BSI, in its role as the UK National Standards Body, has made a suite of risk and business continuity standards publicly available to help British businesses navigate the challenges they face as a result of the Novel Coronavirus (COVID-19) pandemic.
The standards provide organizations with access to best practice guidance and the collective wisdom of experts on how to approach, manage and overcome some of the difficulties that thousands are facing up and down the country. The standards suite of information and guidance being made publicly available spans themes including security and resilience, supply chain continuity and crisis management.
BSI is also working with the Emergency Planning College (EPC) – part of the Cabinet Office Civil Contingencies Secretariat – to deliver best practices and expert guidance to the complimentary standards through a series of webinars, ensuring that organizations are able to learn from experts and implement the standards, as easily as possible.
Scott Steedman, Director of Standards at BSI, said: “COVID-19 has heightened awareness of the importance of being prepared, business continuity and crisis management. BSI standards contain this expert guidance and we are putting it in the hands of those who need to apply it, ensuring that industry can access easily the guidance and expertise that will help them right now. We hope that sharing these standards at no cost will help SMEs and organisations across the UK weather the economic crisis that they are facing.”
The suite of eleven risk and business continuity standards are:
1. BS EN ISO 22301 Security and resilience — Business continuity management systems — Requirements
The standard specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
2. BS ISO 31000 Risk management — Guidelines
The standard provides guidelines on managing risk faced by organizations. It provides a common approach to managing any type of risk and is not industry or sector specific.
3. PD ISO/TS 22330 Guidelines for people aspects of business continuity
The standard gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident.
4. PD ISO/TS 22318 Guidelines for supply chain continuity
The standard gives guidance on methods for understanding and extending the principles of Business Continuity Management embodied in ISO 22301 and ISO 22313 to the management of supplier relationships.
5. BS EN ISO 22313 Security and resilience. Business continuity management systems. Guidance on the use of ISO 22301
The standard gives guidance and recommendations for applying the requirements of the business continuity management system given in ISO 22301.
6. PD CEN/TS 17091 Crisis management: Building a strategic capability
The standard provides guidance on good practice for crisis management to help the strategic decision makers of an organization to plan, implement, establish, operate, monitor, review, maintain and continually improve a crisis management capability.
7. ISO 22316 Security and resilience. Organizational resilience. Principles and attributes
The standard provides guidance to enhance organizational resilience for any size or type of organization.
8. BS ISO 22320 Security and resilience. Emergency management. Guidelines for incident management
The standard gives guidelines for incident management, including principles that communicate the value and explain the purpose of incident management. It also covers the basic components of incident management including process and structure, which focus on roles and responsibilities, tasks and management of resources, and working together through joint direction and cooperation.
9. BS ISO 22395 Security and resilience. Community resilience. Guidelines for supporting vulnerable persons in an emergency
The standard gives guidelines for organizations to identify, involve, communicate with and support individuals who are the most vulnerable to natural and human-induced (both intentional and unintentional) emergencies. It also includes guidelines for continually improving the provision of support to vulnerable persons in an emergency.
10. BS ISO 22319 Guidelines for planning the involvement of spontaneous volunteers
The standard provides guidelines for planning the involvement of spontaneous volunteers in incident response and recovery. It is intended to help organizations to establish a plan to consider whether, how and when volunteers can provide relief to a coordinated response and recovery for all identified hazards. It helps identify issues to ensure the plan is risk-based and can be shown to prioritize the safety of the volunteers, the public they seek to assist and incident response staff.
11. BS 31100 Code of Practice for risk management
The standard gives recommendations for implementing the principles and guidelines in BS ISO 31000:2009, including the risk management framework and process. It provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, in order to enhance the organization’s likelihood of achieving its objectives.