ISO22301 Toolkit Implementation Guide
And an additional option: •
ISO22301 Enhanced Gap Assessment Tool
Before embarking on a project to achieve compliance (and possibly certification) to the ISO22301 standard it is very important to secure the commitment of top management to the idea. This is probably the single most significant factor in whether such a project (and the ongoing operation of the BCMS afterwards) will be successful. Indeed, “Leadership” has its own section within the standard and without it there is a danger that the BCMS will not be taken seriously by the rest of the organization and the resources necessary to make it work may not be available. The first questions top management are likely to ask about a proposal to become certified to the ISO22301 standard are probably: • • • •
What are the benefits – why should we do it? How much will it cost? How long will it take? What are the potential disruptions to the organization?
Our recommendation is to conduct a business impact analysis (BIA) first; this would provide the information on the potential disruptions, the resources required both materially and fiscally and give a better idea of the amount of work that would be required to populate the business continuity plans. In order to help answer these questions the CertiKit ISO22301 Toolkit provides a number of resources. The Business Impact Analysis Process and Business Impact Analysis Report in section 8 – Operations folder of the toolkit provide the information needed to conduct a BIA. They include the resources required, the information needed and how it is assessed and the potential impact to the continuity of ‘business as normal’ due to specific disruptions. This will provide the information used to populate the BIA Report. This is a powerful document which clearly lays out for top management the potential loss to the organization of money, potential reputation, and customers caused by identified disruption scenarios. Conducted prior to the gap analysis, it will help build the business case for the BCMS. The ISO22301 Gap Assessment Tool is an Excel workbook that provides a way of quantifying to what extent your organization currently meets the requirements contained within the standard. By performing this gap assessment, you will gain a better appreciation of how much work may be involved in getting to a point where a certification audit is possible. The Tool breaks the standard down by area and section and a series of key questions are asked in order to assess how close to meeting the standard your organization is. The questions are designed to address the main requirements of the standard and a positive answer means that you are likely to be conformant. It includes a dashboard of tables and
Version 6
certikit.com
Page 10 of 37