Bill DiMartini led the work on behalf of ISO/TC 292 Working Group 2 Continuity and organizational resilience. Guidelines for the development of business continuity plans and procedures is a key process designed to provide a common approach to document business continuity plans and procedures once business continuity strategies have been approved (see ISO 22331:2018 guidance). This Technical Specification complements specific requirements documented in Clause 8.4 of ISO 22301:2019, but is not in itself a business continuity management system standard. It is not intended to be used for certification purposes (but assists with meeting requirements noted in ISO 22301, and is consistent with guidance in ISO 22313).
While ISO 22313 provides guidance on the requirements of ISO 22301 regarding methods to create plans and procedures, it does not provide sufficient detail regarding methods to create such procedures, as well as how to organize the procedures in the form of plans.
The content includes details on the following:
- Response structure and approach
- Types of business continuity plans and procedures
- Business continuity plan and procedures content
- Plans for response to specific disruptions
- Guidance on documenting plans
- Plan controls, storage and availability
- Guidance on next steps following development of plans and procedures
- Monitoring and reviewing business continuity plans and procedures
James Crask, the convenor of WG 2, explains:
”Without high quality Business Continuity Plans a response to a disruption is likely lead to costly mistakes and delays. But knowing where to start in building plans can be challenging. ISO 22332 helps to demystify the process and acts as an important document in the Business Continuity Management series providing practical guidance to those tasked with preparing high quality and effective response and recovery plans.”
Fiona Raymond-Cox, Raymond-Cox Consulting, USA states:
“Interpreting how to comply (or align) with an ISO Standard is not always straightforward. In creating this Technical Specification, the Working Group has sought to include the elements that should be factored into developing robust business continuity plans and procedures that will ultimately guide those that have been tasked with responding to disruptions. The objective is to have a complete set of detailed communication, emergency management, incident response, crisis management, recovery and restoration plans to ensure the continued delivery of products and services.”
Gianna Detoni, Panta Ray, Italy adds that:
“This technical specification will assist practitioners to develop plans and procedures to collect and formalize the decisions made during the ‘strategies and solutions’ phase of the business continuity management system and to document other plans to respond to specific disruptions. It is an important international standard that will help the readers to organize, develop, implement and maintain the plans and procedures in line with ISO 22301:2019.”
ISO 22332:2021, Security and resilience — Guidelines for developing business continuity plans and procedures, is available from ISO national member institutes. It may also be obtained directly from the ISO Central Secretariat, respectively through the ISO Store or by contacting the Marketing, Communication & Information department.