Following the outbreak of the novel coronavirus (COVID-19), BSI, in its role as the UK National Standards Body, has released a suite of 11 risk management and business continuity standards to actively support and contribute towards the collective efforts in mitigating the potential risks among the UK business community.
BSI has worked with international standards organizations to make these standards accessible for the purposes of organizations that are involved in the UK COVID-19 response.
The suite of eleven risk and business continuity standards are:
1. BS EN ISO 22301 Security and resilience — Business continuity management systems — Requirements
The standard specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise.
2. BS ISO 31000 Risk management — Guidelines
The standard provides guidelines on managing risk faced by organizations. It provides a common approach to managing any type of risk and is not industry or sector specific.
3. PD ISO/TS 22330 Guidelines for people aspects of business continuity
The standard gives guidelines for the planning and development of policies, strategies and procedures for the preparation and management of people affected by an incident.
4. PD ISO/TS 22318 Guidelines for supply chain continuity
The standard gives guidance on methods for understanding and extending the principles of Business Continuity Management embodied in ISO 22301 and ISO 22313 to the management of supplier relationships.
5. BS EN ISO 22313 Security and resilience. Business continuity management systems. Guidance on the use of ISO 22301
The standard gives guidance and recommendations for applying the requirements of the business continuity management system given in ISO 22301.
6. PD CEN/TS 17091 Crisis management: Building a strategic capability
The standard provides guidance on good practice for crisis management to help the strategic decision makers of an organization to plan, implement, establish, operate, monitor, review, maintain and continually improve a crisis management capability.
7. ISO 22316 Security and resilience. Organizational resilience. Principles and attributes.
The standard provides guidance to enhance organizational resilience for any size or type of
organization.
8. BS ISO 22320 Security and resilience. Emergency management. Guidelines for incident management
The standard gives guidelines for incident management, including principles that communicate the value and explain the purpose of incident management. It also covers the basic components of incident management including process and structure, which focus on roles and responsibilities, tasks and management of resources, and working together through joint direction and cooperation.
9. BS ISO 22395 Security and resilience. Community resilience. Guidelines for supporting vulnerable persons in an emergency
The standard gives guidelines for organizations to identify, involve, communicate with and support individuals who are the most vulnerable to natural and human-induced (both intentional and unintentional) emergencies. It also includes guidelines for continually improving the provision of support to vulnerable persons in an emergency.
10. BS ISO 22319 Guidelines for planning the involvement of spontaneous volunteers
The standard provides guidelines for planning the involvement of spontaneous volunteers in incident response and recovery. It is intended to help organizations to establish a plan to consider whether, how and when volunteers can provide relief to a coordinated response and recovery for all identified hazards. It helps identify issues to ensure the plan is risk-based and can be shown to prioritize the safety of the volunteers, the public they seek to assist and incident response staff.
11. BS 31100 Code of Practice for risk management
The standard gives recommendations for implementing the principles and guidelines in BS ISO 31000:2009, including the risk management framework and process. It provides a basis for understanding, developing, implementing and maintaining proportionate and effective risk management throughout an organization, in order to enhance the organization’s likelihood of achieving its objectives.
