WhatsApp +65 3159 1803

ISO 22301 Certification

ISO 22301 Certification

IAS is pleased to announce that the new ISO 22301 certification is now in effect. The latest version 2019 is released. IAS is issuing ISO 22301 certification against this latest version. This new standard ensures that we continue to meet not only our customers’ demands, but also exceed expectations with high-quality service and support while constantly improving what we do.

About ISO 22301:2019

ISO 22301 specifies the requirements for establishing, implementing, maintaining, and continually improving a documented Information Security Management System within the context of the organization’s overall business continuity management system.

It is designed to help organizations minimize risks with better planning, implementation and improvement. It also establishes more efficient ways of operating by providing clear guidelines for dealing with threats and vulnerabilities, developing and implementing appropriate policies, procedures, plans, and agreements.

It can be used by any organization, of any size, in both the public (including CIOs) and private (including CSOs) sectors. It includes practices that are required to successfully achieve effective security management.

The need for a documented Information Security Management System in an organization is mandatory when the organization has implemented one or more standards in a family of standards, including ISO 27001. This will typically be when working in sensitive markets such as so-called “regulated environments” where legal, financial, operational, and/or reputational risks are considered to be heightened.

Organizations operating in one or more of these sensitive markets are advised to have procedures, practices, and policies that are specific to their own business environment. These may include additional provisions over and above ISO 22301. This may include:

  • Providing for different or expanded service delivery and support processes to meet specific needs and requirements of those markets.
  • Establishing a requirement that ISO 22301 certification is maintained as an ongoing commitment within the overall business continuity management system.

ISO 22301 does not diminish existing legal, contractual or regulatory obligations, which may impose additional requirements on organizations.

ISO 22301 Certification

ISO 22301 certification is not a one-time achievement, but rather a process that needs to be maintained on an ongoing basis. This can be achieved through a documented Management Review that evaluates a number of factors including organizational resilience and business continuity performance, the effectiveness of security controls implementations, risks identification, and risk treatment plans.

The advantage of ISO 22301 Certification

  • ISO 22301 certification provides independent recognition that an organization’s Information Security Management System is being effectively managed.
  • It helps organizations to demonstrate compliance with the requirements of ISO 27001.
  • It also ensures they benefit from risk reduction, reputation improvement and cost avoidance for their business continuity programs.
  • The requirements of ISO 22301 can also be used as a benchmark for auditors to better understand the business continuity culture within an organization.

An organization that has been certified against ISO 22301:2019 will benefit from accelerated credibility and market recognition through their closer alignment to industry best practices.

Steps to achieving ISO 22301 Certification

Step1: Preassessment of ISO 22301 System, or Partial Certification, or Registration

Step2: Initial Assessment – This is to check the organization’s preparedness for a detailed audit.

Step3: Full Certification – The final stage in the assessment process is when an auditor formally recognizes that the organization has successfully met all necessary requirements.

  • This certification period will depend on the organization’s business continuity maturity and in particular, how well prepared they are in regards to:
  • Their ability to implement and maintain documented plans.
  • The requirement for strong business continuity governance and senior management involvement.
  • The need for an effective communication plan to manage the recovery process.

Step4: ISO 22301 Maintenance – At least once a year, the organization should carry out a documented Management Review of their Business Continuity Management System (BCMS). It is during this stage that organizations will be required to demonstrate that the system is effective, that risks are being addressed proactively, and that they have maintained their ISO 22301 certification.

The period of your actual ISO 22301 Certification will depend on your organization’s business continuity maturity. You can renew it either annually or at the time of a Management Review.

How long does it take to get ISO 22301 certification?

Certification of ISO 22301 can be completed in 1-2 months. Generally, this really depends on a large number of factors such as documentation, implementation, and Auditing. From the Scratch to Certification, smaller organizations may need 3 to 6 months, organizations with up to 500 people will need 8 to 12 months, and larger organizations 12 months or more.