ISO Consultation Certification Services
Our Clint Rating: 4.8 Start Based on 35 users
ISO 22301:2019 Business Continuety Management System-BCMS
ISO 22301 is the Business Continuity Management System standard.Its initially publication in 2012, the ISO 22301 standard has become the international benchmark for business continuity management systems. According to an ISO survey, over 4000 organizations hold an ISO 22301 certificate. BCMS can be applied to all irrespective of Sizde and type of business.
Considering this popularity , ISO published the ISO/DIS 22301:2019 standard on Oct 31st and on transition period of three years. This would mean that all certificates to the 2012 version would ultimately lose their validityby 2022.
Specifically, ISO 22301:2019 is a management system standard for business continuity management follows :
- Understanding the organization’s needs and the necessity for establishing business continuity policies and objectives
- Operating and maintaining processes, capabilities and response structures for ensuring the organization will survive disruptions
- Monitoring and reviewing the performance and effectiveness of the BCMS
- Continual improvement based on qualitative and quantitative measures
Some of the core concepts of ISO 22301
Context of the organization
The environment in which the organization operates including internal and external factors that can have an effect on your business continuity plans.
A person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity. Examples include suppliers, customers or competitors. You may refer to them as stakeholders.
Requirements specific to top management who are defined as a person or group of people who directs and controls an organization at the highest level
The measurement of performance and effectiveness of the BCMS, covering the methods for monitoring, measurement, analysis and evaluation, as applicable, to ensure valid results.
Maximum Acceptable Outage (MAO)
The time it would take for adverse impacts to become unacceptable. This is the same as ‘maximum tolerable period of disruption (MTPD)’.
Minimum Business Continuity Objective (MBCO)
The minimum level of services and/or products that is acceptable to the organization to achieve its business objectives during a disruption.
Order and timing of recovery for critical activities.
Warning and communication
Activities undertaken during an incident
About ISO 22301:2019
The new version of the ISO 22301 standard for Business Continuity Management Systems (BCMS) is more understable texts, more flexibility; less prescriptiveness, more pragmatism,deleted duplications.Although the revision does not bring drastic changes, the new version of the standard is a definite improvement and will bring even more value to its users
Compliance with the ISO 22301:2019 standard is mandatory for certification, but it alone doesn’t guarantee the capacity of an organization to respond to and survive a disruptive incident.Using the process approach is useful to create a link between requirements, policies, objectives, performance, and actions.
A process approach is a good way to organize and manage business continuity activities to create value for an organization and other interested parties. So, by implementing a process approach for business continuity, an organization can have a better view about how each step contributes to the main objectives of enduring and outstrip a disruptive incident, allowing it to quickly identify problematic points in performing the process.
Business continuity objectives should be established and communicated at appropriate levels and intervals, having considered business continuity policy alignment, minimum levels of delivery of products and services, and compliance obligations.Take quick action in terms of what needs to be done, when it needs to be done by, what resources are required to achieve them, who is responsible for the objectives, and how results are to be measured and evaluated, to ensure objectives are being achieved and can be updated when required. Again, it is important that documented information is kept outlining the business continuity objectives.
Improve response will minimise the overall impact of incident
BCMS will help business leaders to assess the potential impacts of an operational disruption and to take the right decisions wisely
BCPs Implement comprehensive and tailored
Increase robust response and recovery procedures
Improve your company reputation
Enhance the knowlegde ,it helps to achieve the business goals
Improve customer confidence in the organisation’s ability to respond to incidents.
Helps to meet legal and regulatory requirements
The Nbiz GO-AIM-HIGH methodology was developed to provide the continuous success for every clientle’s project. It represents the Nbiz Team Consultants activities during the involvement from the initial phase until the last phase to conclude the project successfully.
The acronyms on the GO-AIM-HIGH methodology are already tested, applied and proven methods by the Nbiz Team Consultants during the implementation of the project. These are the activities performed which represents the corresponding phases during the project implementation.
