ISO 22301:2012 Business Continuity Management System specifies the requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented business continuity management system.
Why do business entities need to be qualified for ISO 22301:2012 certification?
This International Standard issued by ISO organization is intended to establish an organizational framework to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise.
What is the ISO 22301:2012 certification body?
There are several certification bodies with respect to ISO 22301:2012 where such bodies audit and check the existence and conformity of business continuity management system in accordance with the requirements set forth in ISO 22301:2012. If the system proves to be compliant, the certification is awarded to the business entity.
It is worth mentioning that International Organization for Standardization prevents the certification body from performing any advisory role for the clients.
What is the role of Baker Tilly in assisting business entities with qualifying for ISO 22301:2012 certification?
Baker Tilly performs an advisory role, which will help business entities implement the detailed aspects of ISO 22301:2012 in their operating policies and procedures in connection with business continuity aspects. Such advisory role covers the following:
- Gap analysis.
- Developing Business Continuity management system manuals.
- Supervising the implementation process.
- Internal audits.
- Technical support during the certification process.
It is worth mentioning that Baker Tilly does not award ISO 22301:2012 certification.
Is there instruction by any regulator to regulated entities to obtain ISO 22301:2012 certification?
In the State of Kuwait, Law No. 7 of 2010 concerning the Establishment of Capital Markets Authority and Regulation of Securities Activity was promulgated on 21 February 2010 and its Executive Regulations were issued under Resolution No. 72 of 2015 on 9 November 2015, which address the Business Continuity in Module 6 – Policies and Procedures of Licensed Person, which require the licensed persons to implement the same.
The Business Continuity Management System is an internal control, which supports the corporate governance system explaining the mandatory implementation thereof.
The Business Continuity Management System is implemented by creating an organizational unit or a committee chaired by CEO or an Assistant CEO with heads of departments as members. A permanent job will be assigned to manage the tasks of such unit or committee and periodic meeting framework will be established for it.
What is the added value to business entities from obtaining ISO 22301:2012 certification?
- Protect the entity against potential threats to maintain the business continuity.
- Improve the processes and operations and attain competitive advantage.
- Enhance the confidence of all stakeholders in the entity.
- Comply with laws, regulations, resolutions and instructions issued by the regulators.
What are the services offered by Baker Tilly?
Qualify the business entity’s management system to conform to the requirements of ISO 22301:2012