ISO 22331:2018 Security and resilience - Business continuity management systems - Guidelines for business continuity strategy
This Technical Specification provides guidance for performing business continuity strategy determination and selection, which is a requirement of ISO 22301 (clause 8.3). It provides detailed guidance for establishing, implementing and maintaining a formal and documented process for business continuity strategy determination and selection. It is intended to be applicable to all organizations, regardless of type, location, size and nature of the organization.
Brian Zawada (USA), the project leader responsible for the development of ISO 22331, explains:
"Business continuity strategy determination and selection is a foundational process designed to identify strategies that align to management-endorsed business continuity requirements in support of a business continuity response. ISO 22301 requires organizations to determine and select business continuity strategies as part of their business continuity management systems; however, due to ISO 22301's intent to describe the need for business continuity strategy and be applicable to organizations of all types, it provides minimal guidance on how to perform business continuity strategy determination and selection process.
Also, while ISO 22313 provides guidance on the requirements in ISO 22301, it does not provide methodology details or options regarding the performance of recurring business continuity strategy processes. Since determining, selecting and improving business continuity strategy can prove to be a difficult task, this TS will provide pragmatic, detailed guidance on the various methods on how to execute the business continuity strategy determination and selection effort successfully."
Content includes details on how to determine business continuity strategy options that mitigate risk or enable an appropriate response and recovery, perform analysis on strategy options, select the appropriate strategy based on analysis, and receive management endorsement for selected strategies before implementing those strategies.
ISO/TS 22331:2018, Security and resilience - Business continuity management systems - Guidelines for business continuity strategy, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.
Article written by George Huff "ISO 22331, Guidance for Business Continuity Strategy"