We are delighted to provide you the detailed explaination of our GO-AIM-HIGH Methodology on the below illustration.
G – Gathering of Data
The first step in the IMS Consultancy is gathering of data. In this, our consultants will be gathering all different types of relevant and existing records that are already with the client.
O – Organizational strength and weakness identification
The second step is aiming to identify the organizational strength and weaknessess.
A - Analyze and review documents, current processes and procedures
The third step in the IMS Consultancy is to conduct Gap Analysis of the current structure of the company which includes review of documents, processes and procedures in order to determine compliance to the required Management System standard. It is through this step that consultants and the company's key personnel can collaboratively formulate appropriate plan and activities to respond to gaps identified against the standard.
I-Improve, create and implement processes and procedures
The fourth step of the IMS consultancy is based on the gaps identified during step 1
Improvements and/or creation of documents meeting the requirements of the standard shall be initiated by the consultant in close coordination with the company’s key personnel. Documents shall include policies, manuals, procedures, forms/templates, instructions, etc. The documents created/improved shall be meeting the standard requirements and shall be suitable to the business activities and culture of the company. The company’s authorized representative shall review the documents and must be approved by the Top Management before issue. Additionally, Nbiz Infosol consultants shall guide companies to implement the set procedures and processes in order to comply with standard requirements. Appropriate trainings shall be provided to key personnel in order to provide or develop competence in the implementation of the system.
Once standard is established, Nbiz Infosol consultants shall guide companies to monitor performance as per the required standard through performance measurement, check compliance and conformances through audits and inspections. Nonconformance shall be identified, reported and recorded accordingly.
As part of the monitoring and checking, Nbiz Consultants shall assist companies in reviewing and re-assing their environmental aspects/impacts and occupational hazards and risks. The review and re-assessment shall be done on a regular basis or as per requirement of the ISO 14001:2004 and OHSAS 18001:2007 standards.
I-Implement corrective actions and recommendations
Once the nonconformities are identified, Nbiz Infosol consultants shall assist companies to identify root causes, implement corrections, corrective actions and preventive actions for nonconformance. Recommendations shall also be considered for continual improvement.
Reports shall be generated in all phases of the consultancy. Nbiz Infosol recognized that reports and records are essential to prove evidences of performed activities. Reports shall be properly channeled and submitted in correct and appropriate formats.
H-Head towards certification
Once, documents, procedures and processes are already established and implementation is considered adequate, Nbiz Infosol shall facilitate for the certification process of the companies. Nbiz Infosol consultants shall render support during all phases of the certification audits starting from planning with external auditors, during the actual audits, closing of the nonconformance and follow-up audits.
- Scoping on the required scope of certification. The general information required for the application and scoping are as follows:
- Initial System Study on the relevant field of certification applied and interested for, involved activities of the organization, no. of employees and the details on the available technical resources, any related subsidiary/entities.
- Any related information within the organization that will effect on the requirements to fulfill the conformity related processes, consultations on the management system, and requirements on seeking the certifications.
- Submission of the required and improved documents to obtain approval and certification from the authorized certification body.
- Coordinating Audit Plan – Our consultants will closely facilitate on the schedule communicated by the client. The audit plan will be prepared by the certification body and communicated to the client.
- Submission of the required and improved documents to obtain approval and certification from the authorized certification body.
- Facilitate to close NC’s – Our consultants will be assisting on developing and enhancing the identified non-conformances by the Auditor of the certification body.
- Facilitate in submitting non-conformities to certification body – Upon the identification of non-conformities, the consultants will be facilitating on clearing and completing all the identified non-conformities of the client to be submitted to the certification body.
- Co-ordination for approval of non-conformities and releasing of certificates from the certification body and providing the certificate the client.
Nbiz Infosol provides ISO Certification in UAE in co-ordination with many leading certification body which are internationally recognized to help our client on achieving any relevant ISO Standards.
The phases on the above diagram explains only the commonly used processes/activities in order to provide a clear summary explanation/objective during the certification process.
