ISO22301 for business continuity provides an international standard against which businesses can now be audited and awarded a certification of compliance. But, for those tasked with putting the Business Continuity Management (BCM) systems in place, the standard offers little or no guidance about how to put the processes in place to satisfy the auditors that the company is complying with the standard.
Humbulani Sigidane, BCM advisor at ContinuitySA says that training offers a way for corporate executives who take on the BCM responsibility to come to grips with what the standard means in practical terms.
“ISO22301 standard is essentially what the company will get audited against, but the ISO document itself doesn’t specify what the company’s BCM programme and activities need to look like in order to be judged compliant with the standard,” Sigidane explains. “It’s the old problem of turning theory into practice, you could say.”
Having recently completed ContinuitySA’s Lead Implementer for ISO22301 training, a five-day course, Sigidane says that the detailed training did a great job of showing how to create an action plan for implementing and managing a BCM system based on the standard. Each module, he says, breaks down the various elements of the standard in order to understand what actions need to be taken in order to plan and then implement a BCM system.
“The training first helps you to understand what the goals of each clause in the standard are, why you would want to achieve them, and then how to do it,” Sigidane says. “It basically aligns the plan/ do/ check/ act Deming cycle renowned with ISO standards with BCM best practices.”
Another big benefit of the training is that it gives the BCM implementer insight into various specialist disciplines that are part of the broader BCM environment, and that he or she might not understand, especially given that BCM practitioners frequently have a project management background. Examples of these specialist areas include the audit process itself (what are auditors looking for?), writing a business continuity policy and general risk management.
The fifth day of training is an examination which can be rewritten if necessary during the following 12 months. ContinuitySA’s Lead Implementer for ISO22301 training is accredited by the Professional Evaluation and Certification Board (PECB), and the examination is recognised by the American National Standards Institute (ANSI). Candidates that successfully completed the training and exam and can demonstrate prior BCM experience are then awarded an ISO 22301 Lead Implementer certification.
“The certifications mean that the training helps to build a career in BCM but, even more important, it makes you much more effective in your job,” Sigidane concludes.