"ISO is an international standardization body," he continued. "Therefore, the ISO 22301 standard enables us to establish and modify our model - but also to control, maintain and test it - using an unalterable and globally proven management system. In addition, the roles and responsibilities of all stakeholders are clearly described, as the strategy comes from the Board of Directors, the tactics are the responsibility of the Business Continuity Coordinator, and operationality is ensured by the company’s various departments."
"However, the scope of the ISO 22301 standard is not limited to the recovery plan," noted François Clausse. "The standard also includes the protection of employees, the maintenance of the company's vital activities, contracts and SLAs, greater predictability and better understanding of events when a crisis arises, as well as the protection of the entity's reputation and competitiveness."
In order to meet the requirements of the ISO 22301 standard, it is also essential to develop a proper understanding of the organization and to establish clear limits on the scope of the management system. In particular, it is important that the organization respects the interests, needs and expectations of the various stakeholders - business departments, IT Department and staff - as well as the position of regulatory and supervisory bodies. "Thus," François Clausse emphasized, "the implementation of a business continuity management system enables us to meet certain regulatory requirements, in particular that the bank is able to test the robustness and resistance of its systems."