BSI recertifies DCV’s ISO 22301
DCV FINISHED THE AUDITING PROCESS OF THE BRITISH STANDARDS INSTITUTION (BSI) AND ACHIEVED THE RECERTIFICATION OF ISO 22301 STANDARD WITHOUT ANY OBSERVATIONS, FOR ITS CORRECT MANAGEMENT OF THE CONTINUITY OF THE BUSINESS.
Operational continuity is a DCV’s strategic pillar to ensure the critical services availability and compliance with regulations. To pursue this objective, we developed a continuous and rigorous audit and certification work that, since 2013, has allowed us to have the ISO 22301 Business Continuity Management certification, annually audited by BSI, ensuring that DCV has an appropriate business continuity management system.
Read more: DCV is certified in ISO 22301 standard
The ongoing certification plan of the ISO 22301 standard consists of an annual measurement that reviews the compliance of some of its provisions, and a complete audit every three years including a more in-depth analysis and review of the requirements of all the provisions of this standard.
The audit process to obtain a second renewal began in July of this year. After three and a half days of an exhaustive review of the requirements of the ISO 22301 standard and interviews with the business continuity and information security areas, which also included the General Manager, Fernando Yáñez, DCV obtained the ISO 22301 standard renewal without observations. This has special relevance since it includes the entire company, the services and critical processes, and the transformation process that we are currently carrying out. See all certified companies here.
This audit result shows the objectives have been met. The BSI report concludes that DCV complies with the requirements and criteria of the ISO standard, and considers that the business continuity management system continues to achieve the expected results. With this renewal we demonstrate that DCV has managed to apply the best international practices in the field of business continuity.
Business continuity in the face of changes
“Maintaining the compromised standards, continuing to meet the objectives and improving continuity strategies is a concern that the company has”, explains André Medel, Head of Business Continuity and Information Security at DCV. In this sense, how to incorporate continuity issues to all current changes has been a major challenge.
The DCV Evolution project, the relocation to the new offices, the redefinition of the disaster recovery site and the technological infrastructure response to stop requiring the alternate administrative site, are part of the DCV transformation process. “Even with these changes, the auditor saw that we continue to meet the requirements of the standard and that we are successfully supporting the operation”, adds Medel. “These changes have meant a challenge to ensure operational continuity. We have successfully faced them and this renewal demonstrates it”, he concludes.
The principal objective is to continue complying with the standard and maintain the certification as a corporate promise, but the work continues. This is reaffirmed by Medel who states that: “We always have to be improving. In DCV we always challenge ourselves to reinforce what we do”. Today, the risk model is being reformulated so that senior management can monitor the Company’s risk profile, incorporating all the background of information security, business continuity, regulatory and systemic risk, so that everything is related and we can have a quantitative risk profile.