Unlike the ASIS SPC 1-2009 and NFPA 1600, ISO 22301 standard is more comprehensive and organized into various sections or clauses. In total, it has 10 clauses with each having special responsibilities attached. Under clause 4, the requirements, needs and scope for setting up a context of the business continuity management system as it applies to a unit are covered. Clause 5 issues the requirements needed for the top management in the performance of business continuity management system in a summarized manner. In addition, it summarizes what it going to be by the administration. Clause 6 discusses the prerequisites for developing strategic goals, as well as the guidance for the business continuity management system of the company in totality. Clause 7 supports the operations of the business continuity management system, especially those relating to competence and communication with interested stakeholders. Clause 8 describes the requirements for business continuity, assesses the means of tackling them and creates steps for managing any disruptive event. Clause 9 details the requirements for evaluating the performance of business continuity management system, its adherence to the ISO 22301 and a feedback from the management over their expectations. Finally, clause 10 guides in the identification of business continuity management system’s noncompliance and necessary corrective actions (Technical Committee, 2012, p.Vi-Vii).
As noted by Tucker (2017, p. xviii), private companies that adopt ISO 22301 need to follow the laid down phases where each will also have subordinate steps that are put together to form a business continuity policy necessary to give rise to entities that will be resilient to all effects of catastrophic risks.
Easy to Understand
Private companies will easily understand ISO 22301 as it applies a process approach, which NFPA 1600 fails to do. However, ASIS SPC 1-2009 is similar to ISO 22301 since they use common steps known as plan, do, check and act model (American National Standards Institute, Inc., 2009, p. viii-ix). This model is imperative in planning, implementing, running, monitoring, evaluating, and maintaining an effective company’s business continuity management system (Technical Committee, 2012, p.15). Besides, the Standard has also established a set of interacting and interrelated activities used in transforming inputs into outputs.
Ease of Implementation
ISO 22301 clearly offers guidelines that private companies will need to follow in establishing and implementing the business continuity program (Technical Committee, 2012, p. 17). Nearly, all the three standards set out similar requirements in the implementation phase. Among them the resources required in developing, implementing and maintaining a continual improvement of the business continuity management system, the competence of people who work to influence its performance, disclosure and creating awareness of all material facts about the business continual policy, procedures for both internal and external communication, documentation, operational planning and incidence prevention and mitigation. However, ISO 22301 presents these requirements in two sections, namely; support and operation.
In the cause of developing the business continuity programs, ISO 22301 requires interested parties to be brought on board, which other Standards do not have. When establishing business continuity management system, ISO 22301 requires the firm to determine that interested stakeholders are relevant and that their expectations and needs are stipulated (Technical Committee, 2012, p. 9). Such a provision is crucial because it may help in solving the challenges of resistance to change.
American National Standards Institute, Inc. (2009). ASIS SPC. 1-2009: Organisational resilience: Security, prepraedness, and continuity management systems. American National Standards Institute, Inc. Retrieved on September 28, 2017 from https://www.ndsu.edu/fileadmin/emgt/ASIS_SPC.1-2009_Item_No._1842.pdf
Technical Committee. (2012). International Standard ISO 22301: Societal security — Business continuity management systems — Requirements. Geneva.Retrieved on September 28, 2017 from
Tucker, E. (2017). Business continuity from preparedness to recovery: A standards-based approach. Waltham, MA: Elsevier Inc.