It’s author, Dejan Kosutic, wanted to provide an easy-to-read practical handbook for business continuity implementation that will be helpful both for the beginners in this area, but also for experienced business continuity professionals.
ISO 22301 is relatively new standard, however it has already become a leading international standard for business continuity management. The biggest problem with its implementation is that it is rather complex and there are not many people with enough experience to handle such projects. So Kosutic’s main idea was to create a step-by-step handbook that can be used by people that are in charge of implementation of this standard.
The book is written primarily for beginners in business continuity – the people who are just entering this area, and have very little knowledge about it. All the steps, from the very beginning all the way to the ISO 22301 certification are explained, including many practical examples. However, the book might also be interesting for business continuity professionals – e.g. for ISO 22301 consultants, especially the part where implementation options are explained.
Finally, the book might be interesting for experienced business continuity practitioners because it systematically summarizes all the key business continuity elements in the ISO 22301 framework – as Kosutic says “I was actually inspired by my experience delivering courses about the basics of ISO 22301: most of the attendees are beginners, but sometimes the experienced business continuity professionals also attend such courses – typically, their comment is, ‘I already knew most of the stuff from ISO 22301, but having all these things put together was definitely worth it.’ And this is exactly how the book is structured.”
The book covers all the core business continuity elements: business impact analysis, risk assessment and mitigation, business continuity strategy, business continuity planning, incident response, crisis management, recovery, exercising and testing, etc. However, it also focuses on other important requirements of ISO 22301 – role of the top management, objectives, measurement, document control, internal audit, and corrective actions.
At last, the book covers all the steps that come before and after the implementation – the crucial step of how to convince your top management to fund this kind of a project, how to structure the project team, and also how to prepare for the certification and how to speak to the certification auditor.