www.pecb.org

Become a preventer rather than a fixer

2

“80 percent of companies without well-conceived data protection and recovery strategies go out of business within 2 years of a major disaster.” US National Archives and Records Administration

Incidents can and will always happen, but the time when you need to have just a response plan as an answer to these incidents has already gone.

For all natural disasters, environmental incidents, technology related troubles, or man-made crises which can cause incidents and have great impact in business, the idea of having a plan that will just minimize incident consequences is not enough anymore. Responses to these possible events have moved to another level.

Nowadays, it is world trend that in every field, everything in a way or another is being predicted or being anticipated. Different types of organizations now are considering the systematic processes and systems that prevent, protect and respond to incidents, or better say, consider business continuity and recovery plans. These plans help organizations to create a plan B for each identified and predicted threat that could cause disruptive event. Moreover, these plans mitigate the effects of disruptive incidents, or help to recover and continue its operations from a possible result of the event. As a result, organizations are prepared and confident to handle all types of events. In a structured way this can be achieved by using the ISO standard, ISO 22301 Business Continuity Management System that helps organizations to continue delivering products/services to their customers in the event of an interruption.

ISO 22301 specifies requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to prepare for, respond to and recover from disruptive events when they arise.

The reason why ISO 22301 is the best solution for a Business Continuity plan is that ISO 22301 framework provides a number of clearly defined steps to implement a Business Continuity Management System. Through mentioned framework, organizations are able to evaluate the effectiveness of these steps, have control over their cost, and make continual improvements. Furthermore, by integrating other standards like ISO 9001 QMS and ISO 27001 ISMS with ISO 22301 BCMS in one management system, organizations can have lots of benefits that include cost reduction, ease operation and keep business goals aligned. This integration will also enable organizations to have a unique risk management strategy that will enforce their management systems by making it easier to adapt to the new risks. Another benefit of ISO 22301 is that it doesn’t have a unique blueprint of its implementation that would fit to all companies. It rather has guidelines that will let companies identify and define their crucial risks and threats, which through BCMS steps will be mitigated.

As a conclusion, nowadays to remain competitive in today’s business world, organizations should have a positive value of Business Continuity good practice that will prevent incidents from happening, rather than just fixing them. Also, organizations need to have professionals who have appropriate knowledge and experience in Business Continuity Management Systems implementation..Therefore, Professional Evaluation and Certification Board, PECB, has developed a methodology for implementing a BCMS that is made out of Plan-Do-Check-Act, which you can find explained here.

PECB is a certification body for persons on a wide range of professional standards. Among others, it offers ISO 22301 training and certification services for professionals wanting to support organizations on the implementation of Business Continuity Management Systems (BCMS).

ISO 22301 and Professional Trainings offered by ECB:• Certified ISO 22301 Lead Implementer (5 days)• Certified ISO 22301 Lead Auditor (5 days)• Certified ISO 22301 Foundation (2 days)• ISO 22301 Introduction (1 day)

Lead Auditor, Lead Implementer and Master are certification schemes accredited by ANSI ISO/IEC 17024.

Rreze Halili and Fitim Rama are our Product Managers at PECB. If you have any questions, please do not hesitate to contact: scr@pecb.org or pm-scr@pecb.org.

For further information, please visit www.pecb.org/en/training

3

“To work well, ISO 22301 will need organizations to have thoroughly understood its requirements. Rather than being simply about a project or developing ‘a plan’, BCM is an ongoing management process requiring competent people working with appropriate support and structures that will perform when needed.” Dave Austin, the project leader responsible for writing ISO 22301.