ISO 22313-2020 pdf download

ISO 22313-2020 pdf download.Security and resilience – Business continuity management systems – Guidance on the use of ISO 22301. This document is not intended to be used to assess an organization’s ability to meet its own business continuity needs, or any customer, legal or regulatory needs. Organizations wishing to do so can use the requirements in ISO 22301. CJaiise1 to in this document set out the scope, normative references and terms and definitions that apply to the use of this document. Clauses 4 to IQ contain guidance on the requirements given in ISO 22301, In this document, the following verbal forms are used: a) “should indicates a recommendation; b) “may” indicates a permission; c) “can indicates a possibility or a capability. 0.6 Business continuity Business continuity is the capability of the organization to continue delivery of products or services at acceptable predefined capacities following a disruption. Business continuity management is the process of implementing and maintaining business continuity (see &12 and Figure 5) in order to prevent loss and prepare for, mitigate and manage disruptions. Establishing a BCMS enables the organization to control, evaluate and continually improve its business continuity. In this document, the word “business is used as an all-embracing term for the operations and services performed by an organization in pursuit of its objectives, goals or mission. As such, It is equally applicable to large, medium and small organizations operating in industrial, commercial, public and not-for-profit sectors. Disruptions have the potential to interrupt the organization’s entire operations and its ability to deliver products and services. However, implementing a BCMS before a disruption occurs, rather than responding in an unplanned manner after the incident, will enable the organization to resume operations before unacceptable levels of impact arise. Business continuity management involves: a) identifying the organization’s products and services and the activities that deliver them; b) analysing the impacts of not resuming the activities and the resources they depend on; c) understanding the risk of disruption; d) determining priorities, time frames, capacities and strategies for resuming the delivery of products and services; e) having solutions and plans in place to resume the activities within the required time frames following a disruption; 1) making sure that these arrangements are routinely reviewed and updated so that they will be effective in all circumstances. The organization’s approach to business continuity management and its documented information should be appropriate to its context (e.g. operating...