The ISO 22301:2019 – Security and Resilience, Business Continuity Management Systems – Requirements (BCMS) was developed by stakeholders for use in all organizations concerned with the ability to maintain business operations through preparation to face any disruption of operations and prevent meeting objectives.
The ISO 22301:2012 Societal Security – Business Continuity Management Systems – Requirements revision is replaced by this ISO 22301:2019 Security and Resilience, Business Continuity Management Systems – Requirements. Those already certified have a 3-year window to upgrade to the new ISO 22301:2019 – Security and Resilience, Business Continuity Management Systems. Audits will continue for the ISO 22301:2012 revision through April, 30, 2021 providing time for realignment to the new standard. Any certifications to the old revision will be invalid after October 30, 2022.
This International Standard, ISO 22301 was the first High Level Structure standard developed by ISO. 2019 ISO 22301:2019 – Security and Resilience, Business Continuity Management Systems details requirements of Business Continuity Management System (BCMS). Successful implementation is dependent on the organizations ability to understand its capabilities and complete identification of current as well as potential risks to address. Once implemented, Adherence to this standard prepares the organization through establishment of a core planning team from multiple disciplines appointed buy top management. The Core BCMS Planning Team that defines:
- A business continuity statement which includes
- The high priority of the program
- The plan purpose for involvement of the entire business
- The team structure
- Details of authority & reporting
- The BCMS Plan which includes
- Work schedules
- Plan deliverables
- Deadlines
- Budgetary confines
This ISO 22301:2019 certification standard is now aligned with ISO 9001:2015 and has the same 10 elements High-Level Structure with modification to Element 8. Restructuring of Element 8 has been implemented to realign content, remove redundancies and simplify terminology. Guidance information in the beginning of the ISO 22301:2012 previous revision has been removed and replaced with the newly released ISO 22313:2020 Security and Resilience – Business Continuity Management Systems – Guidance on the Use of ISO 22301 to expand information implementation.
ISO 22313:2020 standard provides complete guidance on how to implement ISO 22301.
ISO 22301:2019 certification with its comprehensive approach to business continuity requirements, is recognized throughout the world. It provides all business operations with a suitable qualification for customer approval – as well as improving the organization’s image in the eyes of the authorities. ISO 22301:2019 standard applies to all industries and business sectors that we service such as but not limited to:
- Automotive
- Aerospace
- Food
- Packaging
- Telecommunications
- Textile
- Paper & Pulp
- Processing materials
- Medical devices
The ISO 22301:2019 standard provides important guidelines for all businesses, operations, and disciplines and the opportunity to address potential crisis planning including recently identified viral / health disasters such as Covid 19.
To meet ISO 22301:2019 standard requirements, the Disaster Recovery Plan is essential which includes instructions on social distancing, increased sanitation, body temperature monitoring, and use of Personal Protective Equipment (PPE).
For manufacturers or any product handling organizations the Disaster Recovery Plan must cover the initial handling of incoming raw materials, all manufacturing / production, or handling processes, packaging, storage, preservation, and dispatch. The transportation and delivery processes also play a critical role under this COVID-19 outbreak in dealing with potential virus contraction through individuals handling raw material receipt and shipping of finished product all the way to delivery process.
The ISO 22301:2019 system is based on the common High Level Structure of ISO 9001:2015 and can be easily integrated to support multiple other standards including but not limited to any of the following standards with strong connections to disaster preparation:
- IATF 16949:2016 Automotive Quality Management System.
- FSSC 22000 Scheme v5, 05/19 with ISO 22000:2018 Food Safety Management. Systems – Requirements for any Organization in the Food Chain.
- ISO 14001:2015 Environmental Management Systems – Requirements with Guidance for Use.
- ISO 14971:2019 Medical Devices – Application of Risk Management to Medical Devices.
- ISO 15189:2018 Medical Laboratories – Requirements for Quality and Competence.
- ISO 15378:2017 Primary Packaging Materials for Medicinal Products — Particular Requirements for the Application of ISO 9001:2015, with Reference to Good Manufacturing Practice (GMP).
- ISO 17025:2017 Quality Management Systems for Laboratories.
- ISO 45001:2018 Occupational Health & Safety Quality Management.
Who Should Get ISO 22301:2019 Certification?
- Any facility offering Products or Services desirous of having a globally acceptable Security and Resilience, Business Continuity Management System needs to get certified to ISO 22301:2019.
- Any facility wanting assurance for customers that plans have been made to address contingencies to minimize the impact of the occurrence and enable capability to provide product or services in a safe manner during most circumstances and protect customer from consequences.
