are those events that could potentially disrupt the organization's business operations.
6. Develop the organization's response plan: The sixth and final step in the planning process is to develop the organization’s response plan. This plan will outline how the organization will respond to an incident, including who will be responsible for each task and how the resources will be mobilized.
Documentation of ISO 22301: Clause 6 – Planning
Documentation of ISO 22301: Clause 6 – Planning is a process that helps organizations to prepare for and respond to disruptive incidents. This process includes the development of plans and procedures for how the organization will continue its critical functions during and after an incident. It also includes training and exercises to ensure that these plans are effective.
The goal of this documentation is to provide organizations with guidance on how to develop and implement a comprehensive business continuity management system. This system should be designed to help the organization maintain its critical functions during and after a disruptive incident.
Making Changes To The Plan
Making changes to a business continuity plan can be a complex and time-consuming process, particularly if the plan is large and Detailed. Organizations need to ensure that any changes are made in a controlled and coordinated manner, and that all stakeholders are consulted and aware of the changes.
The process of making changes to a business continuity plan is typically as follows:
1. Review the need for change.
2. Assess the impact of the proposed changes.
3. Develop and implement the change.
4. Test the changes.
5. Monitor and review the changes.
Each of these steps is important in its own right, and together they form a comprehensive approach to making changes to your business continuity plan.
Final Thoughts
The Planning process is vital to the success of any organization’s BCM program. Without a robust plan in place, it can be difficult to develop the necessary processes and procedures to protect the organization in the event of a disruption.
By following the steps laid out in Clause 6, organizations can ensure that they have a comprehensive and effective BCM program in place.
