The ISO 22301 standard details the requirements for a Business Continuity Management System (BCMS) and the aim of this standard is to help organisations review and identify threats to their ongoing operations and to prepare and test arrangements to ensure business can continue or recover from these threats, whether internal or external, with as little impact to ongoing operations as possible.

The current version of the standard, ISO 22301:2019, is structured following Annex SL and therefore the clauses are very similar to the structure of ISO 9001 and other Annex SL standards. The standard requires a clearly defined organisational structure with roles and responsibilities defined with the involvement and commitment from top management. Other requirements of this standard are that documented information is controlled, risks and opportunities are considered and that actions to address risks and opportunities are identified and managed.

Meeting the requirements of this standard

A business impact analysis and risk assessment is required to demonstrate that risks have been considered and evaluated and the impact they could have on normal operational activities are considered.
Business continuity strategies and solutions then need to be prepared to address the risks to normal business operations. A programme of testing and checking is also required to demonstrate that all risks have been identified and that adequate prevention and recovery systems are in place and effective.
Business impact assessment should consider all business critical functions and consideration of what unplanned events / disruptive incidents could affect these critical functions.

Meeting the requirements of this standard requires that an effective Business Continuity Management System (BCMS) has been prepared and that adequate business continuity plans and arrangements are in place with evidence that these plans are reviewed and tested on an ongoing basis. Business Continuity objectives should also be set and monitored.

There are quite specific documentation requirements for this standard including business impact analysis and risk assessments.

ISOBitz can assist with preparation of management systems to meet the requirements of this standard – check our ISO Consultancy page for details of how we can help with onsite consultancy, remote consultancy or by using our documents package to meet the requirements of this standard.

Click here to view documents relevant to setting up an ISO 22301 compliant management system on our documents.

ISO 22301 Certification process

We offer a simple, smart, certification process to provide independent confirmation that your organisation meets the requirements of the ISO 22301 standard and once an audit has been completed with a satisfactory outcome we issue an ISO 22301 registration certificate and authorise the organisation to display our ‘ISO 22301 Registered’ logo. Audits are completed by a qualified auditor and can be completed remotely or by site visit depending on the circumstances.

Further details on our certification service are available on the ISO Certification page.