- Any facility needing a complete Business Continuity System which covers all aspects of operations in one single system for security, resilience and business must have ISO 22301:2019 certification.
- Any facility wanting the interests of all stake holders protected by a system that requires robust provisions for mitigating risks and preparing for potential disasters such as Covid-19 in their operations, processes or services must get ISO 22301:2019.
- Any facility desirous of having a strong marketing tool to showcase their commitment to contingency preparation that enables consistent capabilities through disaster mitigation during emergency situations.
- All businesses, operations, and organizations needing disciplines in place to periodically review BCMS flexibility and effectiveness of security and crisis management
- Any facility whose management wants to have one single comprehensive BCMS capable of integration of other standards and providing protection of output during emergency situations.
Process for Getting ISO 22301:2019 Certification
- Process ISO 22301:2019 certification starts with preparation of the Security and Resilience, Business Continuity Management Systems – Requirements System (BCMS).
- ISO 22301:2019 Consultants assist in developing a comprehensive, BCMS to meet all requirements of ISO 22301:2019 and Third-Party Registrar Certification Body stage 1 audit requirements. The stage 1 audit for ISO 22301:2019 is to review BCMS for compliance with ISO 22301:2019. This process is also termed as Pre-Audit.
- An ISO 22301:2019 consulting firm provides the techniques for implementation, and trains organization’s internal auditors to become competent to perform internal audits or provides ISO 22301:2019 Internal Auditing Services to audit all processes, all ISO 22301:2019 Standard requirements and effective implementation of the ISO 22301:2019 Standard.
- Facilities need to initiate corrective actions and continual improvement is realized through control of nonconforming products / services.
- Facilities need to implement the prepared BCMS for a minimum of 3 months and gather adequate data and record to show as evidence prior to ISO 22301:2019 Certification Audit.
- Managements of the facilities need to conduct one full scale review of the entire BCMS and ensure its adequacy for their organization. Management Team needs to identify Action items to make corrections to any ISO 22301:2019 certification requirement not being fulfilled.
- Once BCMS is ready, one full cycle of Internal Audits is performed and one Management Review conducted prior to contacting Registrar for ISO 22301:2019 certification audit
- Qualified and competent consultants and auditors conduct audit on ISO 22301:2019 for compliance.
- Once the Facility passes ISO 22301:2019 compliance audit successfully, the Registrar issues compliance certificate to ISO 22301:2019.
- Compliance certificate to ISO 22301:2019 Standard may avoid regulatory audits from Government agencies.
ISO 22301:2019 Consulting, Auditing and Training Services from QSE
- Quality Management Consultants can prepare your facilities to have an ISO 22301:2019 Security and Resilience, Business Continuity Management Systems – Requirements (BCMS) and associated documents/records to show as evidence of having implemented the system.
- QSE Consulting is the practice of assisting small, medium and large organizations in developing, training, implementing, and maintaining a documented Security and Resilience, Business Continuity Management Systems – Requirements System (BCMS) for achieving ISO 22301:2019 certification.
- In addition to having a system, the same is required to be audited periodically per a determined schedule to ensure that designed systems are being followed and controls are being exercised.
- The audits performed by a team within the facility is called 1st Party Audit. Audits performed by consultant firms like Quality Systems Enhancement is known as a second party audit. Audit conducted by Certification Body is known as 3rd party audit.
- 3rd Party audit is conducted by a qualified Registrar with the accredited authority to perform certification audits and issue an ISO 22301:2019 Certificate.
- QSE consultants assist organizations to effectively control documented information (Documents and Records) related to changes, conducting ISO management review meetings covering all management review inputs (Per ISO 22301:2019).
- QSE consultants will ensure that certification is achieved with no or minimum nonconformities first time around.
- It is necessary to build a robust system that trains and compels employees understand and adhere to defined roles, responsibilities, procedures and controls to ensure continuity. QSE will assist in implementing required training and awareness.
- QSE Consultants provide training to top level management as well as operations and office personnel in Risk-Based Thinking, Process Approach, and Continual Improvement including the employees’ role in achieving improvement.
Why Is Consulting Required for Security and Resilience, Business Continuity Management ISO 22301:2019 Standard?
- The ISO 22301:2019 Standard dedicated to build BCMS and pave way for continual improvement in any facility. Implementation of his standard is the foundation for an effective Business Continuity Management System.
- The ISO 22301:2019 Standard has a 10 element High Level Structure with ISO 9001 quality management principles as guiding philosophy.
