Helpful Links

Business Continuity Planning (BCP)

The “best” industry standard for BCP is:
NFPA 1600, “Standard on Continuity, Emergency, and Crisis Management” (2019 Edition)
https://www.nfpa.org/codes-and-standards/all-codes-and-standards/list-of-codes-and-standards/detail?code=1600

While NFPA 1600 has been influenced by ISO for many years, it still remains superior to ISO 22301 in many ways (see below).

Although a government standard, another very good standard is:
NIST Special Publication 800-34 Rev. 1, “Contingency Planning Guide for Federal Information Systems”
https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-34r1.pdf

While ISO has produced ISO 22301, “Societal security — Business continuity management systems — Requirements”, once you dig through all of the required Annex L nonsense.. and the laughable incompetence of the authors, there are only a few gems buried in it. Similarly, ANSI/ASIS ORM.1-2017, “Security And Resilience In Organizations And Their Supply Chains - Requirements With Guidance” addresses this topic as well (although the ASIS_SPC.1-2009 version was better in some regards). However, it is too similar to ISO 22301 to be of any real value.

Ultimately, any company would be FAR better off simply purchasing a copy of “Business Continuity For Dummies” (which is actually quite good) than either of these two standards.

You may note that NFPA 1600, “Standard on Continuity, Emergency, and Crisis Management” (2019 Edition), Annex E, integrates the requirements of NFPA 1600 with ISO Annex SL. This was done to promote integration with existing ISO Management System Standards… and is “intended to be adopted by the entity at its discretion”. Ultimately, this simply aligns common topics such as document control, corrective action, etc.

_{All emojis designed by OpenMoji – the open-source emoji and icon project. License: CC BY-SA 4.0}