SCOPE OF STANDARD
This Standard specifies requirements for a businesscontinuity management system (BCMS) to enable an organizationto identify, develop, and implement policies, objectives,capabilities, processes, and programsâ€”taking into account legal andother requirements to which the organization subscribes or isgoverned byâ€”to address disruptive events that might impact theorganization and its stakeholders. This Standard specifiesrequirements for planning, establishing, implementing, operating,monitoring, reviewing, exercising, maintaining, and improving adocumented BCMS within the context of managing an organization'srisks.
The requirements specified in this Standard are genericand intended to be applicable to all organizations (or partsthereof), regardless of type, size, and nature of theorganizational mission. The scope of these requirements depends onthe organization's operating environment and complexity.
This Standard seeks to offer a flexible managementsystems approach to address and minimize the consequencesassociated with disruptive events.
This Standard addresses all aspects of the organizationdeemed essential to meeting commitments (as agreed to by topmanagement), consistent with the scope of the BCMS. TheStandard does not itself state specific performancecriteria.
The intent of this Standard is to position anorganization to design a BCMS that is appropriate to its needs.These needs are shaped by customer and other stakeholder,regulatory, and operational requirements; the products andservices; the processes employed; the size and structure of theorganization; and jurisdictional and geographic areas ofoperation.
This Standard is applicable to any organization thatchooses to:
a) Establish, implement, maintain, and improve a BCMS.
b) Assure itself of its conformity with its stated businesscontinuity management policy.
c) Demonstrate conformity with this Standard by:
i. Making a self-determination and self-declaration.
ii. Seeking confirmation of its conformance by parties having aninterest in the organization (such as customers and supply chainpartners).
iii. Seeking confirmation of its self-declaration by a partyexternal to the organization.
iv. Seeking certification/registration of its BCMS by anexternal organization.
Annex A provides informative guidance on management systemplanning, implementation, testing, maintenance, and improvement ofa business continuity program.