Conditions are not always ideal. Potential threats are plentiful—just take a look at the news lately. Unexpected yet plausible threats—ranging from supply chain issues to natural disasters—can halt the regular operations of any business. Regardless of size or industry, any business depends upon its resiliency to continue regular operations in the event of these business disruptions.
Helping organizations with a comprehensive approach to managing business continuity, there’s ISO 22313:2020 – Security And Resilience – Business Continuity Management Systems – Guidance On The Use Of ISO 22301.
What is ISO 22301:2019?
ISO 22313:2020 offers guidance in meeting the requirements of another international standard, ISO 22301:2019 – Security And Resilience – Business Continuity Management Systems – Requirements.
ISO 22301:2019 helps implement, maintain, and improve a business continuity management system (BCMS). The standard was the first of its kind, drawing from numerous components from other management system standards (competent persons, management review, continual improvement, and the Plan-Do-Check Act, PCDA, cycle) to specify the structure and requirements for a BCMS.
These requirements help an organization protect against, reduce the likelihood of, prepare for, respond to, and recover from disruptions, but the benefits extend beyond just that. With a BCMS in place, organizations can reduce costs, minimize impact on business performance during disruptions, fortify resilience, and assure various stakeholders that sound systems are in place for business continuity.
ISO 22301:2019 – Security And Resilience – Business Continuity Management Systems – Requirements is available on the ANSI Webstore.
What is ISO 22313:2020?
ISO 22313:2020 gives guidance and recommendations for applying the business continuity management system requirements given in ISO 22301:2019.
With this, ISO 22313:2020 actually follows the structure of ISO 22301:2019, taking each clause and expanding upon it with guidelines specific to adhering to those requirements. For example, for Leadership (clause 5 in ISO 22301:2019), ISO 22313:2020 delves into the role of top management, other managerial roles, and establishing, communicating, and setting roles for a business continuity management system.
Similarly, ISO 22313:2020 features a bevy of other guidelines helpful to enacting and supporting a BCMS, including understanding the context of the organization and the needs and expectations of interested parties, incorporating the PCDA cycle, and maintaining effective business continuity.
While ISO 22313:2020 includes the same clause headings as ISO 22301:2019, it does not restate the requirements of that document.
Changes to ISO 22313:2020
This second edition of the standard for BCMS guidance underwent several changes to align it with ISO 22301:2019. This includes structural and content alterations that distinguish it from the first edition from 2012. In fact, while ISO 22313:2012 was titled “Societal Security – Business Continuity Management Systems – Guidance,” ISO 22313:2020 is “Security And Resilience – Business Continuity Management Systems – Guidance On The Use Of ISO 22301.”
Additionally, to make way for further ISO documents in this area, some content from 8.4, “Business continuity plans and procedures,” in ISO 22313:2020 was removed to be included in the in-development “ISO/AWI TS 22332 Security and resilience — Business continuity management systems — Guidelines for developing business continuity plans and procedures.”
Beyond this, additional guidance was added to explain key concepts and terms.
ISO 22313:2020 – Security And Resilience – Business Continuity Management Systems – Guidance On The Use Of ISO 22301 is available on the ANSI Webstore. Anyone needing a range of guidance for emergency and incident management for communities and businesses can acquire their needed standards together as the ISO 22301 / ISO 22316 / ISO 22320 / ISO 22395 – Community and Organizational Emergency Resilience Package or the ISO 22300 / ISO 22301 / ISO 22313 – Societal Security Business Continuity Package.
Accreditation and Certification for Preparedness and PS-Prep Under ISO 22301
The ANSI National Accreditation Board (ANAB), a wholly-owned subsidiary of ANSI, accredits third party bodies (CBs) that issue certifications to entities for disaster preparedness, emergency management, and business continuity. CBs can be accredited to ISO 22301, as well as ASIS SPC.1 and NFPA 1600, or all of these three PS-Prep designated standards.
You can learn more about Accreditation for Preparedness and PS-Prep here.