The application should describe the provisions for maintaining all required documents and records, including the processes for identifying and categorizing controlled documents. If specific detailed documents and records-related documentation are to be developed later, the application should provide a proposed timeline and milestones for the work.
The application should describe elements of record management control, such as retention periods, methods for indexing and placing records in proper locations, and provisions for security and access.
The application should include a business continuity plan. This plan should provide procedures and information that guide the applicant to respond, recover, resume and restore to a predefined level following disruption. Some examples of disruptions are:
· natural disasters (such as hurricanes, floods, blizzards, earthquakes and fire)
· sabotage, including cyber attacks and hacker activity
· labour actions
· loss of a key contractor
· power and energy disruptions
· communication, transport, safety and service sector failure
· environmental events (such as pollution and hazardous materials spills)
For more information, see ISO 22301, Societal security – Business continuity management systems – Requirements .
Consultation has concluded