Icon-facebook Linkedin Icon-youtube-v Icon-instagram-1
Get Started

Embracing the Guidance of ISO 22313

Categories

Latest Post

Have Any Question?

Got a question? We’re here to help!

ISO 22313 Guidance
Facebook
Twitter
LinkedIn
Pinterest

When I first opened ISO 22313, the guidance standard on business continuity management, I was skeptical. But, as it turns out, my doubts were misplaced. This standard proves to be a valuable complement to ISO 22301. Here’s what I discovered:

Similarities and Differences

If you’ve delved into ISO 27001 and ISO 27002, you’ll find a similar relationship between ISO 22301 (published in May 2012) and ISO 22313 (published in December 2012). ISO 22301 serves as the primary standard, outlining the framework for business continuity management. Meanwhile, ISO 22313 acts as a supplementary standard, aiding in the implementation of ISO 22301.

The key difference is that ISO 22301 specifies stringent requirements. To be certified, an organization must fully comply with the standard, which uses terms like “shall” and “must.” On the other hand, ISO 22313 offers guidance and best practices for fulfilling ISO 22301’s requirements. It is more flexible, using terms like “should” and “may.” Therefore, certification is possible only against ISO 22301, not ISO 22313.

Where ISO 22313 Shines

ISO 22313 is particularly useful in areas where ISO 22301 lacks detail. Here are some highlights:

  1. Strategy Options for Resources (Clauses 8.3.1 and 8.3.2):

    • Suggested strategies for protecting prioritized activities and resources

    • Guidance on what can be excluded from BCMS based on cost

    • Options to mitigate impact and duration of incidents

    • Techniques for evaluating supplier business continuity capabilities

    • Strategies for people, relocation procedures, backup types, worksites, ICT systems, and more

  2. Content of Business Continuity Procedures/Plans (Clause 8.4):

    • Incident communication procedures

    • Business continuity procedures

    • Incident management team location

    • Communication procedures

    • Safety and welfare procedures

    • Salvage and security procedures

    • Procedures for resuming activities

    • ICT continuity procedures

Additional Useful Guidance in ISO 22313

ISO 22313 provides valuable guidance in several other clauses:

  • 4.2.1 – Examples of interested parties

  • 4.2.2 – List of relevant legislation

  • 5.3 – Items to include in the Business Continuity Policy

  • 5.4 – Explanation of BCMS roles and responsibilities

  • 6.2 – Examples of BCMS goals

  • 7.1 – Required BCMS resources

  • 7.2 and 7.3 – Competence development programs, types of training, team structures, and awareness programs

  • 7.5.1 – Required documentation

  • 8.1.4 – Metrics for measuring BCMS effectiveness

  • 8.2.2 – Elements of Business Impact Analysis (BIA)

  • 8.2.3 – Typical elements in risk assessment

  • 8.4.5 – Assessment procedure content

  • 8.5.2 – Exercise program content

  • 8.5.3 – Objectives for business continuity exercises

  • 9.1.2 – Evaluation checklist for business continuity procedures and post-incident review content

In summary, unless you’re an experienced BCM consultant or implementer, both ISO 22301 and ISO 22313 are worth obtaining. They may be an investment, but the return will be swift and invaluable.

Get in Touch

Need some help? Contact us now. We respond quickly.

Contact Us

Management Excellence and Business Consultancy, Expert Support, Ready-made Solutions, and High-Quality Training for ISO Management Systems.

Icon-youtube-v Linkedin Icon-instagram-1 Icon-facebook Icon-twitter

Products

Resources

Standards

Help

Copyright © 2024 Exoexcellence, All rights reserved.