What's new?

What does ISO 22301 look for in a business continuity plan?

An ISO-aligned business continuity plan includes business continuity procedures for managing a disruption and continuing operations, based on recovery objectives identified in its business impact analysis. These procedures should:

  • Establish an appropriate internal and external communications protocol
  • Be specific about immediate steps that are to be taken during a disruption
  • Be flexible enough for responding to unanticipated threats and changing internal and external conditions
  • Focus on the impact of events that could potentially disrupt operations
  • Be developed based on stated assumptions and an analysis of interdependencies
  • Minimize impact to the business by implementing appropriate mitigation strategies
  • Establish a management structure for responding to disruptions, involving individuals with the responsibility, authority, and competence to manage an incident

A business continuity plan should also contain:

  • Defined roles and responsibilities for people and teams having authority during and following an incident
  • A process for activating response to incidents
  • Details for managing immediate consequences of an incident, with consideration for:
    • The welfare of individuals
    • Strategic, tactical, and operational options for responding to the incident
    • Prevention of further loss or unavailability of prioritized activities
  • How your organization will continue or recover its prioritized activities within predetermined timeframes
  • Details of your organization’s media response following an incident, including:
    • A communications strategy
    • Preferred interaction with the media
    • A guideline or template for drafting a statement for the media
    • Identifying appropriate spokespeople>/li>
  • Details on how and under what circumstances your organization will communicate with employees and their families, interested parties, and emergency contacts
  • A process for standing down (or retreating from a constant state of alert) once the incident is over

The key to writing a business continuity plan is not to create a comprehensive manual with so much detail that you’re stuck with a massive binder . Lootok can help you develop a business continuity plan that’s user-friendly and practical, while still meeting the ISO standard requirement.