ISO 22301 Clause 10: Improvement
What will Clause 10 of ISO 22301 help us achieve?
Continuous improvement’s an important part of maintaining your ISO 23001 certification. Clause 10 focuses on it, covering all actions taken within your organisation to:
- Deliver your business continuity goals more effectively
- Increase the reliability of your security procedures and controls
- Create increased security benefits for your organisation and its stakeholders
10.1 Nonconformity and corrective action
This clause gives guidance on what to do if you find out that your organisation is not complying with the requirements of the standard or one of its own policies. That kind of corrective action is a key part of the ISO 22301 improvement process.
You’ll need to understand exactly what’s gone wrong, and how and why it’s happened. Then you should see if there are any similar problems coming up elsewhere in your organisation. That’ll help you understand the nature and scope of the non-compliance issue you’re facing, and take the right steps to resolve it.
That could mean anything from talking with or retraining any staff involved to rethinking the relevant sections of your BCMS. You’ll also have to review the effectiveness of any corrective actions you take. And you must carefully document the original issue, the steps you’ve taken to resolve it and how you’ll stop it from happening again.
Clause 10.1 is clear and simple, but it can have daunting implications. Our policy pack includes a non-compliance resolution process that will help you resolve any issues it creates.
Our process uses a standard workflow structure to help you:
● Understand the scope of the problem
● Plan and execute any corrective actions
● Make wider changes to your BCMS
● Document everything you’ve done
It simplifies every part of the process, from setting goals and delegating actions to generating progress reports and updating the relevant sections of your BCMS. And it’s quick and easy to change any part of it to fit your own unique ways of working.
Pull Together All Your ISO 22301 and BCMS Work in One Place With Our Range of Business Continuity Management Tools
10.2 Continual improvement
To retain your ISO 22301 certification, you need to continually improve the suitability, reliability and efficacy of your BCMS. That means regularly reassessing how well it’s safeguarding your organisation, in both theory and practice.
Ongoing management reviews of your organisation are a good starting point. They’ll help you spot any new challenges or gaps that your BCMS should respond to. Once you’ve understood them, your BCMS’ built-in processes will help you evolve it to deal with them.
ISMS.online comes with those processes up and running as standard. They’ll help you draw on work going on across your BCMS, boosting its impact and avoiding duplication of effort. That’s because we understand that achieving ISO 22301 certification is only a starting point. We also want you to be certain that your organisation will maintain and evolve its BCMS.
We Give You the Opportunity to Do All Your Business Continuity, Not Just Your Information Security
ISO 22301:2019 Requirements
ISO 22301:2019 implements the framework, fundamental text and definitions of Annex L, formerly Annex SL. Annex L establishes a high-level framework for ISO management system standards. The Annex was drawn up to incorporate a similar core text and common terminology and concepts.
Except for Clause 8, the Annex L requirements address many of the same areas as the core requirements of ISO 27001, covered in Section 4.1 through to 10.2.