Implementation of Business Continuity Management Systems & ISO 22301 Certification

Client: Indian Government Entity

Sector: Tax & Compliance

Location: Bengaluru, Gurugram and Chennai

Background

The Client is a major Indian Government entity. There are three major locations from where the Client is carrying out its operations. They had implemented BCMS which was audited by an external auditor and a number of non-conformances and observations were given on the existing gaps, which were to be addressed for passing the audit and getting ISO 22301 Certification.

The initial objective of the engagement was to ensure the closure of all external audit points but with the extent of gaps Gorisco found, the project was rescoped into a full blown BCMS Implementation which continued for next 9 months.

Gorisco led the successful closure of the project within defined timelines. At the end of the project, the Client was Certified on ISO 22301 which they had been trying for more than 3 years.

It was such a relief and proud moment for all of us to cherish upon. This was one of the best projects for us, that gave a lot of insight and experience.

Our Approach

The project had an ambitious schedule which relied upon Business Impact Analysis, Risk Assessment, and all other BCMS implementation activities.

Our major activities involved (but not limited to):

• Defining the BCMS Objectives

• Conducting the Business Impact Analysis for all the activities throughout the organization

• Conducting the Risk Assessments for the risks associated with all the critical activities

• Designing the templates and forms

• Defining and baselining the definitions for business impact categories, criticality levels, risk severity and likelihood

• Preparation of Legal & Compliance Register

• Revising the Business Continuity Plan

• Revising the IT Disaster Recovery Plan

• Preparation of test tracker and conducting the tests for all the critical services

• Conducting the Call tree tests

• Preparation of Communication Plan

• Revising the Incident Management Plan

• Prepare the Client for external audit on ISO 22301 Certification

• Participate along with the Client in external audits and answer the queries from distinguished Auditors

Gorisco mobilized its expert consultants to carry out activities as listed above. The Client supported all the activities and provided their valuable inputs. It was a great project that involved extensive discussions, brainstorming, meetings, and interviews with the Client.

It was a thorough external audit involving 4 Auditors with a span of 5 days of Stage 1 and 10 days of Stage 2 evaluation. We helped the Client successfully pass both stages post which the Client was confirmed to have successfully qualified for receiving the ISO 22301 Certification.

The Positives

1. The Client realized the value of our engagement and transformed a corrective action closure project into an implementation project

2. With the good support of the Client, all activities were completed within the agreed timelines

3. Due to COVID-19 period, the whole project was executed remotely without any physical meetings

4. We were able to help the Client to achieve ISO 22301 Certification which was a dream for them for more than past 3 years

Benefits & Values To Client

1. BCMS implementation clearly and objectively showed the Client their compliance status and level of risks associated with each activity.

2. Identification of priority (high risk) activities enabled Client to refine their business strategies and channel resources to the areas of greatest needs. These risks were managed through proper assessment and application of the mitigation plans.

3. The whole implementation process helped the client to become more resilient and confident in their operations.

4. The ISO 22301 Certification helped the Client to be a torchbearer among other Government entities there by enhancing their own image and reputation.