ISO/IEC 22301 certification: the advantages

Competitive advantage

Improvement of resilienceRegulatory compliance (ISO 9001, GDPR; Industry 4.0; etc.)Maintenance of the best level of service towards customersImprovement of reputationHigher rating in risk assessments by customers and stakeholders

Support for planning strategic investments

Better understanding of the company's risk profile Identification of opportunities to increase overall resilience thanks to the contribution of new industrial projects or M&A operations More positive evaluation by financial institutions

Continuous improvement

Organizational optimization (greater focus on critical processes) Strengthening of internal management (collaboration and empowerment) More transparent and direct relationship with customers (intimacy) Better understanding and management of critical production processes and the supply chain Objectification of relationships with internal and external suppliers through ALS

Optimization of insurance coverage

Reduction of insurance premiums Optimization of required coverage (Property; Business Interruption; Cyber Security)

HOW TO GET AND KEEP

ISO/IEC 22301 CERTIFICATION

Define a project team Define the scope: company, divisions, production sites or processes to be included Develop a policy for business continuity: establish the organization's vision of its operational resilience Identify the primary processes, their interdependencies, suppliers and customers critical issues, the needs of the stakeholders Conduct a risk analysis and a BIA - Business Impact Analysis: risks, probability of occurrence, impacts on the business Define prevention and mitigation actions and one or more recovery strategies in the event of a «disruptive» event Prepare a BCP - Business Continuity PlanCreate a Business Continuity Team and prepare it for crisis management

Prepare documentation: document all SGCO processes to ensure they are implemented and improved where necessary Select a Certification Body: an accredited third-party body Obtain certification: the certification body reviews the SGCO documentation, verifies that the requirements are met and conducts audits on procedures and best practices Raise staff awareness: inform staff of the objectives of the COMS and their role in the event of a crisis Carry out periodic checks: carry out internal audits and other tests to verify that the prevention and mitigation measures envisaged are effective Manage and examine the SGCO regularly: the management system must be updated and evaluated annually

Certification audit

The first certification takes place in two phases

Stage 1

During this phase the auditor:

Collects information and verifies the documentation relating to the management system to be certified. Determines which are the mandatory and voluntary reference standards for the system to be certified.

This step is preparatory for the second phase of the certification audit in which the effectiveness of the system to be certified will be evaluated.

Stage 2

During this second phase the auditor:

verifies that the management system is actually applied by the organization, noting the evidence that confirms what is described in the documentation. At the end, in the absence of serious non-compliances, the auditor presents a request to his body for the issuing of ISO certification.

The certification has a three-year cycle: in the second year the company will have to undergo a surveillance audit while in the third year an audit will be carried out to renew the certificate.