This website uses cookies. View our cookie policy
Select regional store:

ISO 22301 – The International Standard for Business Continuity Management

What is ISO 22301?

ISO 22301 is the international standard for business continuity management. Organisations can use the requirements outlined in the standard to seek certification of their Business Continuity Management System (BCMS).

To understand more about business continuity management and ISO 22301, download our free green paper from IT Governance >>.

Quick Links:

What is in ISO 22301?

ISO 22301 is based on the 'Plan-Do-Check-Act' model as found in other management system standards.

The standard itself is formed of 10 clauses, as follows:

  • ISO 22301 clause 1 – Scope of the standard
  • ISO 22301 clause 2 – Normative references
  • ISO 22301 clause 3 – Terms and definitions
  • ISO 22301 clause 4 – Context of the organisation
  • ISO 22301 clause 5 – Leadership
  • ISO 22301 clause 6 – Planning
  • ISO 22301 clause 7 – Support
  • ISO 22301 clause 8 – Operations
  • ISO 22301 clause 9 – Evaluation
  • ISO 22301 clause 10 – Improvement

A supporting standard, ISO 22313, has been published which gives guidance on the implementation of a business continuity management system.

Why use ISO 22301 for your BCMS?

ISO 22301 is the international best practice standard for business continuity management systems (BCMS). By implementing a BCMS that is certified compliant to ISO 22301, you can make sure your organisation is resilient against external threats. These can include theft, utility supply cuts, adverse weather, cyber attacks, terrorist activity, war / civil disorder, fire or natural disasters.

Additionally, a certified BCMS is a definitive way of demonstrating resilience and a commitment to excellent to stakeholders.

Did you know?

  • 80% of organisations with a well-planned and implemented business continuity plan are likely to survive a major business discontinuity incident
  • Only 20% of organisations without a business continuity plan are likely to survive
  • Over 90% of organisations that suffer a significant data loss go out of business within two years of the loss

Benefits of ISO 22301

An ISO 22301-compliant BCMS enables you to:

  • Create effective operational business continuity plans (BCP)
  • Ensure that your BCP plans are fit for purpose
  • Align plans with strategic organisational objectives
  • Continually improve your business continuity plans as the organisation grows
  • Reduce the cost of business interruption
  • Satisfy regulatory or client demands
  • Satisfy Corporate Governance obligations

How to implement an ISO 22301 compliant BCMS

“To work well, ISO 22301 will need organisations to have thoroughly understood its requirements. Every line and word has meaning and the relative importance is not necessarily reflected by the number of words devoted to a topic.” - The International Organization for Standardization

Before attempting to undertake an ISO 22301 implementation project, it is vital that the standard is understood in its entirety. Business continuity professionals will need to:

  • ensure management buy-in for an ISO 22301 project
  • ensure an organisation-wide understanding of business continuity and its importance
  • assemble a qualified BCMS implementation team
  • gain an in-depth knowledge of the standard and how it should be implemented
  • implement the standard and devise a testing and maintenance process

Documentation is known to be one of the hardest parts of implementing a BCMS, which is why IT Governance have developed the ISO 22301 BCMS Implementation Toolkit. This toolkit contains templates and pre-written documentation to make aligning your BCMS with ISO 22301 simpler and less stressful.

ISO 22301 - further reading

IT Governance is the leading supplier of books and toolkits relating to ISO 22301 business continuity management. Through this site you can purchase a range of authoritative titles, written by experts for business and technical audiences.

ISO 22301 (2012) BCMS Requirements

ISO 22301:2012 specifies the requirements for a business continuity management system (BCMS). The requirements for a BCMS can be adopted by any organisation, no matter their size, type or location.

Business Continuity Management: Choosing to survive

With specific reference to ISO 22301, ANSI/ASIS SPC.1-2009, ISO 27031 and ISO/IEC 24762, this up-to-date, practical resource will guide you through all the elements of a BCM program, plans and implementations. It covers all the critical elements of your business, from people and premises to technology and facilities management.

A Manager's Guide to ISO 22301

Written by business continuity expert consultant, Tony Drewitt, this book offers concise guidance specifically on ISO 22301 for managers, executives and directors.

ISO 22301 BCMS Implementation Toolkit

Documenting a BCMS is often one of the most time-consuming and difficult parts of implementing ISO 22301. This toolkit makes the whole process simpler, faster and easier using template-based documents and procedures.

ISO 22301: A Pocket Guide

With an emphasis on helping you what is necessary to satisfy the requirements of the standard this pocket guide is full of expert advice and guidance to help you develop a fit for purpose business continuity plan.

More information: