Business Continuity Management System (ISO 22301)
What is ISO 22301?
ISO 22301 is an international standard that specifies the requirements to establish, implement, maintain and continually improve a Business Continuity Management System (BCMS) to protect against, reduce the likelihood of the occurrence of, prepare for, respond to and recover from disruptions when they arise. The purpose of a BCMS is to prepare for, provide and maintain controls and capabilities for managing an organization’s overall ability to continue to operate during disruptions.
Who should implement ISO 22301?

Any organization, regardless of its type, size, products, and services can implement this standard. The extent of application of these requirements depends on the organization’s operating environment and complexity.

This document is applicable to all types and sizes of organizations that:

  • Implement, maintain and improve a BCMS.
  • Seek to ensure conformity with stated business continuity policy.
  • Need to be able to continue to deliver products and services at an acceptable predefined capacity during a disruption.
  • Seek to enhance their resilience through the effective application of the BCMS.

This standard can be used to assess an organization’s ability to meet its own business continuity needs and obligations.

What are the potential risks where ISO 22301 can help?

  • Natural disaster
  • Technology failure
  • Utility disruption
  • Intentional sabotage
  • Cyber security attacks

What does ISO 22301 help with?

  • Conducting business impact analysis
  • Preparing for potential emergencies
  • Establishing business continuity and recovery plan
  • Establishing security and protocols
  • Managing risk and crisis
  • Developing operational resilience

What are the Benefits of ISO 22301?

  • Enhances corporate image, credibility and competitiveness to get more business.
  • Supports organizational objectives and improves its performance.
  • Improves operations, supply chain and information resilience.
  • Improves organizational capability to remain effective during disruptions.
  • Helps to establish robust response and recovery process.
  • Protects life, property and the environment.
  • Helps to meet the expectations of customers and other interested parties.
  • Addresses operational vulnerabilities and demonstrates effective control of risks.
  • Reduces direct and indirect costs of disruptions.
  • Protects assets, turnover and profits.
  • Potentially reduces insurance premium due to effective management of risk.
  • Reduces legal and financial risk if implemented effectively.