The ISO 22301 standard is the standard that defines the requirements that must be respected by an Operating Continuity Management System in order to guarantee the Organization’s ability to protect itself against destructive events that can directly or indirectly affect it and to recover its operations in an organized way, with the goal to protect its own Customers.
The requirements specified by the standard can be applied to the whole Organization or a part of it, regardless of the nature, type and size of the Organization itself. The degree of application of the requirements of ISO 22301 standard depends on the environment in which the organization operates and on its complexity.
The Operational Continuity Management System must take into consideration the legal requirements, the reference standards, the products and services provided by the Organization, its processes and the requirements of the Interested Parties, first of all the Customers.
The Operational Continuity Plan must provide procedures that guide the Organization to respond and restore operations to a predefined level after a destructive event and guarantee the supply continuity to the Customers. It must provide for initiatives to be implemented following emergencies that are typically not addressed by the company’s normal management policy such as, for example, a natural disaster (earthquake or flood), the consequences of a terrorist act or a long-lasting power outage or the detention of a critical supplier along the supply chain. The plan must allow the company to overcome an emergency phase while safeguarding its ability to meet the needs of customers and stakeholders and minimizing damage from a managerial point of view.
The Operational Continuity Management System must be able to minimize the consequences caused by an incident, which can have impact on:
– Employees safety
– Environment
– Loss of productive resources (infrastructures, equipment, plants)
– Supplies
– Economic losses, Customers loss or a possible loss of market share
The procedures established by a Business Continuity Management System must therefore address all operational aspects both inside and outside the company and the relationship with the parties involved. They must be tailored to the specific characteristics and needs of each company.
The method proposed by NeM for the achievement of the ISO 22301 certification is described in the section “THE PATH TO CERTIFICATION”