This International Standard specifies requirements for setting up and managing an effective Business Continuity Management System (BCMS)
A BCMS emphasizes the importance of
- understanding the organization’s needs and the necessity for establishing business continuity management policy and objectives
- implementing and operating controls and measures for managing an organization’s overall capability to manage disruptive incidents
- monitoring and reviewing the performance and effectiveness of the BCMS, and
- continual improvement based on objective measurement
A BCMS, like any other management system, has the following key components:
- a policy
- people with defined responsibilities
- management processes relating to
3) implementation and operation
4) performance assessment
5) management review, and
- documentation providing auditable evidence: and
- any business continuity management processes relevant to the organization.
This International Standard applies the “Plan-Do-Check-Act” (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organization’s BCMS.
This ensures a degree of consistency with other management systems standards, such a sISO9001 quality management, ISO114001 environmental management system, ISO/IEC 27001 information security management systems, ISO/IEC 20000-1 information technology ? Service management, and ISO28000 specification for security management systems for the supply chain, thereby supporting consistent and integrated implantation and operation with related management systems.
Figure1 illustrates how a BCMS takes as inputs interested parties, requirements for continuity management and, through the necessary actions and processes, produces continuity outcomes (i.c. managed business continuity) that meet those requirements.
Table1 – Explanation of OCDA model
|Establish business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity in order to deliver results that align with the organization’s overall policies and objectives|
(Implement and operate)
|Implement and operate the business continuity policy, controls, processes and procedures|
(Monitor and review)
|Monitor and review performance against business continuity policy and objectives, report the results to management for reviews, and determine and authorize actions for remediation and improvement|
(Maintain and improve)
|Maintain and improve the BCMS by taking corrective action, based on the results of management review and reappraising the scope of the BCMS and business continuity policy and objectives|
was accredited by IAFCB