- A good consultant firm can provide detailed explanation on the intent of the standard and develop a simplistic Security and Resilience, Business Continuity Management System (BCMS) that address all clauses, sub-clauses, and requirements of the standard.
- A comprehensive BCMS can create confidence in customers and provide answers to all questions from certification auditors.
- An ISO 22301:2019 Standard consulting firm provides experience in the techniques for developing and implementing the
- Consulting firm such as QSE provides auditing services to help the facility to verify the accuracy and adequacy of implementation through ISO 22301:2019 Internal Audits.
- Consultants can be utilized to perform Internal Quality Audit and assist in confirming thoroughness of root cause to help in making correction and taking corrective actions.
- Annual surveillance audits are conducted to ensure implementation effectiveness of established ISO 22301:2019
- Thoroughness of preparation and ease of ISO 22301:2019 certification achievement by utilizing all of QSE’s 10-Step Approach.
- The ISO 22301:2019 certification is renewable every three years.
QSE Difference in Training, Auditing & Consulting Services:
- Quality Systems Enhancement Inc. (QSE) is a Premier Consulting, Auditing and Training firm with over 27 Years’ experience in assisting with any ISO Standard, Sector Specific Standard, AISC Standard, and all Food Safety
- QSE provides On-Site and On-line Training for ISO 22301:2019-16 Awareness and Effective Implementation along with Internal Auditing.
- QSE’s ISO 22301 Consultants have helped over 700 facilities to earn their ISO certifications and other certifications.
- All QSE customers have passed ISO 22301 certification audits with no or minimum nonconformities.
- Over 98 % of QSE customers passed ISO 22301 certification audits with no nonconformity first time around. QSE has a 100 % success rate in obtaining certifications for its customers.
- Unlike our competitors, QSE provides a unique, comprehensive, evidence based, simplified single level, documentation system comprehensively encompassing all requirements for four levels to achieve ISO 22301 compliance which is easy to implement and provides evidence for implementation to earn ISO 22301 certification.
- QSE’s “Quote to Cash” concept addresses all manufacturing and non-manufacturing processes for process improvement, in other words, all activities from submission of quotes, processing of the order, quality control, dispatch to the customer, and receive cash. All processes are covered.
- QSE Consultant’s Internal Audits of ISO 22301 is an effective management tool for run any business using the “Quote to Cash” approach for all processes to enhance customer satisfaction and Bottom-Line
- QSE’s designed ISO 22301 templates are tried and tested for thorough coverage of all standard requirements, accuracy and correctness and provide objective evidence during internal audits and ISO certification audits.
- QSE’s ISO 22301 simplified system is evidence based, and it is easy to implement, easy to use and easy to audit and can be integrated with many other ISO management system standards.
- QSE ‘s ISO 22301 evidence-based system with proven lists, forms and tables results in ISO certification with minimum or no nonconformities.
- QSE utilizes competent ISO 22301 auditors to conduct internal audits or supplier audits.
- President QSE, Baskar Kotte is an original and an active member of ISO/US TAG/TC 176, the Technical Committee that originally developed the ISO 9000 family of standards, ISO/US TAG/TC 207 which developed the ISO 14000 family of standards, ISO/US TAG/ TC 301 (TC 242) which developed ISO 45001 and ISO 19011 the Guiding Standards for Auditing. Mr. Kotte also participated and provided input to the development of the current ISO 45001:2015, ISO 140001:2015, ISO 45001:2018 family of Standards and ISO 19011:2018 revised standards. of certified OHSMS.
- The ISO 22301:2019 Standard certification is renewable every three years.
Benefits of Having ISO 22301:2019 Certification:
- ISO 22301:2019 Standard requires development of the necessary risk mitigation measures that minimize / prevent the impact of potential disasters.
- Through comprehensive risk assessment criteria, ISO 22301:2019 presents an opportunity for organizations to identify potential for failure and weaknesses in their business management systems that may expose the company, employees, and customers to potential risk.
- ISO 22301 has been critical in promoting the development of disaster and contingency planning and implementation of risk assessment and risk prevention activities for inclusive security, resilience and risk protection.
- Through a good risk assessment of the organization processes, there has been considerable development of cost-effective production by implementing ISO 22301.
- ISO 22301 certification provides consistency and confidence in effective management and operational continuity.
- ISO 22301:2019 implementation provides a simple and singular management strategy that covers a multi-dimensional organization to mitigate potential crisis impacts.
- ISO 22301:2019 assists in fulfillment of legal requirements.
