ISO 22313:2020 pdf download.Security and resilience - Business continuity management systems Guidance on the use of ISO 22301
1 Scope
This document gives guidance and recommendations for applying the requirements of the business continuity management system (BCMS) given in ISO 22301. The guidance and recommendations are based on good international practice.
This document is applicable to organizations that:
a) implement, maintain and improve a BCMS;
b) seek to ensure conformity with stated business continuity policy;
c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption;
d) seek to enhance their resilience through the effective application of the BCMS.
The guidance and recommendations are applicable to all sizes and types of organizations, including large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. The approach adopted depends on the organization's operating environment and complexity.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their content constitutes requirements of this document. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO 22300, Security and resilience一Vocabulary
ISO 22301, Security and resilience一Business continuity management systems一Requirements
4.1 Understanding the organization and its context
This clause provides recommendations for understanding the context of the organization in relation to the BCMS. Recommendations for establishing and maintaining business continuity are addressed in 8.1.
The organization should evaluate and understand the external and internal issues (including positive and negative factors or conditions for consideration) that are relevant to its overall objectives, its products and services, and the amount and type of risk that it may or may not take. This information should be taken into account when implementing and maintaining the organization's BCMS and assigning priorities.
4.2.1 General
The organization owes a duty of care to a wide range of people within and outside the organization (see also ISO/TS 22330]. When establishing its BCMS, the organization should ensure that the needs and requirements of all interested parties are taken into consideration.
The organization should identify all interested parties that are of relevance to its BCMS (see Figure 4) and, based on their needs and expectations, should determine their requirements. It is important to identify not only obligatory and stated requirements, but also any that are implied.
When planning and implementing the BCMS, it is important to identify actions that are appropriate in relation to interested parties but differentiate between them. For example, while it can be appropriate to communicate with all interested parties following a disruption, it may not be appropriate to communicate with all interested parties when implementing and maintaining business continuity management (see 8.1.2).ISO 22313 pdf download.