In fact, there are many standards for organizations to set up a business continuity system. These standards are aimed at establishing and operating the system and increasing business continuity performance. Specific standards and guidelines are:

  • ISO 22301: 2012 Business Continuity Management System, Terms standard. Today, organizations establish systems and obtain documents based on this standard.
  • ISO 22300: 2012 Business Continuity Management System, Glossary. It is a document explaining the terms of business continuity.
  • ISO 22312: 2011 Business Continuity Management System, Technological competencies. It is a document explaining the research and results of business continuity.
  • ISO 22313: 2012 Business Continuity Management System, Guidance.
  • ISO 27031 Continuity Management System for Information and Communication Technologies
  • ISO 27001 Information Security Management System
  • ISO 20000 Information Technology Service Management System

The objective of all these standards is to ensure that organizations continue their activities without interruption. Organizations identify the activities that are critical for them and fulfill the requirements of the standards, and if they experience a fraction, they are overwhelmed by the least damage. Crisis management plans and business continuity plans are used in advance of the crisis, which gives the organization competitive power.

According to this ISO 22301 Business Continuity Management Systemhas two basic principles:

·         Risk analysis studyThe organization should determine the risks it is facing today and the risks that may arise in the future. Risk analysis studies should be done to determine what acceptable interruption times for the organization would be and what critical points would be affected if there were very long interruptions.

·         Business impact analysisThis analysis should be carried out to determine the effect of any interruptions on the activities of the organization. Business impact analysis should be done primarily for activities that are critical to the organization.

Business Continuity will be based on the results of this risk analysis and business impact analysis. If these analyzes are not done correctly, Business Continuity Management System will also be unhealthy. Business continuity strategies are determined according to the results of this analysis. Therefore, when the conditions change, the same analysis should be done again.

For more information on the basic principles of the ISO 22301 Business Continuity Management System, please contact the experienced managers and employees of the TURCERT certification body.