ISO 22313:2020 pdf download – Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301.
4.3 Determining the scope of the business continuity management system 4.3.1 General The purpose of determining the scope of the BCMS is to identify its boundaries and applicability to ensure coverage of all relevant products and services, activities, locations, resources, suppliers and other dependencies. The scope should address the issues identified in 4.1, the requirements of interested parties determined in 4.2, and the organization’s mission, goals and obligations. The organization should prepare a statement that sets out the scope of the BCMS in a manner and in terms appropriate to the size, nature and complexity of the organization. The statement should be available to interested parties. 4.3.2 Scope of the business continuity management system The organization should: a) establish, by reference to products and services, the parts of the organization that are included within or excluded from the scope of the BCMS, for example: 1) only including delivery of a specific product to a country or region; 2) excluding a product that is no longer viable or is of low value to the organization; 3) only including a sub-set of products and services; b) identify the organization’s products and services in a manner that enables all related activities, resources and supply chains to be identified. The scope may: — include an indication of the scale or magnitude of incident that the BCMS will address; — identify how the BCMS fits into the organization’s business strategy and approach to risk management. 4.3.3 Exclusions to scope The scope determines the locations, products and services, activities and resources to which the BCMS applies. It follows that all dependencies will be in scope even if they have not been explicitly identified in the scope statement.
4.4 Business continuity management system The purpose of this subclause is to emphasize the need for the organization to implement and maintain processes that will enable the BCMS to meet the requirements of ISO 22301, including interactions between the processes. In determining the processes and their application throughout the organization, the organization should: a) determine the inputs required and the outputs expected from these processes; b) determine the sequence and interaction of these processes; c) determine and apply the criteria and methods (including monitoring, measurements and related performance indicators) needed to ensure the effective operation and control of these processes; d) determine the resources needed for these processes and ensure their availability; e) assign the responsibilities and authorities for these processes; f) address the risks and opportunities as determined in 6.1; g) evaluate these processes and implement any changes needed to ensure that these processes achieve their intended results; h) improve the processes and the BCMS. To the extent necessary, the organization should: — maintain documented information to support the operation of its processes; — retain documented information to have confidence that the processes are being carried out as planned.
ISO 22313:2020 pdf download – Security and resilience — Business continuity management systems — Guidance on the use of ISO 22301
Note:
If you can share this website on your Facebook,Twitter or others,I will share more.