IAS is pleased to announce that the new ISO 22301 certification is now in effect. The latest version 2019 is released. IAS is issuing ISO 22301 certification against this latest version. This new standard ensures that we continue to meet not only our customers’ demands, but also exceed expectations with high-quality service and support while constantly improving what we do.
ISO 22301 specifies the requirements for establishing, implementing, maintaining, and continually improving a documented Information Security Management System within the context of the organization’s overall business continuity management system.
It is designed to help organizations minimize risks with better planning, implementation and improvement. It also establishes more efficient ways of operating by providing clear guidelines for dealing with threats and vulnerabilities, developing and implementing appropriate policies, procedures, plans, and agreements.
It can be used by any organization, of any size, in both the public (including CIOs) and private (including CSOs) sectors. It includes practices that are required to successfully achieve effective security management.
The need for a documented Information Security Management System in an organization is mandatory when the organization has implemented one or more standards in a family of standards, including ISO 27001. This will typically be when working in sensitive markets such as so-called “regulated environments” where legal, financial, operational, and/or reputational risks are considered to be heightened.
Organizations operating in one or more of these sensitive markets are advised to have procedures, practices, and policies that are specific to their own business environment. These may include additional provisions over and above ISO 22301. This may include:
ISO 22301 does not diminish existing legal, contractual or regulatory obligations, which may impose additional requirements on organizations.
ISO 22301 certification is not a one-time achievement, but rather a process that needs to be maintained on an ongoing basis. This can be achieved through a documented Management Review that evaluates a number of factors including organizational resilience and business continuity performance, the effectiveness of security controls implementations, risks identification, and risk treatment plans.
An organization that has been certified against ISO 22301:2019 will benefit from accelerated credibility and market recognition through their closer alignment to industry best practices.
Step1: Preassessment of ISO 22301 System, or Partial Certification, or Registration
Step2: Initial Assessment – This is to check the organization’s preparedness for a detailed audit.
Step3: Full Certification – The final stage in the assessment process is when an auditor formally recognizes that the organization has successfully met all necessary requirements.
Step4: ISO 22301 Maintenance – At least once a year, the organization should carry out a documented Management Review of their Business Continuity Management System (BCMS). It is during this stage that organizations will be required to demonstrate that the system is effective, that risks are being addressed proactively, and that they have maintained their ISO 22301 certification.
The period of your actual ISO 22301 Certification will depend on your organization’s business continuity maturity. You can renew it either annually or at the time of a Management Review.
Certification of ISO 22301 can be completed in 1-2 months. Generally, this really depends on a large number of factors such as documentation, implementation, and Auditing. From the Scratch to Certification, smaller organizations may need 3 to 6 months, organizations with up to 500 people will need 8 to 12 months, and larger organizations 12 months or more.