ISO/TS 22318:2021
Security and resilience — Business continuity management systems — Guidelines for supply chain continuity management
This document gives guidance on methods for understanding and extending the principles of business continuity embodied in ISO 22301 and ISO 22313 to the management of supplier relationships. It enables an organization to develop and document the strategy to be better prepared to manage supply chain continuity.
This document is generic and applicable to all organizations. It is applicable to suppliers of products, services and resources, both upstream and downstream.
Supply chain continuity management (SCCM) specifically considers the issues faced by an organization which relies on the continuity of supply of resources as well as the ability to continue delivery of its products and services. The objective of SCCM is to protect the organization’s business activities from supply chain disruption.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 The value of supply chain continuity management
4.1 The supply chain
4.1.1 General
4.1.2 Supply chain model
4.2 Supply chain continuity management
4.2.1 General
4.2.2 Embedding SCCM
4.2.3 Benefits and opportunities
4.3 Risk ownership
4.4 SCCM ownership
5 BCMS prerequisites for SCCM
5.1 General
5.2 Obtain top management commitment
5.2.1 Accountability and responsibility
5.2.2 Resources for managing SCCM
5.2.3 SCCM framework
5.2.4 Performance evaluation programme
5.3 Promulgate business continuity principles throughout the supply chain
5.4 Analyse continuity requirements and assess risk
5.4.1 General
5.4.2 Continuity requirements
5.4.3 Risk assessment
6 Effective SCCM
6.1 General
6.2 Identify strategies and solutions
6.2.1 General
6.2.2 Option 1 — Reduce dependency and impact
6.2.3 Option 2 — Rely on the organization’s business continuity strategies and solutions
6.2.4 Option 3 — Rely on the supplier’s business continuity strategies and solutions
6.2.5 Option 4 — Do nothing and retain the risk by informed decision
6.3 Assess suppliers’ continuity compliance
6.4 Establish contractual obligations
6.4.1 General
6.4.2 Principles to establish the continuity requirements in the contract
6.4.3 Continuity requirements
6.5 Review and update
7 Maintenance, performance and continual improvement
7.1 General
7.2 Maintenance
7.3 Performance evaluation
7.4 Continual improvement
Annex A (informative) Example of general questions to be sent to priority suppliers
Annex B (informative) Managing priority suppliers’ disruptions
Annex C (informative) Examples of joint exercises with suppliers
Bibliography
Previous versions
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS 5050(Int):2020
Managing disruption-related risk -
AS/NZS IEC 31010:2020
Risk management - Risk assessment techniques -
AS/NZS IEC 31010:2020 A1
Risk management - Risk assessment techniques
-
AS/NZS IEC 62198:2015
Managing risk in projects - Application guidelines
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 The value of supply chain continuity management
4.1 The supply chain
4.1.1 General
4.1.2 Supply chain model
4.2 Supply chain continuity management
4.2.1 General
4.2.2 Embedding SCCM
4.2.3 Benefits and opportunities
4.3 Risk ownership
4.4 SCCM ownership
5 BCMS prerequisites for SCCM
5.1 General
5.2 Obtain top management commitment
5.2.1 Accountability and responsibility
5.2.2 Resources for managing SCCM
5.2.3 SCCM framework
5.2.4 Performance evaluation programme
5.3 Promulgate business continuity principles throughout the supply chain
5.4 Analyse continuity requirements and assess risk
5.4.1 General
5.4.2 Continuity requirements
5.4.3 Risk assessment
6 Effective SCCM
6.1 General
6.2 Identify strategies and solutions
6.2.1 General
6.2.2 Option 1 — Reduce dependency and impact
6.2.3 Option 2 — Rely on the organization’s business continuity strategies and solutions
6.2.4 Option 3 — Rely on the supplier’s business continuity strategies and solutions
6.2.5 Option 4 — Do nothing and retain the risk by informed decision
6.3 Assess suppliers’ continuity compliance
6.4 Establish contractual obligations
6.4.1 General
6.4.2 Principles to establish the continuity requirements in the contract
6.4.3 Continuity requirements
6.5 Review and update
7 Maintenance, performance and continual improvement
7.1 General
7.2 Maintenance
7.3 Performance evaluation
7.4 Continual improvement
Annex A (informative) Example of general questions to be sent to priority suppliers
Annex B (informative) Managing priority suppliers’ disruptions
Annex C (informative) Examples of joint exercises with suppliers
Bibliography