The media and press have a profound impact on the long-term performance, or in some cases, the survival of an organization, especially in the aftermath of a disruptive incident. The media and press can influence the perception and reputation of the organization, as well as the expectations and satisfaction of its stakeholders, such as customers, suppliers, regulators, employees, and the general public. Therefore, it is important for the organization to establish and maintain a positive relationship with the media and press, and to communicate effectively and transparently during and after a crisis. ISO 22301:2019, Clause 8.4.3, requires the organization to establish, implement, and maintain a documented procedure to manage communications with relevant interested parties during a disruptive incident. The procedure should include the identification of the spokesperson(s) who will communicate with the media and press, the preparation of key messages and statements, the approval and distribution of information, and the monitoring and evaluation of the effectiveness of the communications. The organization should also consider the potential legal and ethical implications of its communications, and ensure that the information provided is accurate, consistent, and timely.Reference: ISO 22301:2019, Clause 8.4.3; ISO 22301 Auditing eBook, Chapter 4.3.3.

Business Impact Analysis (BIA) is a process of identifying and evaluating the potential impacts of disruptions to critical business processes, systems, and resources. One of the objectives of BIA is to validate the dependencies of the organization's essential functions and operations. Dependencies are the relationships or interconnections between the organization and its internal or external stakeholders, such as suppliers, customers, partners, regulators, etc. Dependencies can affect the organization's ability to deliver its products and services, and therefore, they need to be considered in the BIA process.According to ISO/TS 22317:2021, there are two types of dependencies that are validated by BIA: internal dependencies and external dependencies1. Internal dependencies are the dependencies within the organization, such as between different functions, processes, activities, resources, or locations. For example, a production function may depend on the supply of raw materials from a warehouse, or a finance function may depend on the availability of an accounting system. Internal dependencies can be identified by analyzing the inputs and outputs of each function or process, and the resources required to support them. External dependencies are the dependencies outside the organization, such as with suppliers, customers, partners, regulators, or other stakeholders. For example, a retail company may depend on the delivery of goods from its suppliers, or a bank may depend on the compliance with regulatory requirements. External dependencies can be identified by analyzing the contracts, agreements, or expectations with the external parties, and the potential impacts of their failure or disruption.Reference:

ISO/TS 22317:2021, clause 6.3.2

Business continuity objectives are the objectives that take the form of targets to enhance organizational resilience, as defined by ISO 22301. Business continuity objectives are derived from the business continuity policy and the results of the business impact analysis (BIA) and risk assessment (RA). Business continuity objectives are measurable, consistent, and relevant to the organization's business continuity requirements and strategies. Business continuity objectives are also aligned with the organization's strategic direction and communicated to all relevant parties.Business continuity objectives are one of the key requirements of ISO 22301, as they provide the basis for planning, implementing, monitoring, reviewing, and improving the business continuity management system (BCMS).Reference: ISO 22301 Auditing eBook, page 281; ISO 22301:2019, clause 6.22

ISO 22301 is the system/standard that brings together all existing standards and a collection of good practices to develop a universal approach to Business Continuity Management (BCM). ISO 22301 is the international standard for Security and resilience --- Business continuity management systems --- Requirements. It specifies the requirements to plan, establish, implement, operate, monitor, review, maintain and continually improve a documented management system to protect against, reduce the likelihood of occurrence, prepare for, respond to, and recover from disruptive incidents when they arise. ISO 22301 is based on the high-level structure (HLS) that provides a common framework for all management system standards. This helps to ensure consistency and alignment with other standards, such as ISO 9001 (quality management), ISO 14001 (environmental management), ISO 27001 (information security management), etc. ISO 22301 also incorporates the best practices and guidance from other sources, such as ISO 22313 (guidelines for business continuity management systems), ISO 22317 (guidelines for business impact analysis), ISO 22318 (guidelines for supply chain continuity), ISO 22320 (guidelines for incident management), ISO 22398 (guidelines for exercises and testing), etc. ISO 22301 aims to provide a universal approach to BCM that is applicable to all types and sizes of organizations, regardless of their nature, sector, or location.Reference:

ISO 22301:2019 - Security and resilience --- Business continuity management systems --- Requirements1

ISO 22301 Auditing eBook, Chapter 1: Introduction to Business Continuity Management Systems, Section 1.2: ISO 22301 Standard2

ISO 22301 - Business Continuity2

According to ISO 22301 Auditing eBook, Chapter 2.1.2, a business continuity champion is a person who represents the executive management perspective in setting up the expectation for business continuity management (BCM). The business continuity champion is responsible for ensuring that the BCM policy and objectives are aligned with the strategic direction of the organization, and that the necessary resources and support are provided for the implementation and maintenance of the business continuity management system (BCMS). The business continuity champion also acts as a liaison between the executive management and the business continuity manager, who is the person in charge of the operational aspects of the BCMS.Reference: ISO 22301 Auditing eBook, Chapter 2.1.2.