BS EN ISO 22301:2019 – TC
$217.84
Tracked Changes. Security and resilience. Business continuity management systems. Requirements
| Published By | Publication Date | Number of Pages |
| BSI | 2019 | 88 |
This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The requirements specified in this document are generic and intended to be applicable to all organizations, or parts thereof, regardless of type, size and nature of the organization. The extent of application of these requirements depends on the organization’s operating environment and complexity. This document is applicable to all types and sizes of organizations that: a) implement, maintain and improve a BCMS; b) seek to ensure conformity with stated business continuity policy; c) need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption; d) seek to enhance their resilience through the effective application of the BCMS. This document can be used to assess an organization’s ability to meet its own business continuity needs and obligations.
PDF Catalog
| PDF Pages | PDF Title |
|---|---|
| 6 | ForewordEuropean foreword |
| 12 | Foreword |
| 13 | Introduction |
| 15 | Figure 1 — PDCA model applied to BCMS processes Table 1 — Explanation of PDCA model |
| 19 | 3.5 business continuity management system BCMS business continuity plan 3.7 business continuity programme 3.8 business impact analysis |
| 20 | 3.12 correction document 3.153.11 |
| 21 | 3.17 event 3.18 exercise 3.20 infrastructure |
| 22 | 3.22 internal audit invocation 3.25 maximum acceptable outage MAO 3.26 maximum tolerable period of disruption MTPD |
| 23 | 3.28 minimum business continuity objective MBCO 3.293.18 3.30 mutual aid agreement 3.313.19 |
| 24 | 3.343.22 3.36 performance evaluation 3.37 personnel 3.383.24 3.39 procedure |
| 25 | 3.403.26 3.413.27 products and servicesproduct and service 3.42 prioritized activities 3.43 record 3.44 recovery point objective RPO 3.45 recovery time objective RTO |
| 26 | 3.483.30 3.49 risk appetite 3.50 risk assessment |
| 27 | 3.51 risk management 3.52 testing 3.533.31 3.54 verification 3.55 work environment 4.1 Understanding of the organization and its context |
| 28 | 4.2 Understanding the needs and expectations of interested parties 4.2.1 General 4.2.2 Legal and regulatory requirements 4.3 Determining the scope of the business continuity management system 4.3.1 General 4.3.2 Scope of the BCMSbusiness continuity management system |
| 29 | 4.4 Business continuity management system 5.1 Leadership and commitment |
| 30 | 5.35.2 Policy 5.2.1 Establishing the business continuity policy 5.2.2 Communicating the business continuity policy 5.45.3 Organizational roles Roles, responsibilities and authorities |
| 31 | 6.1 Actions to address risks and opportunities 6.1.1 Determining risks and opportunities 6.1.2 Addressing risks and opportunities 6.2 Business continuity objectives and plansplanning to achieve them 6.2.1 Establishing business continuity objectives |
| 32 | 6.2.2 Determining business continuity objectives 6.3 Planning changes to the business continuity management system 7.1 Resources 7.2 Competence |
| 33 | 7.3 Awareness 7.4 Communication 7.5 Documented information 7.5.1 General |
| 34 | 7.5.2 Creating and updating 7.5.3 Control of documented information 8.1 Operational planning and control |
| 35 | 8.2 Business impact analysis and risk assessment 8.2.1 General 8.2.2 Business impact analysis |
| 36 | 8.2.3 Risk assessment |
| 37 | 8.3 Business continuity strategystrategies and solutions 8.3.1 Determination and selectionGeneral 8.3.2 Identification of strategies and solutions 8.3.3 Selection of strategies and solutions 8.3.28.3.4 Establishing resourceResource requirements |
| 38 | 8.3.3 Protection and mitigation a) reduce the likelihood of disruption, 8.3.5 Implementation of solutions 8.4 Establish and implement business continuity procedures Business continuity plans and procedures 8.4.1 General |
| 39 | 8.4.2 Incident responseResponse structure |
| 40 | 8.4.3 Warning and communication |
| 41 | 8.4.4 Business continuity plans |
| 42 | 8.4.5 Recovery 8.5 Exercising and testingExercise programme |
| 43 | 8.6 Evaluation of business continuity documentation and capabilities 9.1 Monitoring, measurement, analysis and evaluation 9.1.1 General |
| 44 | 9.1.2 Evaluation of business continuity procedures 9.2 Internal audit 9.2.1 General 9.2.2 Audit programme(s) |
| 45 | 9.3 Management review 9.3.1 General 9.3.2 Management review input |
| 46 | 9.3.3 Management review outputs |
| 47 | 10.1 Nonconformity and corrective action 10.2 Continual improvement |
| 48 | Bibliography |
| 52 | undefined |
| 55 | European foreword Endorsement notice |
| 61 | Foreword |
| 62 | Introduction |
| 65 | 1 Scope 2 Normative references 3 Terms and definitions |
| 71 | 4 Context of the organization 4.1 Understanding the organization and its context 4.2 Understanding the needs and expectations of interested parties 4.2.1 General 4.2.2 Legal and regulatory requirements 4.3 Determining the scope of the business continuity management system 4.3.1 General |
| 72 | 4.3.2 Scope of the business continuity management system 4.4 Business continuity management system 5 Leadership 5.1 Leadership and commitment 5.2 Policy 5.2.1 Establishing the business continuity policy |
| 73 | 5.2.2 Communicating the business continuity policy 5.3 Roles, responsibilities and authorities 6 Planning 6.1 Actions to address risks and opportunities 6.1.1 Determining risks and opportunities 6.1.2 Addressing risks and opportunities 6.2 Business continuity objectives and planning to achieve them 6.2.1 Establishing business continuity objectives |
| 74 | 6.2.2 Determining business continuity objectives 6.3 Planning changes to the business continuity management system 7 Support 7.1 Resources 7.2 Competence |
| 75 | 7.3 Awareness 7.4 Communication 7.5 Documented information 7.5.1 General 7.5.2 Creating and updating |
| 76 | 7.5.3 Control of documented information 8 Operation 8.1 Operational planning and control 8.2 Business impact analysis and risk assessment 8.2.1 General |
| 77 | 8.2.2 Business impact analysis 8.2.3 Risk assessment 8.3 Business continuity strategies and solutions 8.3.1 General 8.3.2 Identification of strategies and solutions |
| 78 | 8.3.3 Selection of strategies and solutions 8.3.4 Resource requirements 8.3.5 Implementation of solutions 8.4 Business continuity plans and procedures 8.4.1 General |
| 79 | 8.4.2 Response structure 8.4.3 Warning and communication |
| 80 | 8.4.4 Business continuity plans |
| 81 | 8.4.5 Recovery 8.5 Exercise programme 8.6 Evaluation of business continuity documentation and capabilities 9 Performance evaluation 9.1 Monitoring, measurement, analysis and evaluation |
| 82 | 9.2 Internal audit 9.2.1 General 9.2.2 Audit programme(s) 9.3 Management review 9.3.1 General 9.3.2 Management review input |
| 83 | 9.3.3 Management review outputs 10 Improvement 10.1 Nonconformity and corrective action |
| 84 | 10.2 Continual improvement |
| 85 | Bibliography |
Related products
-
BS EN ISO 21301-1:2019 – TC:2020 Edition
Tracked Changes. Plastics. Ethylene-vinyl acetate (EVAC) moulding and extrusion materials – Designation system and basis…
-
BS EN ISO 22300:2018 – TC:2020 Edition
Tracked Changes. Security and resilience. Vocabulary Published By Publication Date Number of Pages BSI 2020…
