ISO 22301 (Definition)

ISO 22301 is the international standard for Business Continuity Management. It's full title is Societal Security — Business Continuity Management Systems — Requirements.

Introduced in 2012, it is intended that it will be a replacement for the second part of the earlier British Standard BS 25999

Like its predecessor, it specifies the requirements of a Business Continuity Management System. The requirements are intended to be suitable for auditing, so that a company or department can claim that its management systems are ISO 22301 certified.

Certification is an important consideration in complex supply chains, where each company relies on the ability of many other companies to provide critical components or services. If one part of this supply chain is disrupted, it will have a significant effect on companies further down the chain. It is generally not feasible or desirable for each company to check that each of its suppliers has a suitable business continuity plan in place: doing so would be prohibitively expensive and, with one supplier providing supplies to many customers, would involve a major duplication of effort.

The belief is therefore that it would be simpler and cheaper if each major supplier obtained ISO 22301 certification.

Whether the requirement for supplier robustness in the face of disaster will eventually be perceived as being as important as supplier quality remains to be seen. It is only when a company relies on a large number of suppliers for a small number of products that supply chain risk starts to dominate other risks.

See also:

If you are an industry professional, consider subscribing to the free Risky Thinking Newsletter for articles, insights, and commentary on risk, business continuity, and security. It's low volume: we don't send out the newsletter unless there is something interesting to say!

Errors or Omissions? Contact us and let us know!