Digital Jewels

A+ A A-

BCMS ISO 22301 (BS 25999)

Our proven methodology and extensive experience in Business Continuity Management System (BCMS) is built upon our detailed knowledge and use of the ISO 22301:2012 standard. Our methodology follows the Plan-Do-Check-Act (PDCA) process-based approach as adapted from the ISO 22301:2012 standard for implementing any management system within an organization. This approach is targeted at ensuring that organizations plan for and respond to unexpected business disruptions while implementing a Business Continuity Management System (BCMS) attested to by the ISO 22301:2012 - Societal Security - Business Continuity Management System - Requirement standard. Our approach includes:

  • Diagnostics: This phase involves project planning, defining and developing the business continuity scope, objectives and a rigorous Gap Assessment aimed at examining the organization’s compliance to the requirements of the ISO 22301:2012 standard. Risk Assessment and Business Impact Analysis (BIA) methodology are also defined at this stage and are used to determine and prioritize risks and threats to critical business functions within the scope of the BCMS and their associated impacts.
  • Design: An Implementation Blueprint and Improvement Roadmap is developed to address the gaps observed to ensure conformity with the requirements of the ISO 22301:2012 standard. Continuity priorities, objectives and strategies are developed based on the result of the Business Impact Analysis while work and priority matrix is developed for the Risk Treatment Plan. An enterprise wide improvement roadmap for Business Continuity Management (BCM) is also provided which includes plan for training and awareness.
  • Implementation/Remediation Management: The actual remediation of the gaps observed during the Gap Assessment is conducted at this phase by leveraging on the guidance of the implementation blueprint from the Design Phase. This phase also involve the treatment of the identified risks based on the Risk Treatment Plan as well as documenting, exercising and testing continuity plan and procedures. Wide-spread training and awareness sessions are conducted at this phase. Adequate guidance on the implementation of controls (documentation, processes, technologies etc) as well as the monitoring and measuring the effectiveness of the controls implemented through audit, reviews and corrective actions.
  • Compliance and Certification: The Business Continuity Management System (BCMS) certification audit is typically a two (2) stage audit exercise conducted by an Independent Registered Certification Body. The first stage involves a document review and the second phase is the actual certification audit. Prior to this two-stage audit, we conduct mock compliance audit to ascertain and guarantee the organization’s readiness for the certification audit. Post certification, on-going monitoring and compliance support is provided to ensure continuous compliance and successful surveillance audits and re-certification.



Digital Jewels Limited. All rights reserved. | The ITIL®/PRINCE2® courses on this page are offered by World Learns Here ATO of AXELOS Limited. ITIL®/PRINCE2® are registered trade mark of AXELOS Limited. All rights reserved., The Swirl logo™ is a trade mark of AXELOS Limited | The COBIT 5 logo is a Registered Trade Mark of ISACA | The ACCREDITED BY APMG-International and Swirl Device logo is a trade mark of the APMG Group Ltd