Nbiz Consultants Team will facilitate mostly on gathering the requirements, coordinating on the schedule, as well as submitting the requirements to the certification body.
Nbiz Infosol will not have any control/influence on the schedule/decision by any Certification Body.
Kindly note that there are extra phases involved on each relevant standards that the Certification Body Representative may add and apply whenever necessary.
1. Phase I - Application and Scoping on the required certification.
The general information required by the Certification Body Representative for the application and scoping are as follows:
Initial System Study on the relevant field of certification applied and interested for, involved activities of the organization, no. of employees and the details on the available technical resources, any related subsidiary/entities.
Any related information within the organization that will effect on the requirements to fulfill the conformity related processes, consultations on the management system, and requirements on seeking the certifications.
2. Phase II - Audit Planning
Identification of Audit Criteria, scope and objectives.
Audit Schedule preparation
Co-ordination with clients regarding audit details and logistics.
Preparation of checklists, audit formats, etc.
3. Phase III – Stage 1 - Certification Audit
The Certification Body Auditors will perform the following:
Certification Body Representative will gather detail for the company’s background/information and reviewing the existing documents to understand and evaluate the company’s set objectives, policies and procedures.
Assessing the processes in place and comparing on the set objectives is being facilitated by our consultants in order to know if it is aligned within the organizations objectives.
Phase III - Stage II – Audit (On-site)
- Opening Meeting
- Audit execution and identification of non-conformities
- Closing Meeting
- Follow-up Audit
- Audit Closure
4. Phase IV - Certification approval process is to validate the organizations system compliance and implementation. The certification can be a useful tool to boost the company’s credibility. This will also demonstrate that the products and services are being met along with the customers’ expectations. On every organization the certification is a legal or contractual requirement.
5. Phase V - Surveillance Audit - are being performed after a year of the certification. The purpose of the surveillance audit is to check if the standards are being implemented and maintained.
6. Phase VI – Re-scoping/Change of Scope – this is to continuously evaluate the continual fulfillment and improvement of all the required and relevant documents within the management system standard. In case there are changes to be implement on the new services/processes/products or regulatory authority’s requirements, changes required from the Top Management the Phase III – Certification Audit shall be applicable.
7. Phase VII – Certificate Renewal – the re-certification renewal demonstrates that the organization is continuously striving for improvement into the implemented Management System in order to achieve and meet the client’s satisfaction and regulatory authority’s requirements/expectations.
Nbiz Infosol can assist your organization to acquire any relevant ISO certifications which is well-known internationally. It will generate additional business opportunities, exhibit the organizations compliance and commitment to the best-practices in any industries in order to be more competitive in today’s market.
Nbiz Infosol consists of professionals which are high level and practically experienced and very senior Project Directors along with our well-experienced and knowledgeable Senior Consultants.
Nbiz Infosol location advantage within the Emirates on the following: Abu Dhabi, Dubai, Al Ain, Sharjah, Ajman, Ras Al Khaimah and Fujairah (We have successfully completed many and different projects locally and also internationally).
Nbiz Infosol strongly promotes and implements the facilitations on the relevant Management System not only for the sake of certification but to really make a difference in the processes and procedures that will be implemented throughout any organization.
Nbiz Infosol consist of some project members which are also EFQM International Assessors this can add value to the assignment as Abu Dhabi government is highly recommending Organizational Excellence program across Abu Dhabi Emirate (and UAE).
Nbiz Infosol prices are very competitive in the market without compromising our quality of service which in return provides our company’s commitment and to maintain repeated orders from our clients.
Nbiz Infosol is driven by professional Senior Consultants with good cross functional knowledge of the other standards such as ISO 14000, ISO 45001,ISO 27001 which will also add value to the project.
Nbiz Infosol can be a good channel to assist the standardization within the organization. It will help to promote worldwide trading, encouraging rationalization, maintaining quality assurance and environmental protection, as well as improving the security and communication at all levels within the organization.
Nbiz Consultants Team will work collaboratively and will be able to support the organization within the entire certification process.