I am participating in implementing BCP for a Insurance Organisation. My Colleague who leads the team is a trained DRI and hoods DRI certification of ABCP . I am certified DRI - ABCP and ISO 22301 Lead Implementer. My preference is to use the ISO standard for the implementation. My colleague being the Lead Consultant had his way and the implementation is ongoing according to DRI professional practice standard. In the course of our implementation, the Management of the Insurance Company informed us that they will go for certification on completion of the project.
In our implementation process, there was no reference to the ISO standard, there was no training conducted using ISO 22301. None of the staff of the organisation is ISO 22301 certified though they have ABCP of DRI.
I was in a serious argument with my colleague, insisting that though the organisation may request for certification, they may not get certified because it is not automatic and implementation mus t be conducted strictly to the standard. My colleague continue to maintain that DRI standard is superior to ISO 22301 standard and I should be rest assured that the company will be certified. I don't want to lead the company through a blind alley and am concerned about my professional integrity. Please, giving the scenarios painted above, is it wise to for the company to proceed for certification? The project is on going but nearing completion. Giving the status of the project, what can we do to bring the project to ISO standard? For a future occurrence, will it be sufficient for me to insist that the company purchase the ISO STANDARD and insist that we comply to the standard even though the project is being implemented using DRI professional practice standard.
In terms of project management, once the requirement for certification was defined by the company, the proper course of action would have been to evaluate ISO 22301 requirements against what was already implemented, and what will be implemented, and report which adjustments should be performed. This practice is still valid even if your project is nearing completion (only any potential rework will be greater). So my advice before the organization goes for the certification audit is to perform this diagnostic, and based on its results, implement the adjustments that will ensure compliance with ISO 22301.
For future reference, you should include in your project management approach that critical modifications on project requirements (i.e., modifications that can lead to not finish the project on expected time and/or cost) must be evaluated and approved by the project sponsor or customer.