1 PURPOSE

  1. To establish a guideline for the systematic review of the Business Continuity Management System (BCMS) at specified intervals to determine its continuing suitability, adequacy and effectiveness in satisfying the BCMS requirements.

2 SCOPE

  1. This procedure applies to the Management Review meeting conducted by the Executive Management.

3 RESPONSIBILITY

  1. The Organization BCM Coordinator is responsible for initiating the meeting and ensuring that the necessary information is collected to allow the Executive Management to carry out the review effectively.
  2. The meeting shall be chaired by the President, and shall be attended by the Managers and Organization BCM Coordinator.
  3. The Organization BCM Coordinator has the overall responsibility and authority for the establishment, successful implementation and maintenance of this procedure.

4 PROCEDURE

  1. The Management Review shall be conducted at least once a year. The Management Review shall be coordinated by the Organization BCM Coordinator with attendance comprising of the Executive Management and Senior members of the Organization.
  2. The Organization BCM Coordinator shall notify the Executive Management concerned with regards to the date, time, place and agenda before the scheduled date for review.

4.3 Management Review Inputs

The Management Review inputs shall include:

  1. the status of actions from previous management reviews;
  2. changes in external and internal issues that are relevant to the BCMS;
  3. information on the business continuity performance, including trends in:
    • nonconformities and corrective actions;
    • monitoring and measurement evaluation results;
    • audit results; and
    • opportunities for continual improvement.
  4. compliance with applicable legal and regulatory requirements
  5. industry best practices and benchmark standards
  6. business continuity policy and objectives

4.4 Management Review Outputs

The Management Review shall be consistent with the organisation’s commitment to continual improvement and shall include any decisions and actions related to:

  1. follow-up actions from previous management reviews;
  2. the need for changes to the BCMS, including the policy and objectives;
  3. opportunities for improvement;
  4. results of BCMS audits and reviews, including those of key suppliers and partners where appropriate, techniques, products or procedures, which could be used in the organisation to improve the BCMS performance and effectiveness;
  5. status of corrective actions;
  6. results of exercising and testing;
  7. risks or issues not adequately addressed in any previous risk assessment;
  8. any changes that could affect the BCMS, whether internal or external to the scope of the BCMS;
  9. adequacy of policy;
  10. recommendations for improvement;
  11. lessons learned and actions arising from disruptive incidents;
  12. emerging good practice and guidance; and
  13. results of the education and awareness training programme.

5 DEFINITIONS

  1. Business Continuity Management System (BCMS)
  2. BCM Steering Committee

6 RELATED DOCUMENT

  1. Management Review (ISO 22301:2012).
  2. All procedures related to ISO 22301 (when applicable).

7. RECORDS

Description of the record (Management Review)

  1. Management Review Meeting 2018
  2. Management Review Meeting 2017
  3. Management Review Meeting 2016

8 APPENDICES

  1. Flowchart for Management Review